Archives for 2017

Cloud Insidr 2017-10-08 Leave a Comment

A cybersec showdown of the clouds: cyber security on AWS versus Microsoft Azure

[Updated May 16, 2018] AWS and Microsoft, the two leaders in the race for the best cloud infrastructure, have recognized cyber security as a barrier of adoption. Cyber security professionals are weary of migrating workloads into public cloud environments as it may carry significant risks. Thus, Amazon and Microsoft have developed specialized services to help safeguard users’ cloud infrastructure and data.

This post discusses ways to mitigate cyber threats and launch a cyber defense on AWS and Azure.

[Read more…]

Cloud Insidr 2017-08-23 Leave a Comment

How to set up a mail server on AWS EC2 using open source software

When running your own mail server you have complete control over its performance and reliability. Here is how to get started with an open-source mail server on AWS EC2.

[Read more…]

Cloud Insidr 2017-04-30 Leave a Comment

How to verify the remaining validity of your letsencrypt certificates

In order to figure out how many days your letsencrypt certificates have left, you could check an online services such as:

https://www.ssllabs.com/ssltest/index.html

However, that won’t work for a mail server that’s not also running a web server using the same certificate.

In this case, your best bet is to check the certificate file directly using the openssl command as follows:

openssl x509 -noout -dates -in /etc/letsencrypt/live/smtp.yourmailserverdomainname.com/cert.pem

Cloud Insidr 2017-02-20 Leave a Comment

Maximize your PHP session security by fixing errors and closing the session adoption vulnerability that allows session fixation attacks

When the server can’t write to the session data directory, if will use /var/cache/nginx/fastcgi_temp/ and complain in the error log. You don’t want any of these errors, but a setting considered insecure will not even be reported as such. Here is how to bolster your PHP 7 session security with NGINX and php-fpm.

[Read more…]

Cloud Insidr 2017-01-01 Leave a Comment

IBM’s China connection and the betrayal of America: how Chinese government hackers manage to remain undetectable

“You know, if you have something really important, write it out and have it delivered by courier, the old-fashioned way. Because I’ll tell you what: No computer is safe (…) I don’t care what they say.”

President-Elect Donald Trump

In the waning days of the fading Obama presidency, plenty of questions surfaced about Russia’s involvement with the hacks of the DNC and election systems. Electronic evidence can be easily manipulated.

There is more to it than just electronic evidence.

[Read more…]