Archive

Posts Tagged ‘Security’

Breaking out of a HTTP proxy enviroment

February 9th, 2010 Andrew Rankin No comments

Being in a large corporate environment has positives and negatives, one of those negatives is that many companies use HTTP proxies to control and track internet usage from your work machines.  While in most cases this is very important from the HR and workplace productivity side, it can become a headache if you actually need something outside your companies firewalls that is blocked.  In my case I wanted to backup some configurations and code to my home machine.  To do this I’d generally just rsync over ssh or scp the files over to an off site machine.   Sadly with a full firewall up and all traffic required to go through HTTP proxies, I had to find a different solution.  In my case, I decided to use ‘corkscrew’.
Read more…

Categories: Server Management, Server Monitoring Tags: , ,

Making Your Server More Stealthy – Version Wise

May 28th, 2009 Andrew Rankin No comments

As far as security is concerned actually advertising what software versions are running on your site is not favorable.  With most any software, whether its open source or not, if there is a bug that is exploitable and its noted on the manufacturers/projects website, there is very likely to be a version number associated with it.  With that being the case, if your server software responds with “Apache/2.2.0″ as the description of itself this can tell everyone if your a vulnerable or not.   To obfuscate this a bit I suggest setting the following items in your Apache config:

ServerSignature Off
ServerTokens Prod

Read more…

Categories: Apache, Lighty Tags: , ,