Security

There is a cool feature in docker called userns-remap, discovered while doing my RaspberryPi home server project; 15#issuecomment-1296311979, I can just enable userns-remap and docker does all remapping of uid and gid inside docker container to a non-root user on the host. https://docs.docker.com/engine/security/userns-remap/ How to enable *It is better to reinstall docker and remove all existing docker volumes Add below /etc/docker/daemon.json { "userns-remap": "default" } Restart the docker daemon $ sudo systemctl restart docker Ansible automation here In-Action # Run the Nginx container $ docker run -it -d nginx # Inside, the process thinks it is running as root! veerendra@atom:~$ docker exec -it nginx whoami root # But outside(on host namespace), the process running it as non-root user veerendra@atom:~$ ps aux | grep nginx 165536 350093 0.0 0.0 6320 4688 ? Ss 03:21 0:00 nginx: master process nginx -g daemon off; 165637 350208 0.0 0.0 6788 4288 ? S 03:21 0:01 nginx: worker process 165637 350209 0.0 0.0 6784 4284 ? S 03:21 0:00 nginx: worker process 165637 350210 0.0 0.0 6784 4284 ? S 03:21 0:01 nginx: worker process 165637 350212 0.0 0.0 6784 4284 ? S 03:21 0:01 nginx: worker process veerend+ 937492 0.0 0.0 6420 1844 pts/0 S+ 16:22 0:00 grep --color=auto nginx As you can see I have not specified any user while deploying the container, but the user inside the container is isolated i.e remapped to a non-root user(uid:165637, gid:165637) on the host ...

We think that connecting to a website over HTTPS is secure, which is true(not true sometimes!), but what about DNS queries that you(browser) send? Sure if we use HTTPS, all your (POST or GET) data is encrypted end-to-end which prevents eavesdropping, MITM attack and have Confidentiality, but again what about DNS queries? I got this question back a while ago, so after a quick Internet search, I found DNSCrypt protocol which is cool because I can encrypt DNS queries. ...

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point. -Wikipedia As you can see, this type of attack is pretty powerful and difficult to detect who is attacking. There are some tools(like “aircrack-ng”) for this attack(You can check the commands here). So, basically the concept is the attacker broadcasts a wifi management “Deauthentication” frame to the victim’s devices/PC to tell them to deauthenticate. It is like, “Hey client! Can you please deauthenticate”. Once deauthenticated, then the client will reconnect to AP (Access Point). These types of frames are supposed to send by valid “AP” to its clients, but the attacker can mimic these frames and broadcast in the network. ...

“MAC Address Scrambling“- By the name itself we can understand, instead of using a burned-in address, the machine uses a random MAC address. The machine/device changes MAC addresses regularly to improve security. MAC address is a 48-bit hexadecimal digit which is burned in every electronic device that has the capability of “connectivity” such as mobile devices, smart TV, PC, etc. “Apple” added this feature to iPhones from iOS8 to protect users’ privacy. ...