Archives for Security
How attackers can bypass CloudFlare
Also read CloudFlare and CORs Whitelisting Introduction To ensure that Origin Server denies all IPs except the CloudFlare IP (this will need to be AT the server level, not cloudlfare).…
Preventing CORS – Server Explicitly Sets CORS Headers for an HTTP Request versus CloudFlare
How a Server Explicitly Sets CORS Headers for an HTTP Request A server explicitly sets CORS headers by including them in the HTTP response to a cross-origin request. These headers…
CloudFlare and Server Side Whitelisting for CORS
Overview The CORs headers need to be set explicitly on the server. For some websites, CloudFlare can be used to control CORS header logic at the edge. Note that you…
Web Server Considerations for Hosting SSL Certificates
(Also read - SSL Certificate basics ) Ensure that your server is at least dual homed. Use a separate Network Interface for the Web Server (and associated SSL certificate). Use…
SSL or TLS – on Firewalls and Load Balancers – layer 5 or layer 6
For layer 7 firewalls, how does SSL / TLS exactly work? Since SSL lives in layer 6 (or 5) – but not 7, how does it even understand layer 7…
SSH versus VPN
Both are technologies for accessing remote resources using a secure channel. VPN Base Use Case Some of the business’s employees may travel and frequently need to access these resources from…
Dual Factor in ASP.NET and Azure AD
On-Premises Application – MFA as built-into the application To perform a multi-factor authentication for on premise applications, you need your application to redirect authentication to a service (MFA service) that…
Group Policy Preferences Security Hazards
Domain machines periodically reach out and authenticate to the Domain Controller utilizing the Domain credentials of the logged-in user (these can be, and often are, unprivileged accounts) and pull down…
Security certifications
CISSP or CCIE SECURITY? CISSP is an internationally recognized and accredited certification for IT security training, CCIE is a CISCO specific training – and though, several employers require CCIE, most…
kerberos versus SAML
Kerberos is primarily used over internal LANs to authenticate users. The question is – why isn’t it used as an external (public facing) auth mechanism? The REALM The answer –…