I have a secure and private aws ec2 environment but I need to do some backups of mongodb, postgresql, so I have a separate ec2 instance for doing backup and occasionally allow 80 and 443 to allow install/update software on backup instance.
I use shell scripts to do backup job, it requires hardcoded password or credentials in scripts, I don’t feel it secure enough to have all credentials saved into one place — backup instance.
How to secure backup instance to avoid saving passwords/credentials in plain text, I also want to avoid saving passwords/credentials in memory or temporary files?
Is there some sort of rule to determine how large a hash should be to ensure the security (meaning exactly one message maps to a given hash) of a message? Something that can be applied to any message, such as a 32-bit number or an 8-letter ASCII password.
I own an ecommerce platform that sells large (500 megabyte+) ebooks. To reduce server costs I am looking at hosting the ebooks on S3 and using Sendowl/ FetchApp to create the links to the downloads.
My understanding is that “customer buys ebook” -> “customer receives signed url (i.e.
example.com/ksljfasdkfj)” -> signed URL goes to actual s3 file (i.e.
Assuming that the middleman I use to sign the domain works correctly, and my bucket file has the correct security settings, is this secure? What is keeping someone from just brute-forcing the file system to find other files or use the link after it expires? My nightmare would be a security hole wherein someone could access all the documents.
I have noticed my network security sucks so i am working on fixing it i have some of the basic stuff down like constant OS/software patching using antivirus software and enabling/monitoring the default firewall ( I am looking more into firewall administration and log reading ).
I am also making sure to limit directory/file permissions and to only use normal user accounts. I also am changing passwords to something random every month. For unknown applications and web browsing i am using a virtual machine that i restore from a clean snapshot every time i need to use it. I also enforce signature checking from a virtual machine before downloading applications onto my host system and whenever i suspect a intrusion i perform a complete OS re installation combined with a flash of the BIOS. I check for BIOS firmware updates on a regular basis and apply them when they are available. I am using ProtonVPN as my VPN provider and Cloudfare as my DNS provider. I have in place full disk encryption on all of my machines with a password that is changed every month. My routers firmware is kept up to date and i have a password setup for the WIFI ( Read below for why this a problem ). I have changed the default router username/password and have disabled remote administration and am looking into forcing HTTPS connections for connecting to the router i am also starting to learn how to read connection logs for the router. I monitor the devices that are connected to the network using the web interface for the router. My desktops/laptops also undergo physical inspection of the hardware i take inventory of the installed hardware and check the list every time i look at the hardware this list includes a physical copy and photos of the hardware i also use USB white listing for these systems. I also am starting to monitor network traffic looking for known c&c addresses/unknown domains suspicious websites and signs of data stealing.
My questions are is there anything else i can do in regards to hardware security? and what threats should i try to protect against on my network? Also i have read about routers compromising systems on the network using drive by download attacks and DNS hijacking i am monitoring the DNS configuration of the router and that of the hosts on the network but how do i detect/prevent drive by downloads from my router? Also any other operating system hardening/router hardening advice that comes to mind is also appreciated. This brings me to my last question how do i get started in threat hunting/looking for malware/attackers on my network.
Problems: I control my network however family/friends come over and i have to give them the WIFI password and they could possibly give it to there friends this has occurred in the past so there is no point in changing the WIFI password because people will just get it again so how do i help re-mediate this? Also any other basic network security advice you could provide would be helpful
I have recently lost a U drive, which contained some important information. Fortunately, it was protected by Bitlocker. I felt the compulse to ask exactly how secure it is. Most answers on this site related to Bitlocker seem to be about built-in storage on a computer. This answer says there was a possible cold boot hack. Is it more secure to protect a U drive with Bitlocker, since you cannot use that kind of hack on a U drive? Also, that answer is 6 years old. There must have been some new developments. With the current technology that Bitlocker uses, do I need to worry that the information on my U drive could be decrypted?
As Google mentions itself in the documentation,
the HTTP functions in Cloud Functions have no authentication and are not secure. HTTP functions are unprotected and will respond to any HTTP request, which means anybody on the internet could start and stop your Compute Engine instances.
What is the real use of such HTTP functions then? Why they are available at all?
I am using a public WIFI network before work how do i keep my devices secure on this network? I am looking to prevent a attacker using a packet sniffer to grab my data and i am looking to prevent malware from infecting my devices.
I am going to start a business but don’t want any of my business tools and work being able to get through to my home network. https://www.amazon.com/GL-iNet-GL-AR750-300Mbps-pre-Installed-Included/dp/B07712LKJM?ref_=fsclp_pl_dp_1 Is that a good enough OpenWRT to ensure that no malware can get to my main network
How secure is a 4 digit numbers only captcha?
How many tries will take to be able to bruteforce that captcha?