@networkpro/blog 1.0.8 → 1.0.11

package/search/search_index.json

@@ -1 +0,0 @@
-{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":"<p><sup>SPDX-License-Identifier: <code>CC-BY-4.0 OR GPL-3.0-or-later</code></sup></p>","tags":["index","network-pro","blog"]},{"location":"#blog-index","title":"Blog Index","text":"","tags":["index","network-pro","blog"]},{"location":"contributing/","title":"Code of Conduct","text":"<p><sup>SPDX-License-Identifier: <code>CC-BY-4.0 OR GPL-3.0-or-later</code></sup></p> <p></p>","tags":["network-pro","contributing"]},{"location":"contributing/#contributor-covenant-code-of-conduct","title":"Contributor Covenant Code of Conduct","text":"<p>Network Pro Strategies Effective Date: May 10, 2025</p>","tags":["network-pro","contributing"]},{"location":"contributing/#table-of-contents","title":"Table of Contents","text":"<ul> <li>Our Pledge</li> <li>Our Standards</li> <li>Responsibilities</li> <li>Scope</li> <li>Enforcement</li> <li>Attribution</li> </ul>","tags":["network-pro","contributing"]},{"location":"contributing/#our-pledge","title":"Our Pledge","text":"<p>We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.</p> <p>We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.</p> <p><sub>Back to top</sub></p> <p></p>","tags":["network-pro","contributing"]},{"location":"contributing/#our-standards","title":"Our Standards","text":"<p>Examples of behavior that contributes to a positive environment for our community include:</p> <ul> <li>Demonstrating empathy and kindness toward other people</li> <li>Being respectful of differing opinions, viewpoints, and experiences</li> <li>Giving and gracefully accepting constructive feedback</li> <li>Accepting responsibility and apologizing to those affected by our mistakes,   and learning from the experience</li> <li>Focusing on what is best not just for us as individuals, but for the overall   community</li> </ul> <p>Examples of unacceptable behavior include:</p> <ul> <li>The use of sexualized language or imagery, and sexual attention or advances of   any kind</li> <li>Trolling, insulting or derogatory comments, and personal or political attacks</li> <li>Public or private harassment</li> <li>Publishing others' private information, such as a physical or email address,   without their explicit permission</li> <li>Other conduct which could reasonably be considered inappropriate in a   professional setting</li> </ul> <p><sub>Back to top</sub></p> <p></p>","tags":["network-pro","contributing"]},{"location":"contributing/#responsibilities","title":"Responsibilities","text":"<p>Company and community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.</p> <p>Company and community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.</p> <p>Network Pro Strategies reserves the right, at its sole discretion, to remove, edit, or reject any contributions that are contrary to or detrimental to its business interests.</p> <p><sub>Back to top</sub></p> <p></p>","tags":["network-pro","contributing"]},{"location":"contributing/#scope","title":"Scope","text":"<p>This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the company or community in public spaces. Examples of representing our company or community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event.</p> <p><sub>Back to top</sub></p> <p></p>","tags":["network-pro","contributing"]},{"location":"contributing/#enforcement","title":"Enforcement","text":"<p>Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the abuse team at abuse@neteng.pro. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.</p> <p>The abuse team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.</p> <p>Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project\u2019s leadership.</p> <p><sub>Back to top</sub></p> <p></p>","tags":["network-pro","contributing"]},{"location":"contributing/#attribution","title":"Attribution","text":"<p>This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.</p> <p>The Enforcement section is adapted from the Contributor Covenant, version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct/.</p> <p>For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.</p> <p><sub>Back to top</sub></p> <p> <p>Home \u00a0 | \u00a0 Terms of Use Privacy Policy \u00a0 | \u00a0 Legal</p> <p></p> <p> </p> <p> <p>Copyright \u00a9 2025 Network Pro Strategies (Network Pro\u2122)</p> <p>Network Pro\u2122, the shield logo, and the \"Locking Down Networks\u2122\" slogan are trademarks of Network Pro Strategies.</p> <p>Licensed under CC BY 4.0 and the GNU GPL, as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p> <p></p>","tags":["network-pro","contributing"]},{"location":"tags/","title":"Tag Index","text":"<p><sup>SPDX-License-Identifier: <code>CC-BY-4.0 OR GPL-3.0-or-later</code></sup></p>"},{"location":"tags/#tags","title":"Tags","text":"<p>This page lists all of the tags used in the blog. Click on a tag to see the related articles and posts.</p>"},{"location":"tags/#tag:blog","title":"blog","text":"<ul> <li>            Home          </li> <li>            The Network Pro\u2122 Blog Has Moved          </li> <li>            We're Live!          </li> </ul>"},{"location":"tags/#tag:contributing","title":"contributing","text":"<ul> <li>            Code of Conduct          </li> </ul>"},{"location":"tags/#tag:index","title":"index","text":"<ul> <li>            Home          </li> </ul>"},{"location":"tags/#tag:network-pro","title":"network-pro","text":"<ul> <li>            Building a Better Web Experience          </li> <li>            Code of Conduct          </li> <li>            Home          </li> <li>            Progressive Web App is Live          </li> <li>            The Network Pro\u2122 Blog Has Moved          </li> <li>            We're Live!          </li> <li>            Welcome to the Future of Network Pro\u2122          </li> </ul>"},{"location":"tags/#tag:post","title":"post","text":"<ul> <li>            Secure Secure Shell          </li> </ul>"},{"location":"tags/#tag:pwa","title":"pwa","text":"<ul> <li>            Progressive Web App is Live          </li> </ul>"},{"location":"tags/#tag:security","title":"security","text":"<ul> <li>            Secure Secure Shell          </li> </ul>"},{"location":"tags/#tag:sveltekit","title":"sveltekit","text":"<ul> <li>            Building a Better Web Experience          </li> <li>            Progressive Web App is Live          </li> <li>            Welcome to the Future of Network Pro\u2122          </li> </ul>"},{"location":"tags/#tag:website","title":"website","text":"<ul> <li>            Building a Better Web Experience          </li> <li>            Progressive Web App is Live          </li> <li>            Welcome to the Future of Network Pro\u2122          </li> </ul>"},{"location":"2025/05/15/building-a-better-web-experience/","title":"\ud83c\udf10 Building a Better Web Experience \u2014 Powered by SvelteKit","text":"","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/15/building-a-better-web-experience/#the-future-of-network-protm-is-almost-here","title":"\ud83d\udd2e The Future of Network Pro\u2122 Is Almost Here","text":"<p>At Network Pro Strategies, we\u2019ve always been driven by innovation\u2014and our next leap forward is all about delivering a faster, smoother, and smarter web experience for you.</p> <p>\ud83d\udee0\ufe0f Behind the scenes, our dev team has been working tirelessly, and we\u2019re thrilled to share what\u2019s coming: our main website is undergoing a major upgrade, and we\u2019re rebuilding it using the powerful SvelteKit framework.</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/15/building-a-better-web-experience/#why-sveltekit","title":"\u2699\ufe0f Why SvelteKit?","text":"<p>\ud83d\ude80 We chose SvelteKit because we believe in performance without compromise. It's a modern front-end framework that compiles our code into ultra-efficient JavaScript, leading to faster page loads, better SEO, and buttery-smooth user interactions. Simply put, it allows us to do more\u2014with less.</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/15/building-a-better-web-experience/#what-you-can-expect","title":"What You Can Expect:","text":"<p>\u26a1 Lightning-Fast Load Times: Thanks to SvelteKit\u2019s built-in optimizations, our new site will load faster than ever, even on mobile or slower networks. \ud83c\udf10 Seamless Navigation: The entire experience will feel fluid and instant\u2014clicking through pages will be nearly instantaneous. \ud83d\udd27 Future-Proof Flexibility: SvelteKit gives us the tools to build more interactive features, responsive layouts, and personalized content delivery in the future. \u267f Improved Accessibility &amp; Performance: We\u2019re not just making it look better\u2014we\u2019re making it work better for everyone.</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/15/building-a-better-web-experience/#putting-on-the-final-touches","title":"\ud83e\uddea Putting on the Final Touches","text":"<p>Right now, we\u2019re in the final stages\u2014fine-tuning performance, stress-testing the new build, and running full QA sweeps to make sure everything feels just right.</p> <p>We\u2019re excited about this leap because it\u2019s not just a visual upgrade\u2014it\u2019s an upgrade in how we serve our community, how we evolve with modern web standards, and how we stay agile as your trusted tech partner.</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/15/building-a-better-web-experience/#get-a-sneak-peek","title":"\ud83d\udc40 Get a Sneak Peek","text":"<p>\ud83d\udd17 Can\u2019t wait to see it in action? You can get an early look at our new site by visiting dev.netwk.pro.</p> <p>Thanks for sticking with us\u2014we\u2019re building this better web experience for you.</p> <p> </p> <p>Network Pro\u2122 | Cybersecurity that respects your values.</p> <p>Network Pro\u2122, the shield logo, and the \"Locking Down Networks\u2122\" slogan are trademarks of Network Pro Strategies.</p> <p>Licensed under CC BY 4.0 and the GNU GPL, as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/04/30/were-live/","title":"We're Live!","text":"","tags":["network-pro","blog"]},{"location":"2025/04/30/were-live/#were-live","title":"We're Live!","text":"","tags":["network-pro","blog"]},{"location":"2025/04/30/were-live/#welcome-to-the-network-protm-blog-cybersecurity-privacy-open-knowledge","title":"\ud83d\udee1\ufe0f Welcome to the Network Pro\u2122 Blog: Cybersecurity. Privacy. Open Knowledge","text":"<p>In a digital world where threats are persistent and privacy is too often an afterthought, Network Pro Strategies was founded on a belief that effective security doesn't require compromise. We specialize in helping organizations and individuals navigate today\u2019s cybersecurity challenges with confidence, clarity, and control.</p> <p>Today marks the launch of our official blog\u2014your go-to destination for field-tested strategies, implementation insights, and transparent thought leadership across cybersecurity, network defense, and privacy-aware infrastructure.</p>","tags":["network-pro","blog"]},{"location":"2025/04/30/were-live/#why-this-blog-exists","title":"\ud83d\udce1 Why This Blog Exists","text":"<p>Modern security isn\u2019t just about technology\u2014it\u2019s about trust, autonomy, and informed choices. As threats evolve and surveillance becomes normalized, we believe clients deserve more than marketing fluff and opaque solutions.</p> <p>This blog represents our commitment to providing value through:</p> <ul> <li>\ud83d\udcbc SMBs and enterprises needing tailored, scalable security that protects business continuity</li> <li>\ud83c\udfdb\ufe0f Government and compliance-sensitive sectors where resilience and data integrity are mission-critical</li> <li>\ud83d\udc68\u200d\ud83d\udcbb Technologists and privacy-conscious communities seeking reliable strategies and tools that don\u2019t trade transparency for control</li> </ul>","tags":["network-pro","blog"]},{"location":"2025/04/30/were-live/#what-youll-find-here","title":"\ud83d\udcec What You\u2019ll Find Here","text":"<p>You won\u2019t find empty buzzwords or vendor lock-in here. This space is practical, accessible, and real. Expect content grounded in hands-on consulting experience, addressing real-world needs like:</p> <ul> <li>\ud83d\udd10 Guides on securing infrastructure through Zero Trust principles, secure network design, segmentation, and data governance</li> <li>\ud83c\udf10 Exploration of free and open source tools that align with professional-grade expectations for security and usability</li> <li>\ud83d\udcf1 Best practices for mobile and endpoint hardening, including private-by-design communications and de-Googled Android stacks</li> <li>\u2699\ufe0f Scalable implementation tips for building resilient, ethical, and vendor-neutral technology environments</li> </ul> <p>We\u2019ll also publish tutorials, deep dives, and threat-focused analyses to help you anticipate risk, strengthen defenses, and stay informed\u2014no jargon, no gatekeeping.</p>","tags":["network-pro","blog"]},{"location":"2025/04/30/were-live/#our-vision-security-that-respects-you","title":"\u2705 Our Vision: Security That Respects You","text":"<p>At Network Pro\u2122, we believe security should be transparent, adaptable, and aligned with your goals. While we advocate for privacy-first solutions and actively support open technologies, we apply them with discretion\u2014not dogma. Our priority is delivering reliable, resilient results, whether through open source tools or vetted proprietary platforms.</p> <p>We serve as trusted advisors for navigating today\u2019s threat landscape\u2014delivering infrastructure consulting, cloud and hybrid architecture support, and technical guidance rooted in industry experience. Our approach is practical, flexible, and future-focused, designed to protect what matters most without sacrificing visibility or control.</p>","tags":["network-pro","blog"]},{"location":"2025/04/30/were-live/#ready-to-build-a-safer-smarter-digital-future","title":"\ud83d\udd10 Ready to Build a Safer, Smarter Digital Future?","text":"<p>Cybersecurity isn\u2019t just a product\u2014it\u2019s a process. Whether you're designing secure networks, navigating digital privacy concerns, or evaluating new tools, Network Pro\u2122 is here to support your mission.</p> <p>Let\u2019s build something secure, sustainable, and respectful of your values.</p> <p>\ud83d\udce9 Contact us today to get started.</p> <p> </p> <p>Network Pro\u2122 | Cybersecurity that respects your values.</p> <p>Network Pro\u2122, the shield logo, and the \"Locking Down Networks\u2122\" slogan are trademarks of Network Pro Strategies.</p> <p>Licensed under CC BY 4.0 and the GNU GPL, as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>","tags":["network-pro","blog"]},{"location":"2025/05/11/the-network-pro-blog-has-moved/","title":"The Network Pro\u2122 Blog Has Moved","text":"","tags":["network-pro","blog"]},{"location":"2025/05/11/the-network-pro-blog-has-moved/#evolving-securely-the-network-protm-blog-has-moved","title":"\ud83d\udd01 Evolving Securely: The Network Pro\u2122 Blog Has Moved","text":"<p>Same Mission. Stronger Platform. More Accessible Knowledge.</p> <p>Since launching the Network Pro\u2122 Blog, our purpose has been clear: Deliver uncompromising insight, grounded in technical experience and a commitment to privacy-respecting, resilient cybersecurity.</p> <p>Today, that mission continues\u2014on a new, streamlined domain: https://blog.netwk.pro</p> <p>This move isn\u2019t just cosmetic. It reflects our continued investment in accessibility, performance, and security-aware publishing infrastructure\u2014with all the same clarity and content integrity you\u2019ve come to expect.</p>","tags":["network-pro","blog"]},{"location":"2025/05/11/the-network-pro-blog-has-moved/#why-the-move","title":"Why the Move?","text":"<p>Security is more than the tools we use\u2014it\u2019s how we communicate, publish, and maintain trust. Our new domain brings:</p> <p>\ud83d\udd12 Cleaner, faster access to our insights \ud83e\udde0 Simplified, distraction-free reading experience \ud83d\udce1 A direct connection between our name and our knowledge-sharing mission</p> <p>This change is part of a broader evolution. As we expand into deeper infrastructure consulting, Zero Trust deployment, and privacy-first architecture for both enterprise and public sectors, our digital presence needs to scale with our clients\u2019 needs\u2014without compromising values.</p>","tags":["network-pro","blog"]},{"location":"2025/05/11/the-network-pro-blog-has-moved/#whats-next","title":"What\u2019s Next?","text":"<p>At blog.netwk.pro, you\u2019ll continue to find:</p> <p>\ud83d\udd10 Field-tested cybersecurity implementation strategies \ud83d\udee0\ufe0f Open-source tooling reviews and real-world deployment guides \ud83d\udcf1 Endpoint, mobile, and cloud security insights with zero vendor bias \ud83d\udcda Transparent threat modeling and analysis that demystifies, not dramatizes</p> <p>Whether you\u2019re a sysadmin defending hybrid networks, a privacy advocate building ethical stacks, or an enterprise CTO navigating compliance, the mission stays the same: Clarity. Control. Confidence.</p>","tags":["network-pro","blog"]},{"location":"2025/05/11/the-network-pro-blog-has-moved/#stay-connected","title":"Stay Connected","text":"<p>Bookmark the new address: https://blog.netwk.pro</p> <p>Need help securing your infrastructure or want a second set of eyes on a deployment? We\u2019re here to advise, not upsell.</p> <p>\ud83d\udce9 Contact us to discuss your needs\u2014or just to say hello.</p> <p> </p> <p>Network Pro\u2122 | Cybersecurity that respects your values.</p> <p>Network Pro\u2122, the shield logo, and the \"Locking Down Networks\u2122\" slogan are trademarks of Network Pro Strategies.</p> <p>Licensed under CC BY 4.0 and the GNU GPL, as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>","tags":["network-pro","blog"]},{"location":"2025/05/16/progressive-web-app-is-live/","title":"\ud83d\ude80 A Faster, Smarter Experience: Network Pro\u2019s Website Is Now a Progressive Web App (PWA)","text":"<p>At Network Pro Strategies, we\u2019re always looking for ways to deliver a faster, smoother, and more efficient experience for our clients and partners. That\u2019s why we\u2019re proud to announce that the Network Pro\u2122 website is now fully equipped with Progressive Web App (PWA) technology \u2014 bringing modern performance, speed, and user convenience to the forefront of your experience.</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#whats-a-pwa-and-why-does-it-matter","title":"\ud83d\udca1 What\u2019s a PWA, and Why Does It Matter?","text":"<p>Without getting too technical, a Progressive Web App is a powerful blend of a website and a mobile app. It loads quickly, performs smoothly, and feels like an app \u2014 all within your browser, without needing to download anything.</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#key-benefits-you-can-enjoy-right-now","title":"\ud83d\udd11 Key Benefits You Can Enjoy Right Now","text":"","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#faster-load-times","title":"\u26a1 Faster Load Times","text":"<p>Thanks to intelligent caching, your frequently visited pages load noticeably quicker. Whether you're checking updates, contacting support, or reading the latest Network Pro\u2122 insights, you\u2019ll experience less wait and more action.</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#app-like-experience","title":"\ud83d\udcf1 App-Like Experience","text":"<p>Our new interface brings a cleaner, more responsive design that adapts to any screen \u2014 desktop, tablet, or smartphone \u2014 making it feel just like a native app.</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#built-with-security-in-mind","title":"\ud83d\udd10 Built with Security in Mind","text":"<p>The PWA runs exclusively over secure HTTPS connections, ensuring that your interactions are protected every step of the way.</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#installable-convenience","title":"\ud83d\udcf2 Installable Convenience","text":"<p>Add Network Pro\u2122 to your home screen for one-tap access, just like an app. It\u2019s fast, light, and always there when you need it.</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#whats-coming-soon","title":"\ud83d\udee0\ufe0f What\u2019s Coming Soon","text":"<p>We\u2019re already working on bringing offline functionality into the experience. Soon, you\u2019ll be able to browse key content \u2014 like service information, blog posts, and resources \u2014 even when you\u2019re temporarily disconnected from the internet.</p> <p>Stay tuned \u2014 we\u2019ll let you know the moment this feature goes live!</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2025/05/16/progressive-web-app-is-live/#try-it-out-today","title":"\ud83d\udd17 Try It Out Today","text":"<p>Currently, you can navigate to our development website \u2014 built with SvelteKit \u2014 to experience the new PWA-powered experience. We\u2019d love your feedback as we continue to enhance your digital journey with us.</p> <p> </p> <p>At Network Pro\u2122, we don\u2019t just talk innovation \u2014 we build it into everything we do.</p> <p>Network Pro\u2122, the shield logo, and the \"Locking Down Networks\u2122\" slogan are trademarks of Network Pro Strategies.</p> <p>Licensed under CC BY 4.0 and the GNU GPL, as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>","tags":["network-pro","website","sveltekit","pwa"]},{"location":"2015/01/04/secure-secure-shell/","title":"Secure Secure Shell","text":"Originally published on 1/4/2015 by stribika at: https://blog.stribik.technology/2015/01/04/secure-secure-shell.html  Mirrored to preserve information. Minor changes have been made, and this is noted where applicable. Also see: https://security.stackexchange.com/questions/143442/what-are-ssh-keygen-best-practices  \ud83d\udcdd NOTE: Despite this article's age, we've yet to come across a better source of information with regard to SSH configuration.  <ul> <li>Skip to the good part.</li> </ul> <p>You may have heard that the NSA can decrypt SSH at least some of the time. If you have not, then read the latest batch of Snowden documents now. All of it. This post will still be here when you finish. My goal with this post here is to make NSA analysts sad.</p> <p>TL;DR: Scan this post for fixed width fonts, these will be the config file snippets and commands you have to use.</p> <p>Warning: You will need a recent OpenSSH version. It should work with 6.5 but I have only tested 6.7 and connections to Github. Here is a good compatibility matrix.</p>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#the-crypto","title":"The crypto","text":"<p>Reading the documents, I have the feeling that the NSA can 1) decrypt weak crypto and 2) steal keys. Let's focus on the crypto first. SSH supports different key exchange algorithms, ciphers and message authentication codes. The server and the client choose a set of algorithms supported by both, then proceed with the key exchange. Some of the supported algorithms are not so great and should be disabled completely. This hurts interoperability but everyone uses OpenSSH anyway. Fortunately, downgrade attacks are not possible because the supported algorithm lists are included in the key derivation. If a man in the middle were to change the lists, then the server and the client would calculate different keys.</p>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#key-exchange","title":"Key exchange","text":"<p>There are basically two ways to do key exchange: Diffie-Hellman and Elliptic Curve Diffie-Hellman. Both provide forward secrecy which the NSA hates because they can't use passive collection and key recovery later. The server and the client will end up with a shared secret number at the end without a passive eavesdropper learning anything about this number. After we have a shared secret we have to derive a cryptographic key from this using a key derivation function. In case of SSH, this is a hash function. Collision attacks on this hash function have been proven to allow downgrade attacks.</p> <p>DH works with a multiplicative group of integers modulo a prime. Its security is based on the hardness of the discrete logarithm problem.</p>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#alice-bob","title":"<pre><code>Alice Bob\n<p>Sa = random\nPa = g^Sa --&gt; Pa\nSb = random\nPb &lt;-- Pb = g^Sb\ns = Pb^Sa s = Pa^Sb\nk = KDF(s) k = KDF(s)</p>\n<p>ECDH works with elliptic curves over finite fields.\nIts security is based on the hardness of the elliptic curve discrete logarithm problem.</p>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#alice-bob_1","title":"<pre><code>Alice Bob\n<p>Sa = random\nPa = Sa G --&gt; Pa\nSb = random\nPb &lt;-- Pb = Sb G\ns = Sa Pb s = Sb Pa\nk = KDF(s) k = KDF(s)</p>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#sshd-configuration","title":"SSHD Configuration\n\n<p>NOTE: Emphasis added, it was not present in the originally published article.\nKey exchange 1 (curve25519-sha256) alone is ideal, 8 is also acceptable for interoperability.</p>\n\n<p>OpenSSH supports 11 key exchange protocols:</p>\n<ol>\n<li>curve25519-sha256: ECDH over Curve25519 with SHA2</li>\n<li>diffie-hellman-group1-sha1: 1024 bit DH with SHA1</li>\n<li>diffie-hellman-group14-sha1: 2048 bit DH with SHA1</li>\n<li>diffie-hellman-group14-sha256: 2048 bit DH with SHA2</li>\n<li>diffie-hellman-group16-sha512: 4096 bit DH with SHA2</li>\n<li>diffie-hellman-group18-sha512: 8192 bit DH with SHA2</li>\n<li>diffie-hellman-group-exchange-sha1: Custom DH with SHA1</li>\n<li>diffie-hellman-group-exchange-sha256: Custom DH with SHA2</li>\n<li>ecdh-sha2-nistp256: ECDH over NIST P-256 with SHA2</li>\n<li>ecdh-sha2-nistp384: ECDH over NIST P-384 with SHA2</li>\n<li>ecdh-sha2-nistp521: ECDH over NIST P-521 with SHA2</li>\n</ol>\n<p>We have to look at 3 things here:</p>\n<ul>\n<li>ECDH curve choice:\n  This eliminates 9-11 because NIST curves suck.\n  They leak secrets through timing side channels and off-curve inputs.\n  Also, NIST is considered harmful and cannot be trusted.</li>\n<li>Bit size of the DH modulus:\n  This eliminates 2 because the NSA has supercomputers and possibly unknown attacks.\n  1024 bits simply don't offer sufficient security margin.</li>\n<li>Security of the hash function:\n  This eliminates 2, 3, and 7 because SHA1 is broken.\n  We don't have to wait for a second preimage attack that takes 10 minutes on a cellphone to disable it right now.</li>\n</ul>\n<p>We are left with 1 and 8, as well as 4-6 which were added in OpenSSH 7.3.\n1 is better and it's perfectly OK to only support that but for interoperability (with Eclipse, WinSCP), 8 can be included.</p>\n\n<p>NOTE: 8 should no longer be necessary in newer versions of WinSCP. If in doubt, test with only 1 first. Add 8 if it won't connect otherwise.</p>\n\n<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>\n<pre><code>KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256</code></pre>\n\n<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>\n<pre><code># Github needs diffie-hellman-group-exchange-sha1 some of the time but not always.\n#Host github.com\n#    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1\n\nHost *\n    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256</code></pre>\n\n\n<p>NOTE: GitHub should no longer need a separate setting, as they've transitioned away from SSH keys. They should not require an exception regardless.</p>\n\n<p>If you chose to enable 8, open <code>/etc/ssh/moduli</code> if exists, and delete lines where the 5th column is less than 2000.</p>\n<pre><code>awk '$5 &gt; 2000' /etc/ssh/moduli &gt; \"${HOME}/moduli\"\nwc -l \"${HOME}/moduli\" # make sure there is something left\nmv \"${HOME}/moduli\" /etc/ssh/moduli</code></pre>\n\n<p>If it does not exist, create it:</p>\n<pre><code>ssh-keygen -G /etc/ssh/moduli.all -b 4096\nssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all\nmv /etc/ssh/moduli.safe /etc/ssh/moduli\nrm /etc/ssh/moduli.all</code></pre>\n\n<p>This will take a while so continue while it's running.</p>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#authentication","title":"Authentication\n<p>The key exchange ensures that the server and the client shares a secret no one else knows.\nWe also have to make sure that they share this secret with each other and not an NSA analyst.</p>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#server-authentication","title":"Server authentication","text":"<p>The server proves its identity to the client by signing the key resulting from the key exchange.\nThere are 4 public key algorithms for authentication:</p>\n<ol>\n<li>DSA with SHA1</li>\n<li>ECDSA with SHA256, SHA384 or SHA512 depending on key size</li>\n<li>Ed25519 with SHA512</li>\n<li>RSA with SHA1</li>\n</ol>\n<p>DSA keys must be exactly 1024 bits so let's disable that.\nNumber 2 here involves NIST suckage and should be disabled as well.\nAnother important disadvantage of DSA and ECDSA is that it uses randomness for each signature.\nIf the random numbers are not the best quality, then it is possible to recover the secret key.\nFortunately, RSA using SHA1 is not a problem here because the value being signed is actually a SHA2 hash.\nThe hash function SHA1(SHA2(x)) is just as secure as SHA2 (it has less bits of course but no better attacks).</p>\n<pre><code>Protocol 2\nHostKey /etc/ssh/ssh_host_ed25519_key\nHostKey /etc/ssh/ssh_host_rsa_key</code></pre>\n\n<p>The first time you connect to your server, you will be asked to accept the new fingerprint.</p>\n<p>This will also disable the horribly broken v1 protocol that you should not have enabled in the first place.\nWe should remove the unused keys and only generate a large RSA key and an Ed25519 key.\nYour init scripts may recreate the unused keys.\nIf you don't want that, remove any <code>ssh-keygen</code> commands from the init script.</p>\n<pre><code>cd /etc/ssh\nrm ssh_host_*key*\nssh-keygen -t ed25519 -f ssh_host_ed25519_key -N \"\" &lt; /dev/null\nssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N \"\" &lt; /dev/null</code></pre>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#client-authentication","title":"Client authentication","text":"<p>The client must prove its identity to the server as well.\nThere are various methods to do that.</p>\n<p>The simplest is password authentication.\nThis should be disabled immediately after setting up a more secure method because it allows compromised servers to steal passwords.\nPassword authentication is also more vulnerable to online bruteforce attacks.</p>\n<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>\n<pre><code>PasswordAuthentication no\nChallengeResponseAuthentication no</code></pre>\n\n<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>\n<pre><code>Host *\n    PasswordAuthentication no\n    ChallengeResponseAuthentication no</code></pre>\n\n<p>The most common and secure method is public key authentication, basically the same process as the server authentication.</p>\n<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>\n<pre><code>PubkeyAuthentication yes</code></pre>\n\n<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>\n<pre><code>Host *\n    PubkeyAuthentication yes\n    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa</code></pre>\n\n<p>Generate client keys using the following commands:</p>\n<pre><code>ssh-keygen -t ed25519 -o -a 100\nssh-keygen -t rsa -b 4096 -o -a 100</code></pre>\n\n<p>You can deploy your new client public keys using <code>ssh-copy-id</code>.</p>\n<p>It is also possible to use OTP authentication to reduce the consequences of lost passwords.\nGoogle Authenticator is a nice implementation of TOTP, or Timebased One Time Password.\nYou can also use a printed list of one time passwords or any other PAM module, really, if you enable <code>ChallengeResponseAuthentication</code>.</p>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#user-authentication","title":"User Authentication","text":"<p>Even with Public Key authentication, you should only allow incoming connections from expected users. The <code>AllowUsers</code> setting in <code>sshd_config</code> lets you specify users who are allowed to connect, but this can get complicated with a large number of ssh users. Additionally, when deleting a user from the system, the username is not removed from <code>sshd_config</code>, which adds to maintenance requirements. The solution is to use the <code>AllowGroups</code> setting instead, and add users to an <code>ssh-user</code> group.</p>\n<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>\n<pre><code>AllowGroups ssh-user</code></pre>\n\n<p>Create the ssh-user group with <code>sudo groupadd ssh-user</code>, then add each ssh user to the group with <code>sudo usermod -a -G ssh-user &lt;username&gt;</code>.</p>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#symmetric-ciphers","title":"Symmetric ciphers\n\n<p>NOTE: Emphasis added.</p>\n\n<p>Symmetric ciphers are used to encrypt the data after the initial key exchange and authentication is complete.</p>\n<p>Here we have quite a few algorithms (10-14 were removed in OpenSSH 7.6):</p>\n<ol>\n<li>3des-cbc</li>\n<li>aes128-cbc</li>\n<li>aes192-cbc</li>\n<li>aes256-cbc</li>\n<li>aes128-ctr</li>\n<li>aes192-ctr</li>\n<li>aes256-ctr</li>\n<li>aes128-gcm@openssh.com</li>\n<li>aes256-gcm@openssh.com</li>\n<li>arcfour</li>\n<li>arcfour128</li>\n<li>arcfour256</li>\n<li>blowfish-cbc</li>\n<li>cast128-cbc</li>\n<li>chacha20-poly1305@openssh.com</li>\n</ol>\n<p>We have to consider the following:</p>\n<ul>\n<li>Security of the cipher algorithm:\n  This eliminates 1 and 10-12 - both DES and RC4 are broken.\n  Again, no need to wait for them to become even weaker, disable them now.</li>\n<li>Key size:\n  At least 128 bits, the more the better.</li>\n<li>Block size:\n  Does not apply to stream ciphers.\n  At least 128 bits.\n  This eliminates 13 and 14 because those have a 64 bit block size.</li>\n<li>Cipher mode:\n  The recommended approach here is to prefer AE modes and optionally allow CTR for compatibility.\n  CTR with Encrypt-then-MAC is provably secure.</li>\n</ul>\n<p>Chacha20-poly1305 is preferred over AES-GCM because the SSH protocol does not encrypt message sizes when GCM (or EtM) is in use.\nThis allows some traffic analysis even without decrypting the data.\nWe will deal with that soon.</p>\n<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>\n<pre><code>Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr</code></pre>\n\n<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>\n<pre><code>Host *\n    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr</code></pre>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#message-authentication-codes","title":"Message authentication codes\n\n<p>Emphasis added.</p>\n\n<p>Encryption provides confidentiality, message authentication code provides integrity.\nWe need both.\nIf an AE cipher mode is selected, then extra MACs are not used, the integrity is already given.\nIf CTR is selected, then we need a MAC to calculate and attach a tag to every message.</p>\n<p>There are multiple ways to combine ciphers and MACs - not all of these are useful.\nThe 3 most common:</p>\n<ul>\n<li>Encrypt-then-MAC: encrypt the message, then attach the MAC of the ciphertext.</li>\n<li>MAC-then-encrypt: attach the MAC of the plaintext, then encrypt everything.</li>\n<li>Encrypt-and-MAC: encrypt the message, then attach the MAC of the plaintext.</li>\n</ul>\n<p>Only Encrypt-then-MAC should be used, period.\nUsing MAC-then-encrypt have lead to many attacks on TLS while Encrypt-and-MAC have lead to not quite that many attacks on SSH.\nThe reason for this is that the more you fiddle with an attacker provided message, the more chance the attacker has to gain information through side channels.\nIn case of Encrypt-then-MAC, the MAC is verified and if incorrect, discarded.\nBoom, one step, no timing channels.\nIn case of MAC-then-encrypt, first the attacker provided message has to be decrypted and only then can you verify it.\nDecryption failure (due to invalid CBC padding for example) may take less time than verification failure.\nEncrypt-and-MAC also has to be decrypted first, leading to the same kind of potential side channels.\nIt's even worse because no one said that a MAC's output can't leak what its input was.\nSSH by default, uses this method.</p>\n<p>Here are the available MAC choices:</p>\n<ol>\n<li>hmac-md5</li>\n<li>hmac-md5-96</li>\n<li>hmac-sha1</li>\n<li>hmac-sha1-96</li>\n<li>hmac-sha2-256</li>\n<li>hmac-sha2-512</li>\n<li>umac-64</li>\n<li>umac-128</li>\n<li>hmac-md5-etm@openssh.com</li>\n<li>hmac-md5-96-etm@openssh.com</li>\n<li>hmac-sha1-etm@openssh.com</li>\n<li>hmac-sha1-96-etm@openssh.com</li>\n<li>hmac-sha2-256-etm@openssh.com</li>\n<li>hmac-sha2-512-etm@openssh.com</li>\n<li>umac-64-etm@openssh.com</li>\n<li>umac-128-etm@openssh.com</li>\n</ol>\n<p>The selection considerations:</p>\n<ul>\n<li>Security of the hash algorithm:\n  No MD5 and SHA1.\n  Yes, I know that HMAC-SHA1 does not need collision resistance but why wait?\n  Disable weak crypto today.</li>\n<li>Encrypt-then-MAC:\n  I am not aware of a security proof for CTR-and-HMAC but I also don't think CTR decryption can fail.\n  Since there are no downgrade attacks, you can add them to the end of the list.\n  You can also do this on a host by host basis so you know which ones are less safe.</li>\n<li>Tag size:\n  At least 128 bits.\n  This eliminates umac-64-etm.</li>\n<li>Key size:\n  At least 128 bits.\n  This doesn't eliminate anything at this point.</li>\n</ul>\n<p>Recommended <code>/etc/ssh/sshd_config</code> snippet:</p>\n<pre><code>MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com</code></pre>\n\n<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>\n<pre><code>Host *\n    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com</code></pre>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#preventing-key-theft","title":"Preventing key theft","text":"<p>Even with forward secrecy the secret keys must be kept secret.\nThe NSA has a database of stolen keys - you do not want your key there.</p>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#system-hardening","title":"System hardening\n<p>OpenSSH has some undocumented, and rarely used features.\nUseRoaming is one such feature with a known vulnerability.</p>\n<p>Recommended <code>/etc/ssh/ssh_config</code> snippet:</p>\n<pre><code>Host *\n   UseRoaming no</code></pre>\n\n<p>This post is not intended to be a comprehensive system security guide.\nVery briefly:</p>\n<ul>\n<li>Don't install what you don't need:\n  Every single line of code has a chance of containing a bug.\n  Some of these bugs are security holes.\n  Fewer lines, fewer holes.</li>\n<li>Use free software:\n  As in speech.\n  You want to use code that's actually reviewed or that you can review yourself.\n  There is no way to achieve that without source code.\n  Someone may have reviewed proprietary crap but who knows.</li>\n<li>Keep your software up to date:\n  New versions often fix critical security holes.</li>\n<li>Exploit mitigation:\n  Sad but true - there will always be security holes in your software.\n  There are things you can do to prevent their exploitation, such as GCC's -fstack-protector.\n  One of the best security projects out there is Grsecurity.\n  Use it or use OpenBSD.</li>\n</ul>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#traffic-analysis-resistance","title":"Traffic analysis resistance\n<p>Set up Tor hidden services for your SSH servers.\nThis has multiple advantages.\nIt provides an additional layer of encryption and server authentication.\nPeople looking at your traffic will not know your IP, so they will be unable to scan and target other services running on the same server and client.\nAttackers can still attack these services but don't know if it has anything to do with the observed traffic until they actually break in.</p>\n<p>Now this is only true if you don't disclose your SSH server's fingerprint in any other way.\nYou should only accept connections from the hidden service or from LAN, if required.</p>\n<p>If you don't need LAN access, you can add the following line to <code>/etc/ssh/sshd_config</code>:</p>\n<pre><code>ListenAddress 127.0.0.1:22</code></pre>\n\n<p>Add this to <code>/etc/tor/torrc</code>:</p>\n<pre><code>HiddenServiceDir /var/lib/tor/hidden_service/ssh\nHiddenServicePort 22 127.0.0.1:22</code></pre>\n\n<p>You will find the hostname you have to use in <code>/var/lib/tor/hidden_service/ssh/hostname</code>.\nYou also have to configure the client to use Tor.\nFor this, socat will be needed.\nAdd the following line to <code>/etc/ssh/ssh_config</code>:</p>\n<pre><code>Host *.onion\n    ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050\n\nHost *\n    ...</code></pre>\n\n<p>If you want to allow connections from LAN, don't use the <code>ListenAddress</code> line, configure your firewall instead.</p>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#key-storage","title":"Key storage\n<p>You should encrypt your client key files using a strong password.\nAdditionally, you can use <code>ssh-keygen -o -a $number</code> to slow down cracking attempts by iterating the hash function many times.\nYou may want to store them on a pendrive and only plug it in when you want to use SSH.\nAre you more likely to lose your pendrive or have your system compromised?\nI don't know.</p>\n<p>Unfortunately, you can't encrypt your server key and it must be always available, or else sshd won't start.\nThe only thing protecting it is OS access controls.</p>","text":"","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#the-end","title":"The end","text":"<p>It's probably a good idea to test the changes.\n<code>ssh -v</code> will print the selected algorithms and also makes problems easier to spot.\nBe extremely careful when configuring SSH on a remote host.\nAlways keep an active session, never restart sshd.\nInstead you can send the <code>SIGHUP</code> signal to reload the configuration without killing your session.\nYou can be even more careful by starting a new sshd instance on a different port and testing that.</p>\n<p>Can you make these changes?\nIf the answer is yes, then...</p>\n<p></p>\n<p>If the answer is no, it's probably due to compatibility problems.\nYou can try to convince the other side to upgrade their security and turn it into a yes.\nI have created a wiki page where anyone can add config files for preserving compatibility with various SSH implementations and SSH based services.</p>\n<p>If you work for a big company and change management doesn't let you do it, I'm sorry.\nI've seen the v1 protocol enabled in such places.\nThere is no chance of improvement.\nGive up to preseve your sanity.</p>\n<p>Special thanks to the people of Twitter for the improvements.</p>","tags":["security","post"]},{"location":"2015/01/04/secure-secure-shell/#changelog","title":"ChangeLog","text":"<p>You may have noticed that this document changed since last time.\nI want to be very transparent about this.\nThere were three major changes:</p>\n<ul>\n<li>After some debate and going back and forth between including GCM or not, it's now back again.\n  The reason for dropping it was that SSH doesn't encrypt packet sizes when using GCM.\n  The reason for bringing it back is that SSH does the same with any EtM algorithms.\n  There is no way around this unless you can live with chacha20-poly1305 only.\n  Also, the leaked documents don't sound like they can figure out the lengths or confirm presence of some things, more like straight up \"send it to us and we'll decrypt it for you\".\n  Wrapping SSH in a Tor hidden service will take care of any traffic analysis concerns.</li>\n<li>I'm now allowing Encrypt-and-MAC algorithms with CTR ciphers as a last resort.\n  I initially thought it was possible to use downgrade attacks, I now think it is not.</li>\n<li>I briefly disabled RSA because it uses SHA1, this turned out to be a non-issue because we're signing SHA2 hashes.</li>\n</ul>\n<p>You can see the full list of changes on github.\nI promise not to use <code>git push -f</code>.</p>\n<p>\u00a0</p>\n<p>Network Pro\u2122 | Cybersecurity that respects your values.</p>\n\n\n\n<p>Network Pro\u2122, the shield logo, and the \"Locking Down Networks\u2122\" slogan are trademarks of Network Pro Strategies.</p>\n\n<p>Licensed under CC BY 4.0 and the GNU GPL, as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>","tags":["security","post"]},{"location":"2025/05/26/welcome-to-the-future-of-network-pro/","title":"\ud83c\udf10 Our New Web Experience Is Live \u2014 Welcome to the Future of Network Pro\u2122","text":"","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/26/welcome-to-the-future-of-network-pro/#the-next-chapter-of-our-web-evolution-has-arrived","title":"\ud83d\ude80 The Next Chapter of Our Web Evolution Has Arrived","text":"<p>We\u2019re thrilled to announce that the new version of our website is officially live and ready for you to explore! At Network Pro Strategies, we've been working diligently to bring you an even faster, smoother, and more intuitive online experience, and we\u2019re excited to finally unveil it. \ud83c\udf89</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/26/welcome-to-the-future-of-network-pro/#a-seamless-future-ready-experience","title":"\ud83d\udd0d A Seamless, Future-Ready Experience","text":"<p>As you already know, we\u2019ve rebuilt the entire site using SvelteKit, and we\u2019re proud of the results. Thanks to the incredible capabilities of SvelteKit, the site is now optimized for both performance and user experience\u2014delivering lightning-fast load times and easy navigation at every click.</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/26/welcome-to-the-future-of-network-pro/#whats-new","title":"What\u2019s New:","text":"<p>\ud83d\udca8 Super-Fast Load Times: Say goodbye to slow page loads! The website now loads instantly, even on mobile devices or less-than-ideal internet connections. \ud83c\udf0d Enhanced Navigation: Enjoy a fluid, seamless browsing experience. Every interaction feels natural and responsive, making it easier to access information and services. \ud83d\udcf1 Mobile-Friendly Design: Whether you're browsing from your desktop or on-the-go, our website adapts to every screen size and device with perfect precision. \ud83d\udd27 Ongoing Improvements: The work doesn\u2019t stop here. As we continue to evolve, we\u2019ll be rolling out even more features and updates, all designed to make your experience even better. Stay tuned for personalized content and enhanced functionalities!</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/26/welcome-to-the-future-of-network-pro/#why-we-made-this-change","title":"\ud83c\udfaf Why We Made This Change","text":"<p>We\u2019re always striving to improve, and upgrading our web experience is part of our ongoing commitment to you\u2014our valued community. By using SvelteKit, we\u2019ve ensured that our site isn\u2019t just faster, but also future-proof, allowing us to continuously evolve with cutting-edge web technologies.</p> <p>It\u2019s about providing you with the best tools and information in the most efficient and user-friendly way possible. This isn\u2019t just about looks\u2014this is about optimizing performance, improving accessibility, and ensuring that our website works better for you in every possible way.</p>","tags":["network-pro","website","sveltekit"]},{"location":"2025/05/26/welcome-to-the-future-of-network-pro/#check-out-the-new-site","title":"\ud83d\udce3 Check Out the New Site","text":"<p>Ready to experience the future? Head over to our new site now at netwk.pro to explore all the new features.</p> <p>Your feedback matters to us\u2014if you have any suggestions or thoughts on how we can continue to improve, don\u2019t hesitate to get in touch!</p> <p>Thanks for being part of the journey with us. The best is yet to come! \ud83d\ude80</p> <p> </p> <p>Network Pro\u2122 | Cybersecurity that respects your values.</p> <p>Network Pro\u2122, the shield logo, and the \"Locking Down Networks\u2122\" slogan are trademarks of Network Pro Strategies.</p> <p>Licensed under CC BY 4.0 and the GNU GPL, as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>","tags":["network-pro","website","sveltekit"]},{"location":"archive/2025/","title":"May 2025","text":""},{"location":"archive/2015/","title":"January 2015","text":""},{"location":"category/security/","title":"Security","text":""}]}

package/sitemap.xml

@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
-    <url>
-         <loc>https://blog.netwk.pro/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/contributing/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/tags/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/2025/05/15/building-a-better-web-experience/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/2025/04/30/were-live/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/2025/05/11/the-network-pro-blog-has-moved/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/2025/05/16/progressive-web-app-is-live/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/2015/01/04/secure-secure-shell/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/2025/05/26/welcome-to-the-future-of-network-pro/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/archive/2025/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/archive/2015/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-    <url>
-         <loc>https://blog.netwk.pro/category/security/</loc>
-         <lastmod>2025-05-26</lastmod>
-    </url>
-</urlset>