How to Boost Your Internet Security with DNSCrypt CloudNS.com.au Encrypt DNS Traffic In Ubuntu With DNSCrypt [Ubuntu PPA] This article was posted a while back but I've decided to repost it because there's a new PPA that you can use to install dnscrypt-proxy in Ubuntu (14.10, 14.04 and 12.04) and also, some parts of the article needed to be updated. DNSCrypt is a protocol for securing communications between a client and a DNS resolver, preventing spying, spoofing or man-in-the-middle attacks. To use it, you'll need a tool called dnscrypt-proxy, which "can be used directly as your local resolver or as a DNS forwarder, authenticating requests using the DNSCrypt protocol and passing them to an upstream server". Thanks to Pascal Mons (work based on Sergey "Shnatsel" Davidoff's initial PPA, which doesn't have packages for Ubuntu 14.04 or 14.10 right now), you can easily install it Ubuntu. His packages use 127.0.0.2 as the local IP address so it doesn't interfere with Ubuntu's default setup. 1. sudo add-apt-repository ppa:anton+/dnscrypt sudo apt-get update sudo apt-get install dnscrypt-proxy 2. 3.
Open Whisper Systems partners with WhatsApp to provide end-to-end encryption At Open Whisper Systems, our goal is to make private communication simple. For the past three years, we’ve been developing a modern, open source, strong encryption protocol for asynchronous messaging systems, designed to make seamless end-to-end encrypted messaging possible. Today we’re excited to publicly announce a partnership with WhatsApp, the most popular messaging app in the world, to incorporate the TextSecure protocol into their clients and provide end-to-end encryption for their users by default. Your messages may already be encrypted The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. This is still the beginning Get involved!
Top 20 Nginx WebServer Best Security Practices Nginx is a lightweight, high performance web server/reverse proxy and e-mail (IMAP/POP3) proxy. It runs on UNIX, GNU/Linux, BSD variants, Mac OS X, Solaris, and Microsoft Windows. According to Netcraft, 6% of all domains on the Internet use nginx webserver. Nginx is one of a handful of servers written to address the C10K problem. Unlike traditional servers, Nginx doesn't rely on threads to handle requests. Default Config Files and Nginx Port /usr/local/nginx/conf/ - The nginx server configuration directory and /usr/local/nginx/conf/nginx.conf is main configuration file. You can test nginx configuration changes as follows: # /usr/local/nginx/sbin/nginx -t Sample outputs: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok configuration file /usr/local/nginx/conf/nginx.conf test is successful To load config changes, type: # /usr/local/nginx/sbin/nginx -s reload To stop server, type: # /usr/local/nginx/sbin/nginx -s stop #1: Turn On SELinux Do Boolean Lockdown See also: Where,
Namecoin DNSCrypt | OpenDNS Background: The need for a better DNS security DNS is one of the fundamental building blocks of the Internet. It’s used any time you visit a website, send an email, have an IM conversation or do anything else online. That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak — particularly in the “last mile.” There have been numerous examples of tampering, or man-in-the-middle attacks, and snooping of DNS traffic at the last mile and it represents a serious security risk that we’ve always wanted to fix. Why DNSCrypt is so significant In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. Note: Looking for malware, botnet and phishing protection for laptops or iOS devices? Download Now: Frequently Asked Questions (FAQ): 1. 2.
BIND BIND /ˈbaɪnd/, or named /ˈneɪmdiː/, is the most widely used Domain Name System (DNS) software on the Internet.[2][3] On Unix-like operating systems it is the de facto standard. The software was originally designed at the University of California Berkeley (UCB) in the early 1980s. The name originates as an acronym of Berkeley Internet Name Domain,[4] reflecting the application's use within UCB. The software consists, most prominently, of the DNS server component, called named, contracted for name daemon.[5] In addition the suite contains various administration tools, and a DNS resolver interface library. Starting in 2009, the Internet Software Consortium (ISC) developed a new software suite, initially called BIND10. Database support[edit] BIND 10 planned to make the data store modular, so that a variety of databases may be connected.[7] Security[edit] History[edit] Versions of BIND through 4.8.3 were maintained by the Computer Systems Research Group (CSRG) at UC Berkeley.[10] See also[edit]
20 Linux System Monitoring Tools Every SysAdmin Should Know Need to monitor Linux server performance? Try these built-in commands and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. Finding out bottlenecks.Disk (storage) bottlenecks.CPU and memory bottlenecks.Network bottlenecks. #1: top - Process Activity Command The top program provides a dynamic real-time view of a running system i.e. actual process activity. Fig.01: Linux top command Commonly Used Hot Keys The top command provides several useful hot keys: => Related: How do I Find Out Linux CPU Utilization? #2: vmstat - System Activity, Hardware and System Information The command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. # vmstat 3 Sample Outputs: Display Memory Utilization Slabinfo # vmstat -m Get Information About Active / Inactive Memory Pages # vmstat -a => Related: How do I find out Linux Resource utilization to detect system bottlenecks? #3: w - Find Out Who Is Logged on And What They Are Doing # ps -AlFH
Unbound Here's a preliminary pet for DNSCrypt Here's a preliminary pet for DNSCrypt (note* this package requires libsodium, pet found here) for previous discussion about DNSCrypt see (this thread). This was compiled using the version of puppylinux called "precise" so it is a 32 bit binary. I have not tested this yet, I will be testing this in conjuction with "DNSCrypt Tools" (See thread) which will be part of my testing process. Encrypt DNS Traffic In Linux With DNSCrypt (Via OpenDNS) DNSCrypt, as its name suggests, encrypts DNS traffic between your computer and OpenDNS, in the same way SSL turns HTTP traffic into HTTPS encrypted traffic. Initially, DNSCrypt was announced as being available for Mac only for now, but according to an OpenDNS article posted yesterday, the source code for DNSCrypt was published on GitHub when they've released the Mac preview and even though there's no user interface yet, Linux users can already install DNSCrypt. Why use DNSCrypt? DNSCrypt encrypts all DNS traffic between your computer and the OpenDNS servers (so you'll be using OpenDNS) and can protect you from man-in-the-middle attacks, spying, resolver impersonation, can prevent Internet service providers from blocking various websites and more. This is the first tool that encrypts DNS traffic - for instance, TOR encrypts DNS requests, but they are decrypted at the exit node. You can read more about DNSCrypt @ OpenSND DNSCrypt page and on GitHub. How to use DNSCrypt in Linux