security
Make a host entry
This is a very simple but effect full solution.
Simply open your hosts file (for Unix-like systems typically at: /etc/hosts) and make the following entry at the end of the file:
127.0.0.1 orf.at
This will tell the system to resolve every request to orf.at to your localhost. Thus this website will be system wide not available for any program. Please keep in mind that there could be also some other urls pointing to this site which therefore also have to be blocked.
Taggings:
Import Certificate into Firefox 3.6.12
This challange will help you to import a Code Signing Certificate into Firefox
Securing Wireless Network: WPA/WPA2 configuration guide
Configuring WPA/WPA2:
1. Use an Ethernet cable to connect a computer to any one of the four LAN ports of the NETGEAR router.
2. In a web browser, enter the router's IP address - either http://192.168.0.1 or http://192.168.1.1 by default.
3. When prompted for a Username and Password, enter the default username and password (admin; password) unless you have already changed it. NETGEAR recommends changing the default password to increase the security of your network.
For Steps 4-9, refer to Figure A below.
4. Select Wireless Settings from the Setup menu in the left-hand navigation bar.
5. Under Wireless Network, enter your desired network name in the Name (SSID) box.
6. Under Security Options, select WPA-PSK [TKIP] + WPA2-PSK [AES].
7. Under Security Options (WPA-PSK + WPA2-PSK), enter your desired network password into the Passphrase box.
8. WRITE DOWN or KEEP NOTE of your network name, security option and passphrase - you will require them to connect wireless computers and devices to your network.
9. Click Apply to save the settings.
For further Information please refere to Router and Networking FAQ http://kb.netgear.com/app/answers/detail/a_id/12923/related/1 .
Hiding mail-adress on a website
Nowadays it is often necessary to show the e-mail-adress an a homepage. Customers should see it, but there exist programs to find out mail-adresses from web-sites to use them for spam.
How can I hide my e-mail-adress from spam-bots as long as it is visible on homepages?
Access your computer over internet in a secure way
Accessing you own data is getting more and more important.
Part of it is already accessible from "everywhere", when stored with your emails. But "the cloud" is not that advanced yet and so there are documents you only have on your computer.
Imagine you switch place for a couple of days, and still want to be able to look something up.
One possibility was to create a backup and store all documents you might need on an external drive - a tedious process, and will forget the <em>one important</em> document.
You could also open a port for Windows' Remote Desktop connection, but for security reasons this is not a choice.
There should be a secure way to access the data.
Taggings:
Test MAC authentifaction of a WiFi access point.
When a new WiFi access point is set up several security relevant configuration options have to be changed.
First password authentication through WPA/PSK is enabled.
Additionally MAC address authentication can be enabled to provide access only to certain machines which have thir MAC address entered in a list of known MAC addresses.
The goal is to test if this feature was correctly enabled.
Preventing SQL-Injection in a Java application
Sql-Injection is a technique to inject (or execute) SQL commands within an application (database). It is mainly used to gain access to a databases content for which one has no authorization. The method injects SQL commands by providing input to a SQL statement which contains SQL meta-characters.
Example statement: <strong>select * from user where username='input'</strong>
SQL injected input:<strong>user' OR '1'='1</strong>
The final statement:<strong>select * from user where username='user' OR '1'='1'</strong>
Since 1 always equals 1, this statement would return all the users in the database!
Depending on the SQL command, an attacker could insert, modify, extract and delete data in the database.
prepare an application server to handle secure connections
<p>In a web application users can collect information on their (or their company's) assets and plan future actions.</p><p>This information is of great value, so the user wants to keep it safe.</p><p>One basic task for a trustworthy service provider is, to let the user know if the connection is established indeed between the two.</p><p>In web applications this is usually accomplished by using a secure connection during user authentication.</p><p>So, an application server should be able to provide such secure connections.</p><p>For this task a SSL/TLS certificate is required. too bad, that there is none for this machine yet.</p>
Basic access authentication to control the access of users to websites
<p>The task was to provide a wiki to which only people who attended the course were granted access. The problem is, that this wiki was stored on the webspace provided by the university for students, so the administrator of the wiki did not have all rights and possibilities to solve the problem. Find a way, which does not take too much time (because the main task of the excercise in the course was not to deal with a server and a wiki) to guarantee everyone of the course - but nobody else - the access to the wiki (respectively the folder where the wiki is stored).</p>
Taggings:
Securing web pages written in PHP
<p>An existing web page with no special focus on safety should be secured against different kinds of attacks. The page is located on a shared web server on which no special privileges are granted. The versions of the software used in the environment are the following:</p><ul><li>PHP 5.2.6</li><li>MySQL Server Version: 5.0.75</li><li>Zend Framework 1.5</li><li>Apache 2.6.28-16</li><li>Suhosin-Patch 0.9.6.2</li></ul><p>PHP-Configuration:</p><ul><li>safe_mode off</li><li>magic_quotes_runtime off</li><li>magic_quotes_gpc off</li></ul><p>Especially the parameters should be checked against malicious contents.</p><p>GET-Parameters:</p><ul><li>site, string</li><li>nodeid, integer</li><li>action, string</li></ul><p>The POST-Parameters are variable and should just allow alphanumerical values and punctuation marks.</p><p>XSS, SQL Injection and directory traversal should be avoided. The Solution should be easy to understand, configurable and flexible. Already finished libraries and tools which are tested will be accepted.</p>
Pages
