IT Support Small Medium Business

A packager could opt to sign a RPM package. If a RPM is signed, the RPM package would contain a digital signature ready to be used to verify the integrity and authenticity of the RPM package. To be effective, the signing should be done by a different user on a separate server and both the signing user account and the signing server are secure. Once such a RPM package is downloaded, you can verify its digital signature using the rpm command itself. The key itself may need to be verified with GnuPG or PGP command.
Read the rest of this entry »

As discussed in my earlier articles on how to secure wordpress server and other LAMP application servers (part I, part II), it is imperative to protect the big ‘L’ in the LAMP, the Linux host server itself. One main step is to restrict and secure access to the server. On a Linux server, OpenSSH (sometimes in couple with a VPN solution) is the most commonly vetted choice. It should be used in lieu of telnet and FTP.
The OpenSSH that comes with mainstream Linux distributions may not be as tailored as you want to afford maximum security you desired. This should not be much of a surprise, since any pre-packaged software needs to reach broader audience and wider range of use cases, plus the packager may not share the same information security principles as you and may assess the risks differently. Read the rest of this entry »

HTTPS alone doesn’t secure wordpress blog server or other web sites. HTTPS or SSL has been hyped enough by those leading SSL certificate providers, that many believe that a SSL certificate or HTTPS somehow secures a wordpress blog server or a regular web site. Well, the truth is, it doesn’t. Read the rest of this entry »