Category: Security

Deploying IPsec in small LAN in 3 easy steps

I think about installing IPsec on computers in my home LAN for some time. There are many configurations possible: tunnel mode, transport mode, peer-to-peer solution or star topology with single VPN hub. Also there are different IPsec implementations. KAME for *BSD, Openswan, strongSwan and Linux 2.6 PF_KEY implementation (which can be used with setkey and racoon or with OpenBSD’s isakmpd). Choosing one is not easy, but for me the simplest method was best. I choose Linux 2.6 PF_KEY with ipsec-tools and racoon for dynamic key exchange (now part of ipsec-tools). Its simple, easy to implement and… configuration files without any modification (except file paths) can be used also in FreeBSD (tested with 6.3-RELEASE).

Continue reading “Deploying IPsec in small LAN in 3 easy steps”

O tym jak to Chuck Norris skopiował dane z Naszej Klasy na dyskietkę

Hacking.pl opublikował artykuł Nasza-Klasa.pl – pobierz sobie dane milionów Polaków. Zasugerowano w nim, że każdy może pobrać dane wszystkich użytkowników Naszej-Klasy. Na alarm uderzył również Dziennik Internautów i Computerworld. Wszyscy zwrócili uwagę na fakt, że prosty robot internetowy może skopiować strony z portalu, przefiltrować ciekawe informacje i zapisać je na dysku. Niestety większości umknął jeden ważny problem… czas potrzebny do skopiowania 8 milionów stron.

Continue reading “O tym jak to Chuck Norris skopiował dane z Naszej Klasy na dyskietkę”

Limiting access to ptrace() call in Linux

Ability to trace and debug software on servers is not needed for most users. Giving them right to trace processes may leak information and if ptrace() is vulnerable lead to more problems.

Sptrace is a secure ptrace() Linux Kernel Module (LKM). It limits users’ access to the ptrace() call. It can disable strace (and ltrace) altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace() call.

Continue reading “Limiting access to ptrace() call in Linux”