The Importance of Server Hardening – Part 2. Hardening the Server

(Editor’s note: this post was originally published in the Spanish version of Security Art Work on 4th July 2019)

Today we publish the second of three articles courtesy of Jorge Garcia on the importance of server bastioning. You can find the first one here: The importance of server hardening – I


All right, we have the mission of hosting an online commerce web application and offering it to the world on a server that we own. Our goal is to make it as impregnable as possible at all levels. Since it is a web application, it is foreseeable that the main attack entry vector is through vulnerabilities of the application itself. Really, let’s not fool ourselves, all CMS are sure candidates for severe vulnerabilities. The scheme of how the platform will be organized is the usual one in a virtual server:

Therefore, the issue is to choose a CMS with these premises:

  1. That it is actively developed and supported by a large community of developers or by a large company. This ensures that when a vulnerability is published, it is quickly corrected.
  2. That the installed CMS is the last available version of a branch that has support, and that it is expected to continue having it for quite some time. Do not forget that, since we do not have a development environment at home, updates or migrations mean a loss of service which in turn means potential loss of money.
  3. That it is compatible with the operating system of the server that we have. A consideration that is obvious but important.
  4. May the history of critical vulnerabilities be as low as possible. A CMS that is actively developed and has good support but that on average finds a critical vulnerability every week is not viable to maintain or safe to use.

[Read more…]

The Importance of Server Hardening – Part 1. Introduction and Types of Infrastructure

(Editor’s note: this post was originally published in the Spanish version of Security Art Work on 1st July 2019)

Today we publish the first of three articles courtesy of Jorge García on the importance of server hardening. Jorge introduces himself as follows: “Although I am officially a systems administrator and responsible for security in the company where I work, the truth is that my job is also my hobby. I am a big fan of geek computing, defensive security, deploying my own servers and any DIY process that poses new learning challenges as I fend for myself to solve problems. Evolution is my passion.”


All companies, regardless of the field in which they are developed, have, to a greater or lesser extent, an IT infrastructure of servers that store and process corporate information of vital importance to the business. The question that always assails me is: if this information is so important, why does experience tell us that it is so frequent that companies do not keep their servers, applications and equipment updated and properly hardened?

It is well known that a large part of companies do not take computer security seriously. Without going any further this report published three months ago indicates that 7 of the 10 most exploited vulnerabilities during 2018 were between 1 and 6 years old; or this other report that indicates that a large number of companies do not patch their systems quickly. This is because, companies think that they are not targeted by hiding behind the typical “my company is small and has nothing attractive to hackers” thinking, or because they do not have or do not consider it necessary to have staff resources and tools to keep the platform updated. Or at least they don’t do it until it’s too late, and that’s what I’m going to talk about in today’s post. It’s a true story. Let’s go with a little background.

[Read more…]

The State of VPN Security Today

Today’s post is authored by Christopher Nichols from SurfShark.com, who gives a quick insight of some of the main threats of surfing without protection in today’s Internet, and gives some valuable information on the advantages of, probably, the main countermeasure: Virtual Private Networks. Please enjoy.

No one should log onto the internet without the added protection of a virtual private network (VPN). Personal and financial information transmitted over the web needs protection against snoopers, hackers, and spies. Those snoopers also include the user’s own government as well as the internet services provider, who collects service fees as well as free information from their users. [Read more…]

EternalSilence: Why your router may be at risk from this NSA tool

Today’s article is courtesy of John Mason, co-founder of  TheBestVPN.com and writer at TripwireStaySafeOnline, DigitalGuardian y Educause. You can find him on twitter as @JohnCyberMason.

Do you trust your router to keep you safe from hackers and spies? You may want to take another look just to make sure.

Akamai recently discovered a malware campaign that has already compromised over 45,113 home and office routers. This was done using a tool based on the United States of America’s NSA hacking tools which were leaked online in 2017. To explain how hackers use this tool to turn your router into a proxy server, we first have to understand how UPnP works.

UPnP is a protocol that eases device and service discovery as well as the configuration of consumer devices and networks. Its primary purpose was to allow devices on a LAN to automatically expose services and functionality other devices on the local network.

[Read more…]

Registration for the RHME2 embedded CTF is open

The RHME2 is an embedded CTF running on the Arduino Nano board. The participants have to prove their skills both on software and hardware exploitation. Buffer overflows, ROP, C++ exploitation, cryptoanalysis, side channel analysis, fault injection… and all these in an AVR architecture!

The pre-registration for the 2nd edition of the RHME challenge is open now. Pre-register now and get your Arduino Nano with the challenges. The boards will be sent for free at the end of October and the CTF will officially start on November 1st. There is a limit of 500 boards and the first to come, the first to ship!
More information at http://rhme.riscure.com

Buster Sandbox Analyzer

(Today we have an interesting collaboration of Pedro Lopez, who describes Buster Sandbox Analyzer tool for those who do not already know it and invites anyone interested to collaborate with its development)

Buster Sandbox Analyzer is a tool designed to analyze the suspicious behavior of applications, ie those actions carried out typically by malware. Some examples of typical actions performed by malware are making a copy of itself elsewhere on the hard drive, modifying registry keys or adding files in the Windows installation directory among others.

However, when identifying an action as “dangerous”, the question is that some of the actions considered as suspicious are also usually performed by legitimate applications. It is thus very important to consider the overall context of the analyzed application: is it reasonable that the application we tested perform these actions?

[Read more…]