Archive for the ‘Security’ Category

The solution to the age old problem of locking SFTP users into their home directory is setting up a chroot environment. This normally requires that you copy the necessary binaries and libraries so that your jailed users can make use of the allowed tools for file transfer. As of OpenSSH 4.9p1, things have gotten a [...]

Thursday, March 29th, 2012 at 20:23 0 comments

In my prior post I made the case against a rotating password policy and suggested two-factor authentication as a password policy that worked. Two-factor authentication requires both a password that is memorized and an item you have to verify that you are who you say you are. Two-factor authentication doesn’t have to be expensive. In [...]

Wednesday, October 5th, 2011 at 10:08 3 comments

Policies that require users to change their password every couple of months do nothing to increase security. Instead, these policies say quite a bit about the technical philosophy and capabilities of the company or administrator(s) in charge. They say, “I’m a point-and-click administrator” and “I don’t understand security.” I’ll try to make the case that [...]

Friday, September 30th, 2011 at 12:07 2 comments