Notes on Security

In web operations, computer security deals mostly with protecting information and services from unintended or unauthorized access, change or destruction. Secure input and output handling, encrypted and firewalled network communication are essential.

How to make OCSP stapling on nginx work

Its a bit tricky to get OCSP stapling on nginx right. But with a little effort it is possible to reap the privacy, security and performance benefits.

Remember to mitigate brute-force SSH attacks

SSH is the ubiquitous way of working with networked computers. And it is beyond belief, how many people try to break into systems via ssh. You haven’t taken actions to turn ssh attacks into a game of diminishing returns? Its about time to change that.

Security enhanced nginx HTTPS server configuration

In the light of the latest Internet espionage and surveillance revelations, I started to investigate web server security more closely. As a result I came up with a slightly over the top setup that maximizes security and scores a solid A+ rating at SSL Lab