Posted by jpluimers on 2021/07/20
An image on CORS will follow; likely more on related topics too. [WayBack] 🔎Julia Evans🔍 on Twitter: “some security headers… “ about:
Interesting comments in the thread.
More to follow: [Archive.is] 🔎Julia Evans🔍 on Twitter: “going to talk about CORS headers on a different page because that’s a Whole Thing but i’d love to know what else I left out / got wrong here :)” including these:
Posted in Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, TCP | Leave a Comment »
Posted by jpluimers on 2020/06/05
If you want to harden your ssh server, read at least [WayBack] sshd_config – How to configure the OpenSSH server | SSH.COM.
After that use some ssh tools to check your config from the outside world. They work in a similar way as the TLS/SSL/https scans from Source: SSL Server Test (Powered by Qualys SSL Labs) or these console based scans and documentation references:
Simiarly for SSH:
Then read further on more in depth SSH topics around key management:
–jeroen
Posted in Encryption, Hashing, https, HTTPS/TLS security, OpenSSL, Power User, Security, testssl.sh | Leave a Comment »
Posted by jpluimers on 2020/05/04
Often, hotspots only allow http/https traffic. Other traffic – like SSH – is blocked. Nowadays, fewer hotspots block that, but too many still do.
So it can be worth a while to route your SSH server through HTTPS (I don’t like Web-based SSH that much as terminal emulation in browsers isn’t that well yet, but that seems to change rapidly, more on that in the “Further reading” section below).
After some background reading at apache – Tunnel over HTTPS – Stack Overflow, here are a few links that help you do it:
You need:
Read more at DAG: Tunneling SSH over HTTP(S) and SSH over SSL, a quick and minimal config..
Steps:
Read more at Using SSH over the HTTPS port · GitHub Help.
Using Putty and an HTTP proxy to ssh anywhere through firewalls | Me in IT.
Tunneling SSH through HTTP proxies using HTTP Connect – ArchWiki.
Not all proxy configurations and hotspots support this. But it might be worth a look: SSH Over Proxy.
SSH plugins for browsers:
Web based SSH:
–jeroen
Posted in Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2019/12/16
Great tip from: [Archive.is] Michal Špaček on Twitter: “Friendly reminder: if you allow users to register email addresses on your domain, make sure they can’t get: admin@ administrator@ hostmaste… https://t.co/wUHXrQC2J0”:
Friendly reminder: if you allow users to register email addresses on your domain, make sure they can’t get:
- admin@
- administrator@
- hostmaster@
- postmaster@
- webmaster@ (and others from RFC 2142)
otherwise users might be able to get an HTTPS certificate for your domain.
Posted in Encryption, https, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »
Posted by jpluimers on 2019/01/16
With the advent of WebSockets, it looks like TCP tunnels over HTTP/HTTPS are gaining more ground and I need to put some research time in them.
Some old to new links:
CONNECT requests are not supported by many HTTP proxies, especially in larger organisations, so chisel and crowbar have a much bigger chance there.
However, that is a VPN solution which is much broader than just a single TCP tunnel. You can so similar things with OpenVPN, but over HTTP/HTTPS, also requires CONNECT:
SoftEtherVPN seems to be more versatile though. I blogged about that before, but back then didn’t have needs for it yet. VPN over HTTPS: Ultimate Powerful VPN Connectivity – SoftEther VPN Project.
–jeroen
via: [WayBack] VPN through only http – Server Fault answer by [WayBack] neutrinus
Posted in Communications Development, Development, HTTP, https, Internet protocol suite, Network-and-equipment, OpenVPN, Power User, TCP, VPN, WebSockets, Windows-Http-Proxy | Leave a Comment »
