WoTT Security Blog Musings, thoughts, ideas, releases on security
tutorialsopen-source How to Securely Configure MongoDB By Mahmoud Fahmy on November 24, 2019 How to Securely Configure MongoDB Required Skill Level: Intermediate Reading Time: 15-20 Minutes Introduction MongoDB is a NoSQL, document database that is widely used by companies and individuals. Its popularity and support makes it a contender for one of the best options for database needs. Unfortunately, its popularity makes it a target... Continue reading
How to Do a CVE Scan of Your Linux System By Al Esmail on November 04, 2019 Introduction Common Vulnerabilities and Exposures (CVE) is a list of publicly known cybersecurity vulnerabilities. Each vulnerability is given a unique CVE number by which it can be identified and referenced. The list can be easily accessed for free online, but wouldn’t it be nice to be automatically notified when you are affected... Continue reading
How to Audit OpenSSH Configuration and Secure It By Mahmoud Fahmy on October 25, 2019 Introduction Required Skill Level: Beginner to Medium Reading Time: 15-20 Minutes In this post, we will review the fundamentals of a secure OpenSSH server. As you probably know the SSH (Secure Shell) is a method to remote login to a server. SSH is usually secure however if used with the default settings,... Continue reading
What is SELinux and Why You Might Want It By Fiona McAllister on October 15, 2019 Introduction Today we’re going to talk about SELinux - Security Enhanced Linux. For the everyday layman SELinux maybe daunting to setup, but is a good introduction into different ways to manage access control to your systems. More and more we give companies our precious data and the onus should be placed on... Continue reading
The significance of mTLS and why you should care about it By Fiona McAllister on September 09, 2019 Introduction Note there are some tutorials within this article. These vary in difficulty. All require a linux distribution to be compatible with our agent. Cybersecurity is an ever-growing, ever-complicating field. As a new developer, it can be daunting to think of where to start. Here we’re going to talk a little about... Continue reading
Using WoTT to Secure a Paho MQTT Client By Fiona McAllister on July 19, 2019 Using WoTT to Secure a Connection from a Paho MQTT Client to an MQTT Server (Mosquitto MQTT Example included) Introduction In a previous example we discussed how to secure connections between an Mosquitto MQTT broker and the Mosquitto client. In that there are several different brokers for an MQTT brokers, there are... Continue reading
Connecting Edge IoT devices with Kubernetes By Viktor Petersson on July 18, 2019 Bridging Edge IoT devices with Kubernetes Required Skill Level: Medium to Expert In my last blog post, we covered how to configure Nginx to use Mutual TLS (mTLS). This illustrated how mTLS can both simplify the back-end, while also make it more secure. In this article, we will take this one step... Continue reading
Using WoTT to Secure Access to a Mosquitto MQTT Server By Fiona McAllister on July 15, 2019 Using WoTT to Cryptographically Secure Access Between a Mosquitto Brokered MQTT Client and Server Introduction Mosquitto is a lightweight message broker for MQTT. MQTT itself is a pub-sub messaging protocol that is particularly popular amongst IoT applications due to its optimisation for high-latency networks. Together, they are effective for IoT usage being... Continue reading
Configuring Nginx with client certificate authentication (mTLS) By Viktor Petersson on July 15, 2019 Configuring Nginx with client certificate authentication (mTLS) Required Skill Level: Medium to Expert Time to complete: 15-20 min In this post we will walk through how to configure Nginx to support mutual TLS to authenticate a client request in 3 steps: Install certificate on client Set up a server Whitelist client One... Continue reading
Using WoTT credentials to manage access to Adafruit IO feeds By Fiona McAllister on June 27, 2019 Using Adafruit IO with WoTT Credentials Introduction Adafruit IO is a free cloud service interested in making IoT accessible to everyone through presenting data in a useful and user-friendly way. Services that they provide include linking your IoT devices to Twitter and weather services. You can also use Adafruit IO to monitor... Continue reading
Subscribe to our newsletter