RSA 2048? Do not use anymore

RSA 3072-bit vs ECC Certificates What’s Happening The Problem with RSA 3072 The Better Solution: ECC P-256 Security Equivalence Recommendation ✅ Use ECC P-256 for new deployments ⚠️ Use RSA 3072 only if: Bottom Line ECC P-256 gives you the same security as RSA 3072 with significantly better performance. Unless you have specific legacy requirements,...
general

HTTPS Certificate Validation: Overview

When you visit a secure website (HTTPS), your browser needs to verify that the website’s security certificate is legitimate and hasn’t been compromised. This is like checking if an ID card is still valid and hasn’t been reported stolen. There are three main methods websites use to prove their certificates are trustworthy: Why This Matters...
general

Install SafeLine WAF on Hetzner VPS even faster with cloud-init script on Debian 12

As you know my servers are hosted at hetzner.de – use this Link to get a 20€ start credit for your first servers. Now we will install a new virtual server with preparations for SafeLine WAF on Hetzner server. Preparations Select Debian 12 as your system! Follow the steps in the Article How to install...
debian deployment deployment - linux http linux tls waf

What is a Web Application Firewall (WAF)

What is a WAF A Web Application Firewall (WAF) is a security tool that monitors, filters, and blocks HTTP/HTTPS traffic between web applications and the internet. It acts as a protective barrier specifically designed to defend web applications from various cyber attacks. When should I use a WAF – is it something I should use?...
http tls waf

m365 get all forwarding rules

# Temporarily set the execution policy to bypass for this session Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force # Check for the ExchangeOnlineManagement module and update or install as necessary $module = Get-Module -Name ExchangeOnlineManagement -ListAvailable if ($module -ne $null) { # Module is installed, attempt to update it Write-Host "ExchangeOnlineManagement module is installed. Checking for...
general

IIS disable old protocols

# Requires administrative privileges # Disable SSL 2.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable SSL 3.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable TLS 1.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable TLS 1.1 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Name...
general

silent install silnite9

This is the silent installation for the silnite9 installer found at https://eclecticlight.co/downloads/ run the binary to get information on the current state of updates: Here is the zip file just in case the original is not available anymore: Download Just in case you wonder:Here is the explanation on “Why is my Mac’s Gatekeeper data so...
apple deployment - apple

silent install smartmontools on mac

#!/bin/bash set -x # Define variables SMART_PATH="/usr/local/sbin" SMARTCTL_PATH="$SMART_PATH/smartctl" SMARTUPDATEDB_PATH="$SMART_PATH/update-smart-drivedb" VERSION="7.4-1" BASE_URL="https://sourceforge.net/projects/smartmontools/files/smartmontools/7.4" DMG_FILE="smartmontools-${VERSION}.dmg" MD5_FILE="smartmontools-${VERSION}.dmg.md5" ASC_FILE="smartmontools-${VERSION}.dmg.asc" GPG_KEY="0C9577FD2C4CFCB4B9A599640A30812EFF3AEFF5" KEYSERVER="hkps://keys.openpgp.org" KEY_URL="https://www.smartmontools.org/browser/trunk/www/SmartmontoolsSigningKey_2021.txt?format=txt" KEY_DIR=$(dirname "$0") GPG_KEYFILE="$KEY_DIR/smartmontools_key.txt" DRIVE_DB="https://svn.code.sf.net/p/smartmontools/code/branches/RELEASE_7_3_DRIVEDB/smartmontools/drivedb.h" # Ensure running as root if [ "$(whoami)" != "root" ]; then echo "Error: This script must be run with superuser privileges." exit 1 fi # Check if smartmontools is already installed if command...
apple deployment - apple

install silnite7

This is the silent installation for the silnite7 installer found at https://eclecticlight.co/downloads/ run the binary to get information on the current state of updates: Here is the zip file just in case the original is not available anymore: Download Just in case you wonder:Here is the explanation on “Why is my Mac’s Gatekeeper data so...
apple deployment - apple

scan using mrt

@echo off @echo Start: %date% %time% echo This is a scan using Malicious Software Removal Tool echo see %windir%\debug\mrt.log for details of the scan REM use Start /wait Mrt.exe /Q /F for an extended scan -- this takes quite long on bigger systems Start /wait Mrt.exe /Q If errorlevel 0 goto error0 If errorlevel 1...
bat windows

iptables – DNAT for Veeam-backup

When you have an internal Veeam-backup-server and you want to backup external linux-servers you need to create a destination NAT on the linux-server. Remember to add that line after every reboot if you do not save/restore iptables-rules during boot. You can choose the line with port-definition or just translate everything. Replace 127.0.0.1 with your external...
backup deployment - linux general

deploy – eset

echo offsetlocal ENABLEDELAYEDEXPANSIONif exist "C:\Program Files\ESET\ESET Security\ekrn.exe" (GOTO IS_INSTALLED) else (GOTO INSTALL)GOTO INSTALL :IS_INSTALLEDecho is installedeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 208 /D "%~0 -- eset is already installed"GOTO DONE :INSTALLecho installing softwareeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 404 /D "%~0 -- eset is not installed -- installing now…" if not...
bat deployment - windows general