2025-10-24
In a world where data privacy and access to resources are often restricted by geoblocks or corporate policies, tools like ProxyChains become indispensable assistants. ProxyChains — or more precisely its modern fork ProxyChains-NG — is an open utility for Unix-like systems (Linux, macOS, etc.) that allows routing the network traffic of any application through a chain of proxy servers. It is especially popular among developers, pentesters, and security enthusiasts. In this article we’ll cover what ProxyChains can do, why it’s useful for developers, provide usage examples, and discuss its limitations.
2025-09-24
Introduction
After we figured out insecure FTP, it’s time to meet its secure successors.
Here’s where confusion often arises: many people think FTPS and SFTP are the same thing.
In reality, these are two completely different protocols — with different histories and principles of operation.
What is FTPS? (FTP + Security)
FTPS (FTP over SSL/TLS) is a direct evolution of classic FTP. It takes standard FTP and “wraps” its connections in the cryptographic protocol SSL/TLS (the same one that protects websites via HTTPS).
2025-09-22
Getting a new VPS is just the beginning. By default, the server is insecure and not ready for production use. This checklist will help you step by step to prepare your VPS: close security holes, enable updates, and configure the basic infrastructure.
1. First login and changing the root password
Connect to the server via SSH:
Change the temporary password to your own unique and complex one:
2. Create a new user with sudo
Working as root all the time is dangerous. Let’s create a regular user:
2025-09-10
In the previous article, we deployed a basic Jitsi Meet server using Docker.
Now let’s look at how to secure your server, enable authentication, and optimize performance for stable video calls.
Authentication: Invite-Only Access
By default, Jitsi Meet allows anyone to create rooms. To restrict access — enable Secure Domain.
- Open the
.env file and find the Prosody (XMPP server) section.ENABLE_AUTH=1
AUTH_TYPE=internal
Here, internal means that users will be stored locally.
2025-08-27
The Problem with Certificates at Scale
In previous articles, we discussed that OpenVPN uses certificates for authentication. This method is reliable but has significant drawbacks:
- Inconvenience for users: Each user must manually receive and install their own certificate.
- Complex management: When an employee leaves, their certificate must be revoked, which requires extra steps.
- Lack of centralization: Each service that requires access has its own authorization system.
The solution to this problem is using a centralized identity provider such as Keycloak.
2025-08-25
OpenVPN: A Time-Tested Standard
Introduction
In a world where the speed and simplicity of WireGuard have become the new standard, OpenVPN remains one of the most reliable and flexible VPN protocols. It works both on traditional computers and on networking equipment, providing cross-platform compatibility and a high level of security. However, to understand how to use it, it is important to distinguish between the protocol itself and its client applications.
2025-08-23
When Control Matters Most
Services like Tailscale and NetBird are convenient, but they rely on a third-party control server responsible for authentication, key distribution, and route exchange. For those who, for security or privacy reasons, don’t want to entrust this function to anyone, there are two paths: Headscale and “pure” WireGuard.
Headscale: Your Own Tailscale
Headscale is a fully open-source implementation of Tailscale’s control server. It allows you to deploy your own Tailscale alternative on a VPS or server while still using the official Tailscale clients.
2025-08-22
When Zero-config VPN Means More Than Just Tailscale
Although Tailscale has become the benchmark for simplicity, it’s not the only player in the Zero-config VPN field. ZeroTier and NetBird offer similar functionality but with important architectural and ideological differences.
ZeroTier: A Virtual Ethernet Switch
ZeroTier is one of the first and most well-known services implementing the mesh network concept. It works on the principle of a virtual local network. Instead of relying on the WireGuard protocol, ZeroTier uses its own protocol and creates a virtual L2 switch (Layer 2) that unites all devices into a single local network. Each device gets an IP address from a virtual subnet and can “see” other devices as if they were connected to the same physical switch.
2025-08-21
What is Tailscale?
Tailscale is a VPN service that positions itself as a Zero-config VPN. It uses the WireGuard protocol to create a secure mesh network between all your devices. The key difference from other solutions is its simplicity. Instead of manually configuring tunnels and managing keys, Tailscale does all the work for you. All you need to do is install the app on each device and sign in.
How does it work under the hood?
When you sign in, the Tailscale client connects to the Control Plane server. This server essentially acts as the “brain” of the network:
2025-08-20
Evolution of Remote Access
Traditional VPN services, which most of us are familiar with, work on the “hub-and-spoke” principle (star topology). This means that all traffic from the client to the protected network passes through a central server. This approach has drawbacks:
- Configuration complexity: Manual setup, port forwarding, and key management are required.
- Performance: All traffic, even between two remote clients, must go through the central server, which increases latency.
- Single point of failure: If the central server goes down, the entire network stops working.
A new concept — Zero-config VPN — solves these problems by using a mesh network architecture.
