Thoughts & Ideas

Our Blog

This server is running Apache and forces all HTTP connection to redirect to HTTPS. SSL is rated A+ by Qualys SSL Labs having implemented HTTP Strict Transport Security (HSTS) and DNS Certification Authority Authorization (CAA) Policy. Some virtual hosts are reverse proxy to Tomcat, Node.js, and Web2Py. SSL Certficates are provided by Let's Encrypt and renewals are automated using certbot.

July 5, 2018 08:45

Minimum Features When Building a Mail Server

Our mail server has a corresponding Reverse DNS. Bind is replicated via AXFR to BuddyNS. Plain SMTP does not allow relaying and has a rate limiter using fail2ban. Authentication via SMTP Submission for Postfix and IMAPS using Dovecot.

It is equipped with additional security features like SPF, DKIM and RBL. It is protected against Directory Harvest Attack (DHA).

It is also not enough that you are running SSL. Not all protocols and ciphers are equal. We only enabled the Strongest ones. Use this command to check your ciphers and their strength. nmap --script=ssl-enum-ciphers <target>

There is also a new way to limit issuing authority to issue certificates for your domain. So if you are using Let's Encrypt, you need to add these lines to your DNS server:

yourdomain.com. IN CAA 128 issue "letsencrypt.org"
yourdomain.com. IN CAA 128 issuewild ";"
yourdomain.com. IN CAA 128 iodef "mailto:user@yourdomain.com"
sub.yourdomain.com. IN CAA 128 issue "letsencrypt.org"

Here 128 means maximum enforcement issuewild ";" means don't authorize anyone to issue wildcards and iodef means send any issues or violations to this email. You also need to do that for every subdomain you need.

Joebert Jacaba Joebert Jacaba

August 26, 2018 15:53

What is Your Industry?

An owner of one of the largest bank in the country have said that his company is a technology company with financial-domain expertise. The board laughed at him in secret. Today, his bank is leading in embracing technology and proves that his vision is a requirement for companies to survive. Indeed, to be a competitive company today one must fully adopt technology and maximize it to the fullest to gain advantage over your competitor.

Joebert Jacaba Joebert Jacaba

August 26, 2018 16:08

Service Reliability Hierarchy

Monitoring is the foundation of Service Reliability. Without it you will be working blind. Only at the time when users complain that you will know there is a problem. The objective of monitoring is to know a problem will occur before the users find out. This way you will have time for decision-making on how to attack the impending incident.

Joebert Jacaba Joebert Jacaba

About website's technology

Applied Enterprise Security

This server is running Apache and forces all HTTP connection to redirect to HTTPS. SSL is rated A+ by Qualys SSL Labs having implemented HTTP Strict Transport Security (HSTS) and DNS Certification Authority Authorization (CAA) Policy. Some virtual hosts are reverse proxy to Tomcat, Node.js, and Web2Py. SSL Certficates are provided by Let's Encrypt and renewals are automated using certbot.