“Extra credit” hardening options to maximize the security of your OpenVPN installation — How to Harden OpenVPN in 2020 This guide will help you configure and secure OpenVPN using the latest best practices.blog.securityevaluators.com In my previous article, I laid out a framework for building a modern, hardened OpenVPN server/client configuration. At the end, I noted there were some additional hardening steps that would be nice to take for extra security. In particular:

This guide will help you configure and secure OpenVPN using the latest best practices. — Since everyone is working from home for the foreseeable future, corporate IT departments are scrambling to bolster existing VPN solutions or deploy new ones as fast as possible. One of the most popular VPN solutions is OpenVPN, either used directly, or through appliances like the commercial OpenVPN Access Server or…

Windows 10 ships with two awesome features for users and developers who still work in Linux land. The first is the Windows Subsystem for Linux, which implements a subset of the Linux Kernel’s system calls to allow you to run native Linux userland utilities such as bash and friends, and…

I’ve started experimenting with exposing some of my home lab services to the world without needing a VPN. Instead, I use Caddy (which is an excellent web server, and much easier to work with than Nginx) as a reverse proxy with TLS client certificates for authentication. Caddy’s built-in Let’s Encrypt…

It seems convenient, but it’s a trap! — Two-Factor Authentication (2FA, also known as Multi-Factor Authentication, or MFA) is all the rage these days, and for good reason. Accounts secured by 2FA are much, much harder to compromise than accounts using only a single factor — so much more so that you can — sometimes — get away…

Why Your Second Factor Isn’t Always as Trustworthy as a Password — The security of a 2FA-protected account is much greater than the security of an account protected by only one factor — in theory. In practice, there is more nuance to it than that. For 2FA, you are trusting the server to enforce the 2FA and not be compromised by hackers…

Apple and Amazon Web Services allegedly affected, but issued strong denials. — Bloomberg published an article claiming that the US Government uncovered a hardware backdoor planted by the Chinese People’s Liberation Army in server motherboards produced by Supermicro, the world’s largest manufacturer of computer motherboards. The boards then made their way into the datacenters of US tech companies, including Apple, Amazon Web…

Tenable Security disclosed a proof-of-concept of a critical vulnerability in the Mikrotik RouterOS software, which powers their popular low-cost routers and wireless networking products. The vulnerability leverages a path traversal issue into full unauthenticated remote code execution; vulnerable routers can have their credential database stolen and a backdoor installed with…

…and how do we secure it? — The world of consumer electronics is all abuzz about the Internet of Things (IoT) — from smart kettles to smart refrigerators, it can almost seem like everything with an electrical socket is also getting WiFi connectivity and a smartphone app. The demand for computerized appliances has flooded the market with…