Again, this is almost a copy & paste recipe. This configuration will allow you to ask for a password to access a specific directory published through HTTP. It is very handy and I am using it very often, so it worths having it in an article.

RDS services are becoming very common now. Big players like AZURE, Amazon (AWS) or Google are ofering them. They are very handy, you get rid of scalability problems and you only focus on your database management.

One of the features you will find, as I did, in these new services is the enforced security. Which it is good, as the information traves through the Internet. Bad thing is not every system is aware of using TLS/SSL connections. I will talk how i did it in my cases.

ebook.png

For some quite time, I have been visiting Packt to get a new eBook each day. Books are related to IT in the cookbook way. You can download them as PDF, ePub or Mobi format. I always download the ePub format and upload it into Google Books.

sip-flow-elements.png

These days, VoIP is very complex. It is hard for some people to make a difference where some elements start their role and when others end it. This is the case of provisioning; provisioning is the fact of letting the SIP Endpoints to pull the needed information (SIP credentials, contacts, buttons actions and more).

Usually, an IP telephone tries to pull the information using a file storage protocol like FTP, TFTP or HTTP. HTTP (or HTTPS) is the most common. I will talk about it because FusionPBX supports it out of the box, however, you are free to use whatever you want. This call depends on your IP phone brand.

fail2ban.png

IT Security is not a simple area. You need more than knowing how to configure a firewall rule. Indeed, in my opinion, you must have a depth knowledge of the network stack (TCP and ISO), details about the involved protocols (IP headers, HTTP headers, LDAP authentication just to mention some) and configuration details of the operative system, the involved software (knowing MariaDB options if you are doing database security) and any other theoretical concept about your environment. And this is only for the technical part.

If you want to go further, you should understand security concepts such as risk, vulnerability, exposure, control and others.

At this point, you can have a clear vision about what is the best doing in your strategy. With all this said, I will talk about a classic error when taking calls about implementing security controls.

A Firewall is not always the Solution of Everything

First, I must say for me a proxy is not considered a firewall. Some authors state that a proxy can be considered a layer 7 firewall. In this article, a firewall could be a Netscreen device, a Checkpoint or an IPTables in Linux. A proxy is something like Squid or even better a mod_security for Apache. The big difference is the layer where they operate. Firewalls work on layer 2, 3 and 4; the maximum control you can have by controlling the port. Some firewalls, like IPTables, try to work around this with the string module, where you can put some criteria based on the payload, but again, they don't understand the protocol, it is just a dummy machine hitting a blind condition. Proxies, on the other hand, they operate on layer 7; they fully understand the protocol. Squid is an excellent example. Squid can understand the HTTP protocol and you can create rules based on HTTP elements such as authenticated user, the path of the files, POST payload, cookies and many other things.