Technology Solutions for Everyday Folks

Tagged with 'security'

Reinstalling reCAPTCHA

In the last post I wrote about finally cutting off the comments feature due to an abundance of spam.

For about two days, this was successful...

Read More

Cleaning Up Old Mistakes Part Deux: Leveraging Includes

This post is the second of a two-part miniseries identifying and correcting old mistakes. Part one discusses cleaning up Git repos based on permissions faux pas.

Today's atonement for old mistakes: Using centralized/standard "includes" for path variables and eliminating passwords from committed code.

Read More

Implementing DMARC: Adjusting SPF Records

It's been a couple of months since I last wrote about implementing DMARC and what comes next (review and adjustment). So I figured this would be a good time to document a few changes I've made based on the reporting data received so far.

Read More

My Incremental Certbot Panacea

I've written about Certbot more than any other topic in the last 24 months or so, in part because it's been an interesting adventure for me both in helping to demystify SSL certificates, but also because it's been an evolving and incremental process to Make It Better. The first post I'd written in February of 2019 talked about using a web service to generate a Let's Encrypt certificate...good for 90 days...for free.

Read More

Implementing DMARC for Active Domains: Policy & Review

This is the second post in a two-part series to implement DMARC controls for actively-used domains, where this post focuses on creating and reviewing/adjusting your DMARC policy and controls. Part one reviewed proper DMARC prerequisites and contains information you will need to have in place before creating your DMARC policy.

Read More

Implementing DMARC for Active Domains: Configuring Prerequisites

As a follow-up from my previous post about implementing DMARC controls for unused/alias domains (those not used for actively sending messages), I wanted to write a bit about how to implement basic DMARC controls for those domains actively used to send emails.

Read More

Implementing DMARC on Alias Domains

A few weeks ago I crossed a tweet with some simple instructions for securing your "unused" email domains, specifically the few bits required to implement DMARC controls to prevent Bad Folks from using your domains to send spam emails. The short thread led to an awesome reference by the UK Government on the same process.

Read More

Automating Certbot: A Recap of My Journey

Long winding road

Over the last two months, I've shared what amounts to a four-part "series" of posts walking through my journey of using Certbot for SSL certificate management, with the primary challenge being not having the traditional root-level access on the web server. Those posts are, in order:

Read More

Certbot in Manual Mode with Script Hooks

If you've been following along in the mini series, I've gone over the details of using Certbot in manual mode, then bolting some simple scripts together to improve the process of generating and managing certs, all done with a bit of magic thanks to our old friend key authenti

Read More

Improving Manual Certbot Domain Validation

In my second post about using Certbot in manual mode, I address some of the 'pain points' from the first post: namely the process of scripting together some of the bits to create/renew a certificate and otherwise requiring fewer individual commands be entered (or remembered).

Read More

Moving to Certbot with Let's Encrypt

This is the first post in a short series of posts about automating what one can in an environment that might not support full-automation with Certbot and Let's Encrypt. Technically it's the second post as the first was geared toward setting up key authentication between systems, something that's leveraged significantly in this series.

Read More

Setting Up Key Authentication

Hands playing with a set of keys on a ring.

While I was preparing to write an upcoming post about moving directly to certbot from SSLForFree now that they've merged with ZeroSSL, I realized that I'd not actually ever written a post about one of the components I use all the time, including for my new certbot process: public key authentication.

Read More

Let's Expand Encryption!

Gif of lock tumbler mechanism

This weekend I performed the quarterly actions to update my various letsencrypt certificates, which I've not written about since early May when I'd performed the first set of renewals. Let's Encrypt and SSL For Free are still outstanding services, and I'm super happy with them!

Read More

MMS: Drinking From the Fire Hose

Drinking from the fire hose

I spent last week at MMSMOA, a conference I cannot recommend enough for anyone working in the Microsoft/Windows/Systems Management space. The main event, held at the Radisson Blu Mall of America, is a solid four-and-a-half days of deep technical material, networking, sharing, and more!

Read More

Hey, Let's Re-Encrypt!

HTTP vs. HTTPS

The time has come...to renew some Let's Encrypt SSL certificates! Doesn't seem like 90 days has passed since I originally wrote about trying out Let's Encrypt as a service to generate free, trusted SSL certificates with a limited lifespan (90 days versus the more commercially-focused 1-3 years).

Read More

Hey, Let's Encrypt!

As I'd mentioned in the past, one of the key reasons for changing up my personal hosting plan was to support Let's Encrypt, the free and open Certificate Authority. In 2019, there is absolutely no need for a regular old website or service to pay some exorbitant rate for an SSL certificate. The premium options (extended validation and such) are an entirely different arena--think banking and other services--but those are out of scope for everyday Joe.

Read More