This might sound like an odd question but I travel a lot and therefore sometimes I need to connect to public networks.
Now, testing my code changes in localhost isn't secure and I am unable to set up a htttps connection or ssl certificates at the moment. The best thing I can do is to use a VPNextension. Does anyone have an alternative to this? For example some kind of plugin in VS code that allows you to test locally without using an internet connection?
Any help would be appreciated
Thank you!
Related
Is ngrok a safe tool to use? I was reading a tutorial which recommended to use ngrok test API responses that I make to outside services that need to connect to my endpoints also.
There is no source code available for Version 2.0, considering it started as an open source project in 2014. I am suspect of any code that opens a tunnel to my localhost from the cloud. Pretty scary stuff especially without source code!
It opens up a tunnel to your dev machine, which is partially secured by obscurity (a hard to guess subdomain), and can be further secured by requiring a password. But you're still opening yourself up to ngrok itself, and the company is completely opaque (no address, no employees, no business name, no LinkedIn presence; all I can find is that it has 1-10 employees and is private; not even sure what country its based in). On top of that the code is not open-sourced. No reason to think they're not legit, but not a lot of information available to build trust.
You may be able to use ngrok and other local tunnel services with more security by encrypting the traffic. See https://security.stackexchange.com/questions/177280/end-to-end-encryption-for-localtunnel-ngrok-setup/177357#177357 for more information.
I found good rating, but vacuous information here:
http://www.scamadviser.com/is-ngrok.com-a-fake-site.html
The kicker for me is
https://developer.atlassian.com/blog/2015/05/secure-localhost-tunnels-with-ngrok/
where the Atlassian folks recommend it highly.
I think I am going to use it.
If anyone is concerning compromising their development environment, you can use Docker. There are many ngrok/docker projects but here is the one I chose: https://github.com/gtriggiano/ngrok-tunnel
for macOS, use "TARGET_HOST=docker.for.mac.localhost"
They now offer a service where you locally run only ssh, no need to run any of their code on your machine.
You run something like ssh -R 80:localhost:8501 tunnel.us.ngrok.com http. This connects to one of their hosts and forwards connections they receive back to your machine and the service you run on localhost:8501.
This seems secure to me, the only thing is that you don't know what information they collect and who is connecting to your exposed service. They print all connections, but it's their binary that does this and someone might well listen in without you noticing. You can check connections on your end, but you cannot be sure who it is that connects.
Ngrok is a convenient and highly secure utility for creating tunnels to locally hosted applications via a reverse proxy. This is a utility for publishing locally hosted applications on the web. style="letter-spacing: 0px;">Simply put, any locally hosted application provides a publicly accessible web URL to the . H. Either a Spring Boot or Nodejs based web application, or a webhook for a chat application, etc.
Few questions in one. I'm a mobile developer, and as a pet project I've set up a small server (on a raspberry pi) that I use as my backend development sever
I think I have set up the server fairly securely and have avoid the common blunders.
The problem is when it comes to security I'm completely neurotic, not because I have something to hide, but because I don't want to be victim of my own naivety / stupidity.
Currently I check my apache2 logs daily to find out what traffic (bar my own) has hit the server. Every day there seems to be between 4-5 hits from random ip's looking for directories that dont exist. Am I correct in assuming there are servers that randomly trawl through ip's searching for known weaknesses in sever software?
My main question is, is there a way for me to log every hit to the server in an sql database? That way I can see if somebody is really trying to get in by querying the number of hits from that ip without trawling through the logs manually.
Secondly, anybody got any more obscure security tips / things I should do on a daily basis?
Thanks for your time!
Edit: - Also, are their any good automatic penetration tools out there that can tell me if I have any vulnerability?
Am I correct in assuming there are servers that randomly trawl through ip's searching for known weaknesses in sever software?
Yes.
My main question is, is there a way for me to log every hit to the server in an sql database?
You could use mod_log_sql: http://www.outoforder.cc/projects/apache/mod_log_sql/
anybody got any more obscure security tips / things I should do on a daily basis?
you could setup a firewall, use port knocking, expose services only locally and connect via VPN, ...
I am new to quickbuild.
The company has a quickbuild server installed in-house.
I need to run some workflows directly on the cloud. So I installed an agent. but I could not get the server to recognize the agent. I assume the following:
the communication's direction is from agent to server. The agent registers itself in the server because I cannot find a way to tell the server where the agent is, but I can define the server's location in the agent.
the company's firewall blocks communication from agent to server.
So my question is how do I make it work? I am investigating several paths to resolve this and would appreciate someone with experience to help me advance on the issue.
Here are the solutions I thought about and their problems:
Is there a configuration that I can tell the server where the agent is and so the communication is from the server to agent and then I won't experience firewall issues? I tried looking for it, but couldn't find such configuration. If there is a way to do this, how can I prevent others to use this agent?
To convince the IT team to remove firewall restrictions to quickbuild, I must provide some sort of a secured method for this. For example - give the agent a secret key which is defined in the server. kinda like when you want an application to use your google account - so you go to security and get a one-time key. Is there anything similar in quickbuild?
The quickbuild server is a crucial part of our development cycle, and we cannot replace it with other solutions such as Travis CI, so please don't suggest that. Thanks.
We are using quickbuild 4.
Thanks.
We have a need to manage our DNS records (add/update) remotely using C#... I know of and have written/implemented a solution using WMI but the problem is that WMI can be painfully slow.
I have come across the DNS Provider API used by the Microsoft Provisioning Framework. Having searched some more though, it seems as if this framework has been retired.
So, does anyone out there know if it's possible to manage a Microsoft DNS without using WMI? As of yet, my only other alternative is to write a TCP server that manipulates the DNS files directly or executes the WMI calls locally on the machine (which seems to operate much faster).
Thanks, J
Well, doesn't seem like anyone had any answers or suggestions so I had to get a little creative... After a lot of consideration and a very strong desire NOT to write my own TCP server for this purpose I fell upon another, equally acceptable solution: web services.
The biggest problem we've experienced with WMI is only when making calls from a remote network (remote machines on the same LAN seem to operate fine) so really I just needed some framework to use as a proxy for the WMI calls. So I ended up writing a simple web service and things are working great; no having to worry about custom threading on an in-house TCP server or encrypting packets thanks to SSL.
Hope this helps anyone having the same problem!
J
I cant seem to get IE6 and IE7 running alongside each other on my Windows Server 2003 VPC.
I have tried both: http://browsers.evolt.org/?ie/32bit/standalone
and: http://tredosoft.com/Multiple_IE , and yes, I tried putting the Wininet.dll in my standalone path.
The browser works, but cookies does not! Any help would be greatly appreciated.
Also, I am aware of the VPC Microsoft has supplied, but i am trying to avoid that solution as well, since I am developing on another VPC (and this is not something thats about to change, one reason being that these VPCs are time-limited), and I would like to keep the benefits of developing on the same machine I am testing on, ie: I dont want to redeploy my entire solution every time I want to check my updates.
All of those methods are hacks and not guaranteed to work. You may be missing things in your testing due to unknown side-effects. Why not just use the VPC as explained in this article: IE6 and IE7 Running on a Single Machine.