Configuring Ubuntu SSH server to use Hashicorp Vault OTP

Configuring Ubuntu SSH server to use Hashicorp Vault OTP

This post will demonstrate how to configure vault and ssh server in order to use OTP for the login to SSH server. Following diagram depicts the process. After we have initialized and unsealed our vault server we need to enable ssh secrets engine with the following command: vault secrets enable ssh Write role to Vault ssh secrets engine. For the test purposes we will allow all IPs Vault write ssh/roles/admin key_type=otp default_user=vaultuser cidr_list=0.0.0.0/0,0.0.0.0/0 Now we need to configure login to…

Read More Read More

Enable Azure Diagnostic Logs Settings

Enable Azure Diagnostic Logs Settings

Logging to storage account $resource = Get-AzResource -Name [resource name] -ResourceGroupName [resource group name] $storage = Get-AzResource -Name [resource name] -ResourceGroupName [resource group name] Set-AzDiagnosticSetting –ResourceId $resource.ResourceId –StorageAccountId $storage.ResourceId -Enabled $true Streaming of diagnostic logs to Event Hub $rule = Get-AzServiceBusRule -ResourceGroup [resource group name] -Namespace [namespace] -Topic [topic] -Subscription [subscription] -Name [rule name] Set-AzureRmDiagnosticSetting -ResourceId $resource.ResourceId -ServiceBusRuleId $rule.Id -Enabled $true Streaming of diagnostic logs to a Log Analytics workspace $workspace = Get-AzOperationalInsightsWorkspace -Name [workspace name]-ResourceGroupName [resource group name] Set-AzureRmDiagnosticSetting…

Read More Read More

Recruiting tools.

Recruiting tools.

https://MailScoop.io – Free Email Finder https://Yesware.com – Email Tracker https://ResyMatch.io – Free Resume Scanner https://ResyBullet.io – Free Resume Bullet Analyzer https://ResyBuild.io – Free Resume Builder https://Canva.com – Free Graphic Design Tool  https://PhotoFeeler.com – Free LinkedIn Profile Pic Grader https://tagcrowd.com/

Azure virtual network service endpoints

Azure virtual network service endpoints

You’ve migrated your existing application and database servers for your ERP system to Azure as virtual machines. Now you’re considering using some Azure platform as a service (PaaS) services to reduce your costs and administrative requirements. Storage services will hold certain large file assets, such as engineering diagrams. These engineering diagrams have proprietary information in them, and must remain secure from unauthorized access. These files must only be accessible from specific systems. In this unit, you’ll look at how to…

Read More Read More

Azure VNET Peering

Azure VNET Peering

az network vnet create \     –resource-group learn-176d3f64-8002-4e62-b762-ac3929d20952 \     –name SalesVNet \     –address-prefix 10.1.0.0/16 \     –subnet-name Apps \     –subnet-prefix 10.1.1.0/24 \     –location northeurope     az network vnet create \     –resource-group learn-176d3f64-8002-4e62-b762-ac3929d20952 \     –name MarketingVNet \     –address-prefix 10.2.0.0/16 \     –subnet-name Apps \     –subnet-prefix 10.2.1.0/24 \     –location northeurope     az network vnet create \     –resource-group learn-176d3f64-8002-4e62-b762-ac3929d20952 \     –name ResearchVNet \     –address-prefix 10.3.0.0/16 \     –subnet-name Data \     –subnet-prefix 10.3.1.0/24 \     –location westeurope     az network vnet list –output table =============================================== az network vnet peering create \     –name…

Read More Read More

Azure Site to Site VPN Configuation

Azure Site to Site VPN Configuation

We will create Site to Site VPN connection with two VNETs. By this way we are simulating Cloud and On-Prem sites as in the following diagram az network vnet create \     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \     –name Azure-VNet-1 \     –address-prefix 10.0.0.0/16 \     –subnet-name Services \     –subnet-prefix 10.0.0.0/24     az network vnet subnet create \     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \     –vnet-name Azure-VNet-1 \     –address-prefix 10.0.255.0/27 \     –name GatewaySubnet     az network local-gateway create \     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \     –gateway-ip-address 94.0.252.160 \     –name LNG-HQ-Network \     –local-address-prefixes 172.16.0.0/16     az network…

Read More Read More

10. Same-Origin Policy and Cross-Origin Resource Sharing

10. Same-Origin Policy and Cross-Origin Resource Sharing

1. SAME-ORIGIN POLICY INTRODUCED Same-Origin Policy (SOP) is a major security concept that is built-in in all contemporary browsers. Its main goal is to prevent access attempts of dynamic web page elements (like scripts) to data on resources of a different origin.In the security context, SOP prevents malicious web sites from retrieving confidential data from restricted locations on behalf of users and without their acknowledgment.User agents that are compliant with SOP, restrict requests issued from one origin to another origin….

Read More Read More

9. Front End Security Basics: Secure Cookie Flag

9. Front End Security Basics: Secure Cookie Flag

1. VULNERABILITY INTRODUCED Properly implemented data protection is an essential component of the security of any web application. It allows the users to know who they are communicating with, whether or not their communication channel is encrypted, and that the data is not manipulated in transit. Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive data transmitted through the network. For example, when HTTP protocol is used, the traffic (including cookies) is sent in plain…

Read More Read More

8. Front End Security Basics: DOM XSS in AJAX

8. Front End Security Basics: DOM XSS in AJAX

1. VULNERABILITY INTRODUCED When an HTML page is rendered in browsers, the browser downloads the HTML into local memory and automatically parses it to display the page on the screen. When a web page is loaded, the browser creates a Document Object Model (DOM) of the page, which is an object-oriented representation of an HTML document, that acts as an interface between JavaScript and the document itself and allows the creation of dynamic web pages. So, the objects in the…

Read More Read More

7. Front End Security Basics: DOM XSS in URL

7. Front End Security Basics: DOM XSS in URL

1. VULNERABILITY INTRODUCED When an HTML page is rendered in browsers, the browser downloads the HTML into local memory and automatically parses it to display the page on the screen. When a web page is loaded, the browser creates a Document Object Model (DOM) of the page, which is an object-oriented representation of an HTML document, that acts as an interface between JavaScript and the document itself and allows the creation of dynamic web pages. So, the objects in the…

Read More Read More