Databases, Systems & Networks

Source: digitalocean.com

Introduction

Servers that are connected to the internet are subjected to all manners of attacks and probes by malicious users, scripts, and automated bots. It is sometimes a balancing act to secure your server from attacks without affecting legitimate access to your services and resources.

Certain types of services are meant to be visible and consumable to the public internet. An example of this is a web server. Other types of services are typically used by only the system administrator or a select number of individuals and are not meant to be a public resource.

A concept known as port knocking is a way of shielding processes that fit into the latter description. Port knocking works by covering the ports associated with a process behind a firewall until a specific, predetermined sequence of network activity occurs. At this point, the port knocking service reconfigures the firewall to allow access to the protected application.

In a previous article, we discussed how to enable port knocking through a specially designed port knocking service. In this article, we will discuss an alternative method of configuring port knocking.

This method does not rely on an external application to alter the firewall rules. Instead, the iptables firewall can take advantage of a state-tracking module called « recent » to do all of this within the firewall rules themselves.

We will be configuring this on an Ubuntu 12.04 droplet, but any kind of Linux server should operate in a similar manner.

Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, « iptables » only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called « ip6tables », which can be used to maintain firewall rules for IPv6 network addresses.

If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS

Lire la suite…

Source: WebUpd8.org

VirtualBox 4.0 got a very cool new feature that allows you to easily resize a hard disk in just a few seconds. Previously, you had to install Gparted to do this and the procedure was quite slow.

In VirtualBox 4.0+ (see how to install VirtualBox 4.0.x in Ubuntu), to resize a VirtualBox hard disk image (.VDI) firstly locate the folder where the .vdi you want to resize is located – this should be under ~/VirtualBox VMs or ~/.VirtualBox/HardDisks. Then open a terminal, navigate to that folder (« cd /FOLDER/PATH ») and run the following command to resize the .VDI:

VBoxManage modifyhd YOUR_HARD_DISK.vdi --resize SIZE_IN_MB

VBoxManage modifyhd natty.vdi --resize 12000

Advanced Mac users may find it useful to run macOS or Mac OS X in a virtual machine atop their existing Mac operating system. Creating a virtual machine for Mac OS is now easier than ever before, and we’ll show you how to set up easy Mac virtual machines on a Mac.

For some quick background, virtualization allows you to run another operating system in a confined virtual machine atop an existing operating system through an application layer. This means there is no disk partitioning involved, the virtualized operating system runs just like any other application on your computer. We have covered this broad topic many times before for purposes like running Windows 10 on a Mac with a VM, to running Ubuntu Linux in VirtualBox, to Snow Leopard in a VM, and others. In the guide here, we will be creating a Macintosh virtual machine for running Mac OS on top of Mac OS, which can be helpful for testing out different apps and operating system versions, amongst other purposes.

Lire la suite…