Archive for the ‘Security’ Category
Open Source Firewall Appliance Round 2
A few years ago I blogged about using the Untangle firewall to replace a Sonicwall or similar firewall appliance.
Since then, Untangle has come a long way. I would like to revisit the untangle appliance as it has undergone numerous improvements, and in my opinion is now a fully capable replacement for an off-the-shelf firewall appliance.
Are EV SSL certificates insecure?
Today Intrepidus Group reported that EV SSL certificates are susceptible to a “Man-in-the-Middle” attack.
Zusman and Sotirov call their attack “SSL Rebinding” and claim that it can be used to sniff sensitive data as it leaves the user’s browser or to conduct a browser cache poisoning attack against EV SSL Web sites.
This is a major blow to EV SSL certificates and their significantly higher price tag. Something like this is significant enough, that if you are using an EV SSL, it may be a good idea to downgrade until the exploit is fixed.
Multi process PHP execution
Moved to: http://www.saynotoflash.com/archives/multi-process-php-execution/
What not to do when times get tough
When you look at businesses that are struggling, you generally see two reaction in attempt to get out of the slump.
The first reaction which generally is seen when a company declares bankruptcy or just before, is the add more fees without adding any value solution. Airlines are currently guilty of this, as most are adding fees everywhere without adding any additional value to their customers. I recently took a trip and was charged for curbside check-in, for checking a single bag, and for a soda while on the flight. The flight attendants and check-in receptionists were rude, no doubt because they have to deal with a bunch of angry customers. Southwest Airlines’ marketing team was just handed the golden platter of advertising opportunity, because people are angry at airlines for all the fees, and Southwest doesn’t have all the extra fees.
The second reaction which is actually consumer focused, is to change your business so it is more appealing adding value, in an effort to drive more business. Quiznos is a perfect example of this with their new pricing. I’m not sure if the end-user gets anything more from Quiznos, but the price / value point is far easier to understand which makes their restaurant more appealing.
Times are tough for a lot of retail businesses, and I can guarantee that simply raising prices will not create a more profitable or stable business unless you know for certain that your customers will happily pay the extra price.
Do not simply do these when times get tough:
- Add fees without adding some value with those fees (The airline raise).
- Grossly increase prices to accommodate for lost revenue.
- Unilaterally change contract terms (Think AT&T and Verizon).
Be careful doing these:
- Placing customers in opt-out programs.
- Cutting the variety of the products you offer.
- Dramatically changes or adding confusing policies and / or pricing structures.
Unfortunately there’s no magic recipe to making it through tough financial times, but these are some good ideas to help keep customers coming back to your business.
Here’s my recommendations to do before you ever get into real trouble:
- Make your price / value point more appealing (like Quiznos above). Be extremely cautious with this one because it can easily backfire if your customers think your smoke and mirrors are just an effort to pad your revenue.
- Offer rewards or incentives for frequent customers.
- Retail & Restaurants. Offer incentives to customer who bring their own cups or shopping bags. Ideas like this can help reduce overhead costs, and produce less waste. It’s win-win for everyone.
- Offer incentives to customers that refer their associates and friends to your business. If you’re not doing this already you’re doing something wrong.
- Diversify your marketing efforts. Don’t just use the Yellow Pages or radio ads. Puts your eggs in more baskets as long as they all provide business. You can try local PPC marketing, sponsoring events, newspaper ads, and more.
- Optimize your business. This is a great time to see if you can save money on the services that your business already uses. Internet, phone services, your merchant account, shipping costs and methods, are all great places to start. Find services that you don’t really need and cut those first.
- If you need to purchase new IT equipment look into low power consuming equipment. Low power servers, computers, and network hardware can save thousands per year in energy costs.
- Reduce staff. This is truly one of the hardest and most unpleasant aspects of owning a business, but realistically, if it’s going to potentially save your company then you should consider it. My personal opinion is that this is an absolute last resort, unless you have employees that you were planning on releasing anyway, but it is sometimes necessary.
Every dollar you can save will really help later when you’re completely cash strapped. Start doing these before you are looking an an insurmountable situation that will ultimately end with the end of your business.
Let me know if you have suggestions or experiences of your own.
Enterprise open source firewall appliance software!
I needed to setup a content filtering firewall a few weeks ago for an office of about 50 people. The existing firewall was a Sonicwall Pro 4060 which is a very solid firewall and is more than adequate for 50 computers. Sonicwall also has a content filter application that installs on the Pro 4060. The drawback to using Sonicwall’s filter is the price. Their filter is billed on a recurring yearly subscription, and would cost about $2,000 per year to use. $2,000 per year was far beyond the budget for such a project, so I went to look for an open source or lower cost setup, hopefully without any annual fee. My first thought was a custom Linux-Debian computer made only to function as a firewall. After some research and a few recommendations, I found a great out-of-the-box Linux operating system, Untangle, that is designed specifically for dedicated firewall applications. This was a much better solution that custom configuring a Linux server.
The following is a quick guide on how to setup a Enterprise class firewall for a small to medium sized business. How good your firewall performs is dependent on the hardware that you use, but if you copied the specs of the one that I setup, it should easily handle 100+ computers and servers.
The myth of tax free internet sales
It has been a long held belief by most online shoppers that out of state internet purchases are tax free. I have to admit that I believed this for a long time myself, but unfortunately it’s not the case.
Just to dispel any theory dissolving that old ‘Death and Taxes’ quote, internet purchases are not tax free. That’s right. As the wording goes, most internet companies don’t have to collect out of state sales tax. However, consumers, businesses and any end users still must pay a “Use Tax” on non-taxed purchases that they make through mail-order or online.
Most states currently have Use Tax which specifically requires consumers to pay their state sales tax on purchases they make online that are not taxed by the business. There are some exemptions for certain types of products and for states that do not have any sales tax, but for the most part, taxes on these purchases are required to be paid to your state government. With the exception of very large purchases, use tax is rarely if ever monitored, as it would simply be an impossible feat for any state government to handle. However, we can all be sure that states are losing out on millions if not billions in uncollected taxes, so if you aren’t paying them, enjoy the free ride while it lasts.
Here’s a Use Tax table that I came up with covering which states require it:
(Let me pre-apologize about all of the PDF links here, Government websites are about as bad as they come, and in many cases PDF’s are the only pages available.)
Spam-proof your dedicated server!
I wrote about a great cpanel firewall add-on that I found a while back.
The same company that designed configserver firewall, has two security packages that are designed to help maintain a cpanel/whm dedicated server.
I recently purchased the “cPanel Service Package + MailScanner” package for one of the servers that I manage.
Here’s what you get for $125:
- iptables SPI firewall (csf)
- Login failure detection (lfd)
- Stop unnecessary processes
- Logcheck
- Logwatch
- WHM configuration check
- OpenSSH configuration check
- Install and configure Rootkit Hunter
- Install and configure Chkrootkit
- install mod_security
- Host spoof protection
- Operating System check
- Name server configuration check
- Disk check
- Kernel check
- Apache tune and check ***
- MySQL tune and check
- Enhanced log rotation
- Day of the week backup rotations
- Secure /tmp /var/tmp /dev/shm
- Install and configure ConfigServer Explorer (cse)
- Install and configure ConfigServer Mail Queues (cmq)
- Install and configure ConfigServer Mail Manage (cmm)
- Perl installation check
- Delete unnecessary OS users
- Disable open DNS recursion
- Enhance path protection
- Remove SUID/GUID from binaries
- PHP hardening
- Exploit check
- Disable vulnerable phpBB installs
- Initial cPanel configuration
- Enhance MailMan performance
- Install MRTG graphs
- MailScanner Server service
- One week of informational tickets
While this is all great, what really caught my attention was the improvement with the email that the server was handling. Click to continue…
cPanel Security
This is a little plugin that I came across today. Nothing new, but after using it, there’s no way I would setup a cpanel/whm server without it.
ConfigServer Security & Firewall (csf)
This is essentially an extension of iptables firewall that integrates with a nice GUI in the WHM interface. It makes configuring the server’s firewall a snap, and also suggests other security fixes based on how your server is setup.
The installation took about 5 minutes to complete and another half hour to fully configure. You will need ssh or other shell access to install it on a server. This is an absolute necessity for any server. I only wish I would have found it a long time ago, as it is a huge time-saver.
Internet Explorer (Auto Complete) stores your passwords unencrypted!
When you check the auto-complete option in Windows internet explorer, you just opened yourself up to a mess of potential problems. Internet explorer stores all of the user names and passwords that you tell it to learn, in a single flat-file that is unencrypted and can be easily read by a variety of program.
Ecommerce How-to List for Do-it-yourself’ers
Following a post from Matt Cutts, I have been collecting how to’s every time I come across one that I use. I have about 900 saved up now, in just about every area imaginable.
There are so many how to guides that people need for running their ecommerce website’s. With that in mind, this is a list of very useful how to’s related to ecommerce. Hopefully this post will be a good resource for site owners, and those looking to get into ecommerce. Topics include everything from setting up a web server, marketing, to integrating a website with a payment gateway.