Trusted Platform Module or TPM is an international standard for a secure cryptoprocessor. This standard is developed by Trusted Computing Group and standardized by International Organizational Standardization (ISO) and International Electrotechnical Commission (IEC) with number ISO/IEC 11889 in 2009. Versions TCG continues to revise the TPM specification. Latest version is released at October 2014 with number 2.0 Manufacturing TPM hardware is manufactured by different manufacturers. Important thing while buying and...
The first Personal Computer or PC is designed in 1980’s by IBM. This computer has different components and design from previously designed computers. This design is cloned by a lot of manufacturers. This computer boot sequence was like below.
BIOS -> Operating System
BIOS was the first component that runs when computer starts. BIOS initialization hardware and make some checks and then start operating system resides in disk or network. UEFI is next...
Lightweight Directory Access Protocol is a protocol developed for managing users, groups access, rights in a IT environment. There are different protocols used for authentication and authorization but LDAP is most popular and compatible protocol. LDAP can be used to integrate Windows Active Directory with Linux and other non Windows systems. Active directory also provides LDAP services too. In this tutorial we will look how to install, configure and test...
Secure Shell or with its most know name SSH is a protocol developed to connect IT systems remotely and securely. SSH works as expected client server architecture. In this post we will look various security related configuration options of the SSH daemon service or sshd. The tutorial about the client side ssh configuration can be found in the following link http://www.poftut.com/ssh-tutorial-command-examples/ Server Configuration File Ssh generally works as a service or...
limits.conf configuration file is used to limit user, domain, process related metrics. Limits.conf is related with pam_limits module. Configuration File There is configuration file named limits.conf and located at /etc/security/ . The default content of this file is like below.
#<domain> <type> <item> <value>
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
As we can see all configurations are commented so they are not effective. There is also a directory which is use to store configuration files in a separate files to maintain easily. This...
Netcat is a simple but useful tool used for TCP, UDP, Unix-domain sockets. Netcat can listen or connect specified sockets easily. Netcat is a platform independent command supported by Linux, Unix, Windows, BSD, MacOS, etc. Common use cases for netcat are; Simple TCP proxy Shell script based HTTP clients and Servers Network daemon testing A SOCKS or HTTP ProxyCommand for ssh Syntax We will use the following syntax for nc...
Servers provide to different type of infrastructures to implement different solutions about IT. Security is an other issue that must be solved in IT area. In recent years security became a need. In this tutorial we will look how to secure our servers. Patching Operating systems uses a lot of internal and external tools and services. Especially external ones interfaces the operating system with the remote clients and attackers over...
GnuPG is opensource and popular alternative to the PGP. PGP provide encryption related function. PGP provides hash function like standard Linux packages. We will look ow to verify files downloaded from internet with their PGP signatures to verify. Find PGP Information In this example we will use Apache source code. Apache PGP signature can be found and downloaded like below.
$ wget https://www.apache.org/dist/httpd/httpd-2.4.23.tar.bz2.asc
We can see that signature file have asc extension...
In today IT world everything connected and a lot of data in being downloaded from internet or over networks. This may create some minor problems. The data downloaded may be corrupted or there may be some intruders in network and with man of the middle attack may change our files. There are different solutions for this but simplest and fastest solution is using hash algorithms to verify file integrity. There...
Hi, x509 certificates are used widely by a lot of applications. Generating x509 certificates seem to be hard and rocket science, but it is not. We will generate a key named t1.key and then create a signing request from this key. After that to signed our request we will generate a self signed CA key and certificate. After that we will sing our request and generate ready to use certificate....