ESXi 6.0 introduces root account lockout. There're bunch of bots out there trying to brute-force attack your ssh/ESXi root password, making your root account easily vulnerable to be locked out. A good security practice to amend the issue is to enable SSH server on ESXi with KEY-BASED authentication ('PasswordAuthentication no' in /etc/ssh/sshd_config) then to enable ESXi firewall and restrict the ESXi vSpehere client to your static IP addresses as mentioned here:
esxcli network firewall set --enabled true
esxcli network firewall ruleset set -a=false -r=vSphereClient
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=vSphereClient
You need to limit your SSH port as well:
esxcli network firewall set --enabled false
esxcli network firewall ruleset set -a=false -r=sshServer
esxcli network firewall ruleset allowedip add -i=Your.Static.IP.Address -r=sshServer
esxcli network firewall set --enabled true
Saturday, August 6, 2016
Thursday, August 4, 2016
Protect yourself against browser tracking
Private browsing is a part of today browsers. When you use private browsing, you expect to be anonymous and put no trace in the computer you're using, and also the websites you're browsing don't realize that its you browsing their website.
You can see how anonymous your web browser is using Panopticlick website. If you have Flash player or Java installed, you most probably have a unique browser which can lead to your identification. 'List of plugins', 'List of system fonts', 'Java version', 'Timezone' together make your browser unique.
You can use the following sources to improve your browser tracking protection:
Disable font enumeration for firefox
Disable font enumeration for Chrome
Disable Plugin enumeration
Update 1: A dear friend mentioned the following privacy leaks:
- WebRTC, How to disable them in Firefox
- Disable WebGL
- Canvas Fingerprinting ( Canvas Blocker for firefox -> Install and set the block mode to : Block readout API)
With the above configurations, Panopticlick now says "Yes! You have strong protection against Web tracking."
You can see how anonymous your web browser is using Panopticlick website. If you have Flash player or Java installed, you most probably have a unique browser which can lead to your identification. 'List of plugins', 'List of system fonts', 'Java version', 'Timezone' together make your browser unique.
You can use the following sources to improve your browser tracking protection:
Disable font enumeration for firefox
Disable font enumeration for Chrome
Disable Plugin enumeration
Update 1: A dear friend mentioned the following privacy leaks:
- WebRTC, How to disable them in Firefox
- Disable WebGL
- Canvas Fingerprinting ( Canvas Blocker for firefox -> Install and set the block mode to : Block readout API)
With the above configurations, Panopticlick now says "Yes! You have strong protection against Web tracking."
Subscribe to:
Posts (Atom)
-
This post shows how to configure a mail proxy server to connect clients in an intranet to an external mail server. I will use SSL offloading... -
An updated version of this post is available here . I use this tutorial to setup RemoSIM.com product for customers. RasPBX – Asterisk for ... -
I use this tutorial to setup RemoSIM.com product for customers. To do: - Add instructions for enabling fail2ban for asterisk - Fix the fre...