strongSwan is a complete IPsec solution. It can be used to secure the communication between your servers and clients by authentication and encryption.
Continue reading strongSwan IPsec VPN IKEv2 with ChromeOS clientTag: encryption
Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]
OpenSSH usually comes with a default configuration which provides high compatibility. So even old clients can still connect. However, this compatibility comes at a price because some of the ciphers / algorithms used may be open to vulnerabilities. If you want to strengthen the encryption and get an overview about known vulnarabilities with your OpenSSH Server or Client configuration, ssh-audit is for you.
Continue reading Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]Encrypting existing volumes in ZFS using zfs send and zfs recv
Let’s say you want to encrypt your previously not encrypted data – in my example a ZFS pool. A good way to do so is to simply use zfs send and zfs receive. These commands can be used to transfer ZFS data streams. The procedure is pretty simple. Create a snapshot, transfer this snapshot using zfs send and receive it using zfs receive.
Continue reading Encrypting existing volumes in ZFS using zfs send and zfs recvEncryption of ZFS volumes using a remote / external key-system written in PHP
I thought a long time about what security benefits I have if I store the encryption key of a volume on the same system (locally). Let me share some of these thoughts with you. Then I’ll show you my approach using a self-written key-system in PHP (using RedBeanPHP and Sqlite) and finally I’ll show you how to use this with ZFS.
Continue reading Encryption of ZFS volumes using a remote / external key-system written in PHP