Cybersecurity in the Age of the Machine
Here is one nifty service that can dig up useful information about a website and its setup:
https://centralops.net/co/DomainDossier.aspx
It can currently check domain whois record, DNS records, run traceroute, verify network whois record and perform a service scan. Nice.
Open-source router firmware can open up a whole new world of possibilities when it comes to internet connectivity. For many people, the firmware of choice is DD-WRT. All you need is a wireless router, a service that supports its functionality and you are good to go.
The Netgear Nighthawk X10 R9000 is indisputably one of the best wireless routers out there. It’s pricey, too. One way to make the whole investment more affordable is by flashing the router yourself as opposed to buying one from a third-party vendor.
Many government agencies–and huge corporations as well–have been hacked in the US, UK and elsewhere, but little to nothing has been done to fix it once and for all. Unfortunately, there is no single silver bullet you could shoot at the cyber security problem; therein lies the problem. And even if you were to find a solution, beware; it’s only of a time-limited value. To stay in the picture: you have to keep shooting your silver bullets, if you happen to have them.
In a nutshell: whatever solution you might find, it will always be of only a temporary nature. Cyber security threats are always evolving and they never stand still. ‘DNS-over-HTTPS’ is such a cyber security solution, designed by Internet Engineering Task Force, Google, Mozilla and others, which is definitely worth being implemented.
Actually, DoH comes as a surprise. After all, HTTPs delivers encrypted HTTP connections, so why bother to implement DoH? Well, DoH–a shorthand for DNS-over-HTTPS protocol (IETF RFC8484)–works by sending DNS requests via an encrypted HTTPS connection, instead of using a classic plaintext UDP request, as classic DNS implementations suggest.
However, there is more to it. DoH is not just encrypted, it works on the app level instead of the OS level. The idea behind DoH is to use DNS-over-HTTPS connections between an app (e.g. a browser or a mobile app and an encrypted DoH-compatible DNS server–also called ‘resolver’).
The complete DoH-traffic is exclusively HTTPS, without any exceptions and that’s the beauty of the DoH concept.
All DoH domain name queries are encrypted and then camouflaged in regular web traffic, which is in turn sent to the DoH-DNS-resolver. The latter one then replies with a domain name’s IP address and this also implemented with HTTPS.
While open source operating systems like Linux, BSD, Solaris, etc. are designed to be highly secure, commercial off-the-shelf operating systems like Windows and macOS usually aren’t secure at all or are only partially secure. As a house owner you wouldn’t secure just the front and the garage door while keeping the side door insecure.
However, that’s how commercial operating systems nowadays work. Cyber security in commercial operating systems is only skin deep. Where no one is looking, it’s usually non-existent. As a result of the DoH-design, apps can re-gain privacy controls of DNS queries back from intentionally half-baked operating systems and are thus capable of hardwiring a list of trusted DNS-over-HTTPS servers (resolvers). While you might want to trust Google, Mozilla, and other cloud providers, you don’t have to. You can setup a list of your own trusted IPs with trustworthy resolvers.
The list of cyber security hacks sounds like the ‘who is who’ of IT companies and government agencies. Nobody can be sure to excluded from hacks, just because an government agency is too important or because a company is too big. Unfortunately it doesn’t work this way.
Most of us have a love-hate relationship with SELinux.
Good ol’ fashioned cron can greatly simplify system maintenance.