Technic Blog

Technik BlogWhat our employees have to say

No one knows as much as all of us ...

19. April 2018 Tanja Schraffl

Make websites faster

Finding the root causes of website performance problems is a complex and time-consuming task. The analysis is very complex, as a number of factors influence the load time of a website on the route from the server to the user.

Use this Page Speed Monitoring to analyze the load speed of your websites to optimize them.

Read More

TAGS: Monitoring, Page Speed

30. March 2018 Maximilian Fruth

Domain Message Authentication

Email phishing was one of the main reasons why a group of leading organizations developed the Domain-based Message Authentication Reporting Conformance (DMARC) method. DMARC integrates the previously developed methods SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) and adds a Policy how the recipient should handle unauthenticated emails. DMARC also offers reporting functions that support the analysis of implementation problems.

For large companies with an extensive email infrastructure, implementing a DMARC policy is not without pitfalls. We show you the way to a successful implementation.

Read More

TAGS: IT-Security, Email, DMARC

30. November 2017 Maximilian Fruth

Disaster recovery strategies for MySQL database systems

xtrabackup or just mysqldump? One of many decisions that are important in choosing a backup and disaster recovery strategy. But above all, it is important to define objectives. How long can the recovery take (RTO) and how much data loss is tolerable (RPO). Important decision parameters that have a major influence on the definition of the backup scheme and the selection of backup tools.

A well-planned and proven backup and recovery system can make the difference between a small failure and a serious threat to an organization.

Read More

TAGS: MySQL DB, Backup, Disaster Recovery

21. July 2017 Maximilian Fruth

Egress Traffic Filter and FQDN in Firewall ACLs

Companies are better served when firewall administrators are equally concerned with threats that are associated with outbound connections. You should be aware that data theft often results from software vulnerabilities or configuration errors. Irrespective of the cause, data piracy is a threat you can’t mitigate without egress traffic enforcement.

Egress filtering prevents you from sending unwanted traffic out to the Internet.

Read More

TAGS: IT-Security, Firewall Policy, FQDN ACLs

04. Mai 2017 Tobias Maier

HTTP Security Extensions - HTTP Strict Transport Security (HSTS)

More and more website owners have already decided to offer their content exclusively via secure connections. HSTS gives the operators of websites the opportunity to set their policy for the web clients.

In the first part of our HTTP Security Extensions series we introduce HSTS and explain which risks can be reduced by this mechanism.

Read More (German)

TAGS: HSTS, HTTPS, SSL-Stripping, MITM, Man-in-the-middle, Preload-Liste

05. April 2017 Dr. Wolfgang Gehrke

Ansible - Basis für automatisierte Konfigurationsprozesse

The open-source software Ansible can support configuration management. However, automated configuration processes require considerably more than the controlled execution of configuration scripts. Without a comprehensive framework, Ansible is not recommended for larger infrastructures.

This blog describes the enhancements required for productive use of Ansible.

Read More (German)

TAGS: IT-Automation, Konfigurationsmanagement, Playbook, Versionierung

28. April 2017 Maximilian Fruth

DNSSEC - DNS Security Part III

A security flaw of the DNS is that the data is transfered unencrypted and via simple UDP datagrams. This vulnerability is inherent in the system, i.e. the authors and developers of the DNS protocol focused primarily on the performance, scalability and reliability of the systems. Can DNSSEC fix this vulnerability?

In the third DNSSEC blog we evaluate whether this technology is an effective security control for protecting DNS services.

Read More (German)

TAGS: IT-Security, DNSSEC, Security Control, Risikomanagement

15. März 2017 Stefan Lauer

DNSSEC - DNS Security Part II

DNSSEC is based on an asymmetric cryptographic algorithm. Each individual record of the zone definition is signed using a private key. DNS clients can validate this signature with the public key to verify authenticity and integrity.

In this blog post we explain how domains can be secured with DNSSEC and what to consider.

Read More (German)

TAGS: IT-Security, DNSSEC, Chain of Trust, Key Signing Key, Zone Signing Key, Domain Nameserver

02. März 2017 Maximilian Fruth, Dr. Wolfgang Gehrke

DNSSEC - DNS Security Part I

A consistently configured DNSSEC reduces the risk of DNS spoofing. In DNS cache poisoning, an attacker attempts to inject fake information into the resolver cache during name resolution.

In the first part of our DNSSEC series, we show different threat scenarios in domain resolving and explain how the risk can be reduced by DNSSEC.

Read More (German)

TAGS: IT-Security, DNSSEC, Domain Resolving, DNS Threats, DNS Injection, DNS Cache Poisoning