Ultimate SSH security for your server

Bombarded with attacks So you've generated a public/private key pair to log in to your server, set SSH not to accept passwords and disabled root login. You may have even changed the port number on which SSH listens (probably a waste of time). A problem remains, however. Your server…

Read More

How to improve HTTPS security

The the last post I showed how to obtain and deploy the new free SSL/TLS certificates from the Let’s Encrypt project. In this post, I’ll show how to defend your newly secured website against various weaknesses that lurk around SSL/TLS. Test your site The first thing…

Read More

Let's Encrypt all the things

Free SSL (well TLS) certificates for all! The Let's Encrypt project has now gone into public beta, so anyone can go get a certificate and move to HTTPS. Very nice indeed. Here was my experience setting it up on a novelty website, just to test things out. My server runs…

Read More

UK Online Banking Security

I was listening to last week’s Security Now podcast and they happen to end up checking the SSL/TLS security of Bank of America (BoA) on the SSL Labs website. They made a quite shocking discovery. The BoA website was preferring the old RC4 cipher suite to encrypt traffic…

Read More

Intelligent Whitelisting

Don’t click that link! All it takes is for one person in a company to click on a link in a spearfishing email that launches a program to infect the PC with a persistent threat virus. From that one lapse in security, your company could end up being the…

Read More