Security

Server setup: Setting up a firewall

A firewall is a basic filter that can provide an efficient protection to your server by only allowing the traffic in and out as the rules of the firewall allows it. Setting up a firewall on a Ubuntu Linux server does not need to be complicated - in fact the one used in this example is called “uncomplicated firewall”. To get the firewall up and running make sure it’s installed through the package manager.

HTTPS, SSL, TLS - What it does

While surfing the net, you often come across web agencies how promote SSL-certificates (or TLS security) on their products - or their ability to create “secure web applications” with SSL. Most users know HTTPS/SSL/TLS as the little lock, that promises “security” when visiting a page - but what kind of security it actually provides is rarely explained - and far worse often misunderstood. The while SSL is the popular name (and as it was once known) and HTTPS usually is the way users sees it (as part of a URL in a browser) - the correct name is TLS a short for Transport Layer Security.

Ubunutu Uncomplicated Firewall

I’m still enjoying the fresh new Ubunutu 9.04, and one of the nice new features is a firewall – which Canonical calls “Uncomplicated Firewall”. I’m usually not hooked on firewalls, but just for the fun of it I enabled the firewall on my laptop and it seems to work quite well. The firewall doesn’t seem to have any noticeable impact on system performance and as the laptop from time to time visits open wifi’s, it’s probably a good idea to have protection from other users on open networks.

Google Docs Secure

A number of podcasts and websites have mentioned that you can get your Gmail SSL encrypted by just adding a small s in the url (from http:// to https:// in the url). Cool. But wait there’s more… it seems to work for Google Docs and Google Reader too. While I doubt the usefulness of an encrypted RSS Reader, there’s certainly a great vaule in having encrypted access to documents used with Google Docs.

Secure PHP Programming

A new group has appeared on the net – the PHP Security Consortium (PHPSC). It is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Nice. While many PHP developers make sites people are supposed to use and enjoy, few as actual education and experience in how to make secure applications and websites. Through projects and articles, they’ll try to educate PHP developers.