Site refreshments

This site has gone thru a number of changes. First of all the look&feel has been modified slightly, but the most changelling changes are in visible, and was done to tighten and raise the security level. This is what happened:

DNSSec

In order to secure the domain nat0.net we have implemented DNSSec. This is done in a “Hidden Master” fashion and the private keys are kept somewhere without direct contact with internet.

Results from .SE dnscheck validating the domain nat0.net.

SSL

The site is SSL only. Not that you can find any secret information here that needs to be protected, but the overall gut feeling that there is an end-to-end security between your browser and this server hopefully makes us all feel better. Of course the cipher suite uses Perfect Forwarding Secrecy. 🙂

Output from the Firefox plugin “Calomel SSL Validation”

WordPress hardening

A number of action has been taken to make sure that all software run here are as secure as possible. This includes running vurneability scanners to find holes to tighten, as well as a number of best practice security tweaks for Apache and WordPress.

Besides from specific hardening steps the most crucial thing to keep in mind is to make sure that WordPress as well as all plugins are recent and updated as possible. This is an ongoing step and I try to have a look in the admin panel as often as possible to see if it notifies me about available update for as well WordPress core as the active themes and and plugins.

Network Design

This site is run on a VM. It is placed on a separate DMZ separated from everything else. A full backup is run and securely moved off-site every night for fast recovery if something would happen.

A disaster backup machine is available elsewhere and in case of a major fault everything can be restored to this machine relatively easy.