Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home Archives for Cloud Insidr
Symantec Code Signing (728*90)
How to flash the Netgear Nighthawk X10 R9000 with DD-WRT without bricking the router

Cloud Insidr 2019-11-22 Leave a Comment

How to flash the Netgear Nighthawk X10 R9000 with DD-WRT without bricking the router

Open-source router firmware can open up a whole new world of possibilities when it comes to internet connectivity. For many people, the firmware of choice is DD-WRT. All you need is a wireless router, a service that supports its functionality and you are good to go. 

The Netgear Nighthawk X10 R9000 is indisputably one of the best wireless routers out there. It’s pricey, too. One way to make the whole investment more affordable is by flashing the router yourself as opposed to buying one from a third-party vendor. 

[Read more…]

Filed Under: news, reviews Tagged With: DD-WRT, firmware, Netgear, router, WiFi

Cloud Insidr 2019-08-08 Leave a Comment

DoH (DNS-over-HTTPS): How to move up to the next level of cyber security

Many government agencies–and huge corporations as well–have been hacked in the US, UK and elsewhere, but little to nothing has been done to fix it once and for all. Unfortunately, there is no single silver bullet you could shoot at the cyber security problem; therein lies the problem. And even if you were to find a solution, beware; it’s only of a time-limited value. To stay in the picture: you have to keep shooting your silver bullets, if you happen to have them.

In a nutshell: whatever solution you might find, it will always be of only a temporary nature. Cyber security threats are always evolving and they never stand still. ‘DNS-over-HTTPS’ is such a cyber security solution, designed by Internet Engineering Task Force, Google, Mozilla and others, which is definitely worth being implemented.

DNS requests: Relying on a classic plaintext UDP request instead of HTTPs

Actually, DoH comes as a surprise. After all, HTTPs delivers encrypted HTTP connections, so why bother to implement DoH? Well, DoH–a shorthand for DNS-over-HTTPS protocol (IETF RFC8484)–works by sending DNS requests via an encrypted HTTPS connection, instead of using a classic plaintext UDP request, as classic DNS implementations suggest.

However, there is more to it. DoH is not just encrypted, it works on the app level instead of the OS level. The idea behind DoH is to use DNS-over-HTTPS connections between an app (e.g. a browser or a mobile app and an encrypted  DoH-compatible DNS server–also called ‘resolver’).

The complete DoH-traffic is exclusively HTTPS, without any exceptions and that’s the beauty of the DoH concept.

All DoH domain name queries are encrypted and then camouflaged in regular web traffic, which is in turn sent to the DoH-DNS-resolver. The latter one then replies with a domain name’s IP address and this also implemented with HTTPS.

Don’t trust the Operating System

While open source operating systems like Linux, BSD, Solaris, etc. are designed to be highly secure, commercial off-the-shelf operating systems like Windows and macOS usually aren’t secure at all or are only partially secure. As a house owner you wouldn’t secure just the front and the garage door while keeping the side door insecure.

However, that’s how commercial operating systems nowadays work. Cyber security in commercial operating systems is only skin deep. Where no one is looking, it’s usually non-existent. As a result of the DoH-design, apps can re-gain privacy controls of DNS queries back from intentionally half-baked operating systems and are thus capable of hardwiring a list of trusted DNS-over-HTTPS servers (resolvers). While you might want to trust Google, Mozilla, and other cloud providers, you don’t have to. You can setup a list of your own trusted IPs with trustworthy resolvers.

DNS-over-HTTPS is gaining steam

The list of cyber security hacks sounds like the ‘who is who’ of IT companies and government agencies. Nobody can be sure to excluded from hacks, just because an government agency is too important or because a company is too big. Unfortunately it doesn’t work this way.

Filed Under: Uncategorized

SELinux tips, tricks, hacks and gotchas

Cloud Insidr 2019-07-30 Leave a Comment

SELinux tips, tricks, hacks and gotchas

Most of us have a love-hate relationship with SELinux.

[Read more…]

Filed Under: administration and orchestration Tagged With: SELinux, time stamp

It’s never too late: cron 101

Cloud Insidr 2019-07-23 Leave a Comment

It’s never too late: cron 101

Good ol’ fashioned cron can greatly simplify system maintenance.

[Read more…]

Filed Under: administration and orchestration, Linux, tips and tricks Tagged With: automation, cron

Letsencrypt tips and tricks

Cloud Insidr 2019-07-22 Leave a Comment

Letsencrypt tips and tricks

Who wants to issue certificates manually if they can take Letsencrypt’s Certbot to the task.

[Read more…]

Filed Under: cybersecurity and cyber warfare, encryption, NGINX, web servers in the cloud Tagged With: certbot, certificate, letsencrypt

  • 1
  • 2
  • 3
  • …
  • 12
  • Next Page »
Comodo Elite SSL (OV) (728*90)

Join Cloud Insidrs!

Symantec Code Signing (200x200)

Tag Cloud

#1 on the TOP500 super computer list AMI AWS CentOS certbot certificate cipher suites cryptography CSRF cyber security Diffie-Hellman DMARC DNS EC2 ECDHE email encryption firmware GDPR HSTS HTTP/2 HTTPS IBM IPv4 Linux Linux Kernel mail Mellanox MFA MITM Netgear NGINX NVIDIA OpenSSL perfect forward secrecy remote host RSA rsync SELinux time stamp TLS TLS 1.2 TLS 1.3 TLS vulnerabilities Windows
Secure Site with EV (160x600)

Pearson Education (InformIT)

Pearson Education (Peachpit)

Thawte Code Signing (200x200)

  • Content purchasing and syndication