Trending December 2023 # Securing Apache On Ubuntu – Part 2 # Suggested January 2024 # Top 14 Popular

You are reading the article Securing Apache On Ubuntu – Part 2 updated in December 2023 on the website Achiashop.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested January 2024 Securing Apache On Ubuntu – Part 2

My previous article focused on basic security tips and tricks to secure Apache web server in Ubuntu.

You can do this by editing the “apache2.conf” file.

sudo

nano

/

etc

/

apache2

/

apache2.conf

Add the following line inside Directory /var/www/html/:

Header always append X-Frame-Options SAMEORIGIN

Save the file and restart Apache.

sudo

/

etc

/

init.d

/

apache2 restart

Now, try to open a web browser to access your web server. Check HTTP response headers in firebug; you should see X-Frame-Options as shown in the below image.

Disable Etag

Etags, also known as “Entity Tags,” are a vulnerability in Apache. They allow remote users to obtain sensitive information like inode number, child process IDs and multipart MIME boundary using the Etag header. It is recommended to disable Etag.

You can do this by editing the “apache2.conf” file.

sudo

nano

/

etc

/

apache2

/

apache2.conf

Add the following line inside Directory /var/www/html/:

FileETag None

Save the file and restart Apache.

Now, try to open a web browser to access your web server. Check HTTP response headers in firebug; you should not see Etag at all.

Disable Old Protocol

You can disable it using the “mod_rewrite” rule by only allowing HTTP 1.1 protocol.

For this, edit the “apache2.conf” file.

sudo

nano

/

etc

/

apache2

/

apache2.conf

Add the following line inside Directory /var/www/html/:

RewriteEngine On RewriteCond

%

{

THE_REQUEST

}

!

HTTP

/

1

.1$ RewriteRule .

*

-

[

F

]

Save the file and restart Apache.

HTTP Request Methods

In Ubuntu, HTTP 1.1 protocol supports many request methods like “OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT” which may not be required. It is recommended to enable only HEAD, POST and GET request methods.

To fix this, edit the Apache configuration file.

sudo

nano

/

etc

/

apache2

/

apache2.conf

Add the following line inside Directory /var/www/html/:

deny from all

Save the file and restart Apache.

Secure Apache from an XSS Attack

XSS (also known as Cross-site Scripting) is one of the most common application-layer vulnerabilities. It allows an attacker to execute code on the target web server from a user’s web browser. Attackers can attack on XSS vulnerable web server by using a browser side scripting (JavaScript), so it is recommended to enable XSS protection on Apache.

You can do this by editing the Apache configuration file.

sudo

nano

/

etc

/

apache2

/

apache2.conf

Add the following line inside Directory /var/www/html/:

Header

set

X-XSS-Protection

"1; mode=block"

Save the file and restart Apache.

Now, try to open a web browser to access your web server. Check HTTP response headers in firebug; you should see X-XSS-Protection Options as shown in the below image.

Protect Cookies with HTTPOnly Flag

To fix this, edit the Apache configuration file.

sudo

nano

/

etc

/

apache2

/

apache2.conf

Add the following line inside Directory /var/www/html/:

Header edit Set-Cookie ^

(

.

*

)

$

$1

;HttpOnly;Secure

Save the file and restart Apache.

Conclusion

Hitesh Jethva

Over 5 years of experience as IT system administrator for IT company in India. My skills include a deep knowledge of Rehat/Centos, Ubuntu nginx and Apache, Mysql, Subversion, Linux, Ubuntu, web hosting, web server, squied proxy, NFS, FTP, DNS, Samba, ldap, Openvpn, Haproxy, Amazon web services, WHMCS, Openstack Cloud, Postfix Mail Server, Security etc.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sign up for all newsletters.

By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.

You're reading Securing Apache On Ubuntu – Part 2

How To Enable Http2 0 In Apache On Ubuntu

HTTP/2.0 is the latest version of the HTTP protocol that offers significant performance improvements over its predecessor, HTTP/1.1. Enabling HTTP/2.0 on your Apache web server can enhance the speed and responsiveness of your website, resulting in a better user experience for your visitors. In this article, we will guide you through the steps to enable HTTP/2.0 on Apache on Ubuntu.

Step 1: Check Apache Version

Before enabling HTTP/2.0, it is essential to ensure that your Apache version is compatible with HTTP/2.0. To check your Apache version, run the following command in your terminal −

apache2 -v

The output will display your Apache version. If your Apache version is 2.4.17 or later, you can proceed to enable HTTP/2.0.

Step 2: Install SSL Certificate

HTTP/2.0 requires a secure SSL/TLS connection. Hence, you need to have an SSL certificate installed on your web server. If you don’t have an SSL certificate installed, you can obtain a free Let’s Encrypt SSL certificate by following the instructions in this article: How to Install Let’s Encrypt SSL on Ubuntu.

Step 3: Enable HTTP/2.0

To enable HTTP/2.0 on your Apache server, follow these steps −

Install the required module −

Edit the Apache configuration file −

sudo nano /etc/apache2/sites-available/your-site.conf

Add the following lines to your VirtualHost block −

Save and close the file.

Restart Apache sudo service apache2 restart

That’s it! You have successfully enabled HTTP/2.0 on your Apache web server.

Step 4: Test HTTP/2.0

While enabling HTTP/2.0 on your Apache web server, you should keep in mind that not all browsers support this protocol. Some older browsers may not support HTTP/2.0, and they will fall back to using HTTP/1.1. Therefore, it is recommended that you also enable HTTP/1.1 to ensure that your website is accessible to all visitors.

To enable both HTTP/2.0 and HTTP/1.1, you need to modify the VirtualHost block in your Apache configuration file as follows −

Enabling HTTP/2.0 on your Apache server can also enhance the security of your website. HTTP/2.0 requires the use of SSL/TLS encryption, which provides an extra layer of security for your website. It is recommended that you use a strong SSL/TLS configuration to protect your website and your visitors’ data.

In addition to enabling HTTP/2.0 on your Apache server, you can also optimize your website for HTTP/2.0. For example, you can reduce the number of HTTP requests by combining multiple resources into a single file, using server push to pre-load resources, and optimizing the size of your images and other media files.

Another important consideration when enabling HTTP/2.0 on your Apache server is the server load. HTTP/2.0 requires more resources than HTTP/1.1, which means that your server may experience a higher load when serving HTTP/2.0 requests. Therefore, it is recommended that you monitor your server’s resource usage and adjust the configuration as needed.

You can use tools like Apache’s built-in mod_status module to monitor your server’s resource usage. This module provides real-time information on server activity, including the number of requests, the status of each request, and the server’s CPU and memory usage.

To enable mod_status, you need to add the following lines to your Apache configuration file −

SetHandler server-status Require all granted

By monitoring your server’s resource usage and adjusting your configuration as needed, you can ensure that your server can handle the increased load when serving HTTP/2.0 requests.

Another aspect to consider when enabling HTTP/2.0 on your Apache server is the use of virtual hosts. If you are hosting multiple websites on the same server, you can enable HTTP/2.0 for each virtual host separately.

To enable HTTP/2.0 for a specific virtual host, you need to add the following lines to the virtual host configuration file −

SSLCertificateFile /path/to/certificate.pem SSLCertificateKeyFile /path/to/private/key.pem …

ServerName example.net SSLCertificateFile /path/to/certificate.pem SSLCertificateKeyFile /path/to/private/key.pem …

By enabling HTTP/2.0 for each virtual host separately, you can provide a faster and more responsive user experience for each website.

Finally, it is important to keep your Apache server up-to-date to ensure that you have the latest security patches and performance improvements. You can use the following command to update Apache and its modules −

sudo apt-get update sudo apt-get upgrade

By regularly updating your Apache server, you can ensure that your website remains secure and performs at its best.

Another important aspect to consider when enabling HTTP/2.0 on your Apache server is the use of caching. HTTP/2.0 has built-in support for server push, which allows the server to push resources to the client without waiting for a request. However, server push may not be the best solution for all resources, especially for large files that are not needed on every page load.

To optimize the performance of your website with HTTP/2.0, you can use caching to reduce the number of requests and improve the speed of your website. Apache supports various caching mechanisms, including mod_cache and mod_cache_disk.

Mod_cache is an in-memory caching mechanism that stores frequently accessed content in memory. This can significantly reduce the server load and improve the response time for frequently accessed resources.

Mod_cache_disk, on the other hand, stores frequently accessed content on disk, which can improve the response time for resources that are not frequently accessed. This can also reduce the server load by reducing the number of requests to the server.

To enable caching on your Apache server, you need to add the following lines to the virtual host configuration file −

CacheQuickHandler on CacheLock on CacheLockPath /tmp/mod_cache-lock CacheLockMaxAge 5 CacheIgnoreCacheControl On CacheIgnoreNoLastMod On CacheIgnoreHeaders Set-Cookie CacheStorePrivate On CacheStoreNoStore On

These lines enable caching and specify the cache lock path and maximum age. You can customize these settings to suit your website’s needs.

In addition to enabling caching, you can also optimize the size of your resources by compressing them. Apache supports gzip compression, which can significantly reduce the size of your resources and improve the speed of your website.

To enable gzip compression on your Apache server, you need to add the following lines to the virtual host configuration file −

AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/x-javascript DeflateCompressionLevel 9 DeflateWindowSize 15 DeflateBufferSize 8096

These lines enable gzip compression for the specified content types and specify the compression level, window size, and buffer size. You can customize these settings to suit your website’s needs.

Conclusion

Enabling HTTP/2.0 on your Apache web server can significantly improve the speed and performance of your website. By following the steps outlined in this article, you can easily enable HTTP/2.0 on your Ubuntu server and enjoy the benefits of this new protocol.

Evernote Open Source Alternatives Part 2: Standard Notes

Evernote open source alternatives Part 2: Standard Notes [UPDATED]

Some people fear that the Evernote ship has too many holes and too few crew members to stay afloat. Others have already started their exodus, looking for comparable services. While there’s no shortage of that, there’s something to be said for open source solutions that have the higher chance of surviving bankruptcy, hacks, and governments. Last time we took a look at Turtl, which turned out to be more of a Google Keep Notes alternative than an Evernote replacement. Now we try Standard Notes for a spin which places an even heavier emphasis on privacy and longevity.

If you have been burned by services that suddenly vanish without a trace, you might want to hear Standard Note’s spiel which comes in two parts. The first is end-to-end encryption, which uses your password not just to unlock your account but as an encryption key for each and every note you make on the app. Its second message is one of survivability, at least of your notes. Should Standard Notes go under, you will still have your notes thanks to backups as well as an offline decryption program. And, of course, it’s all open source, including the server backend it uses.

One of Standard Note’s key strengths when it comes to performance is speed. That’s partly because its basic free account is pretty barebones. Encryption and unlimited sync comes for free, as well as offlline access on any number of devices. Standard Notes has apps available for all the standard platforms and even has a Web version for everything else. The downside to that free account is that Standard Notes is pretty much a plain text editor. For some, that might be enough, for others, the $9.99 monthly fee is well worth the investment.

UPDATE: Just a quick update and clarification on Standard Notes’ pricing tiers. That $9.99 monthly figure might seem disheartening, but that is simply the full price if you want to only be billed every month. If, however, you have no problems being billed yearly or even every five years, then there are cheaper options available too.

• $4.17 per month is what you’d be effectively paying for if you opted to be billed annually. The price you’ll be charged for each year will be $49.99, a total proce saving of 58%.

• $2.48 per month is the cheapest option but one where the subscription is good for five years. The total thst you’ll be paying when you subscribe is $149, which is a 75% savings in total.

The Extended account brings out the full power of Standard Notes. While the basic free account is pretty much a highly-secure, cloud-synced plain text editor, Extension available only on through the paid subscription can give Evernote a run for its money. Use markdown to add formatting and images while retaining the note’s plain text format, integrate with services like GitHub and back up to other cloud services of your choice. You can even change the way the app looks with themes, something Evernote still hasn’t been able to provide.

That said, the default appearance of the Standard Notes desktop app, especially for free users, is pretty sparse. It follows the same three-column layout that Evernote uses, with the notebooks at the left most column, followed by the list of notes, and finally the contents of the notes. Unless you pony up some cash, that’s pretty much all you can have.

For some who need a quick and secure, no-frills note-taking service, Standard Notes’ performance and presence on all platforms, including the web, is more than enough. You can definitely extend its power, but the ability to even do basic formatted text is sadly hidden behind a subscription and can be a deal breaker, especially considering how much it’s asking for each month. Then again, that fee does bring more than pretty text and images but more peace of mind via backups and version history and Standard Notes’ free tier still offers more freedom and security than Evernote ever did.

Traversing The Trinity Of Statistical Inference Part 2: Confidence Intervals

This article was published as a part of the Data Science Blogathon

This is the second article of the series on ‘Traversing the Trinity of Statistical Inference’. In this article, we’ll discuss the concept of confidence intervals. Before moving to the concept, we’ll take a slight detour and revise the ideas discussed in the previous article of this series.

We started with the example of a beverage company that is interested in knowing about the proportion of people who prefer tea over coffee. We stepped into the shoes of a statistician and began analyzing our experiment. The experiment involved surveying a group of 850 people (n = 850) and noting down their preference in the binary system of 0 (indicating preference of coffee) and 1 (indicating preference of tea). We defined a series of random variables X1, X2, …, Xn that follow a Bernoulli distribution to model our experiment.

We then explored certain basic properties of Xi and then introduced the idea of estimation. The sample-mean estimator (calculated as the average of our observations) was used for estimation and its properties were discussed in the light of the Law of Large Numbers (LLN) and the Central Limit Theorem (CLT). We concluded by evaluating the performance of our estimator through various metrics including bias, efficiency, quadratic risk, consistency, and asymptotic normality.

Now that we have familiarised ourselves with the fundamentals of estimation, we can take a step ahead and explore the second pillar of the realm of statistical science- Confidence Intervals. The purpose of confidence intervals, in layperson terms, is to create error bars around the estimated value of an unknown parameter. So, there are two aspects of a confidence interval:

Confidence: It indicates the level of surety we wish to attain

Interval: It indicates a range of values that our estimator can take.

“Is there a range of possible outcomes that the estimate can take depending upon how confident we want to be? What is that range?” Let’s begin!

Topics:

A) Notation & Basic Properties of the Gaussian distribution

B) Asymptotic Normality of the Sample Mean Estimator

C) A General Notion for Confidence Intervals

D) Deriving the Asymptotic Confidence Intervals for the Sample Mean Estimator

E) Plug-in Method and the Frequentist Interpretation

F) Conservative Bound Method

G) Quadratic Method

A) Notations & Basic Properties of the Gaussian distribution

1) Linear transformation of a Gaussian distribution: Let X follow a Gaussian distribution with mean µ and variance σ2. Suppose we are given a random variable Y that is a linear transformation of X such that:

form of X will follow a standard normal distribution i.e., a Gaussian with mean 0 and variance 1. Mathematically,

3) Cumulative Distribution Function (CDF) of a Gaussian Distribution: If Z follows a standard Gaussian distribution, then the following notation is used the CDF (the probability that Z is lesser than or equal to some number t) of Z:

Using this notation (and the property of standardization), we can obtain the CDF of any random variable X that follows a Gaussian distribution with mean µ and variance σ2:

Graphically, Φ(t) denotes the area below the standard Gaussian curve between -infinity and t. That is,

(Image by Author)

4) Quantiles of a Gaussian Distribution and its properties: If,

Where Φ-1 is the inverse of the CDF of the Gaussian. Essentially, Φ-1(x) gives a value t such that the area below the standard Gaussian curve between -infinity and t is equal to x. We define the quantiles of the gaussian as follows:

Graphically,

(Image by Author)

How are all these properties going to be useful to us? These properties will be relevant in the context of the asymptotic normality of the sample mean estimator, which has been discussed in the next section.

B) Asymptotic Normality of The Sample Mean Estimator

The application of the Central Limit Theorem (CLT) on the sample mean estimator gave us the following result:

It shows that the standardized version of the sample mean estimator converges (“in distribution”) to the standard Gaussian distribution. This property of estimators was called asymptotic normality. In fact, by using the properties of normal distribution, we can also conclude that the same mean estimator itself follows a normal distribution:

Property used: If X follows a Gaussian distribution with mean µ and variance σ2, then aX + b follows a normal distribution with mean aµ + b, and variance a2σ2. Let’s talk about this asymptotic normality more. In general, an estimator (or equivalently an estimate) θ-hat for parameter θ is said to exhibit asymptotic normality if:

Where σθ2 is referred to as the asymptotic variance of the estimator θ-hat.

Although not of much relevance, we can use the above definition (and properties of gaussian distribution), obtain the asymptotic variance of our sample mean estimator as follows:

Thus the asymptotic variance of p-hat is p(1 – p). You might be wondering how is all this related to the idea of confidence intervals? Asymptotic normality allows us to garner information about the distribution of the sample mean estimator. Since we know that the above function of the sample mean estimator follows a gaussian distribution for large sample sizes, we can calculate the probability that the following function (of the sample mean estimator) lies between a certain interval A. Mathematically, we can say that (for large sample size):

Generally, it’s easier to play around with the following form:

(Equation 1)

This is like the core equation of this entire article. All new concepts will be built upon this equation.

C) A General Notion for Confidence Intervals

First, we’ll talk about a general notion (mathematically of course) of confidence intervals. We’ll then apply this notion to our example, mix it up with asymptotic normality, and develop something spicy.

Let Y1, Y2, …, Yn be some independent and identically distributed random variables with the following statistical model:

We introduce a new variable called α such that α ∈ (0, 1). Our goal is to create a confidence interval 𝕀 for the true parameter θ such that the probability that θ lies in 𝕀 is more than or equal to 1 – α. Mathematically,

that p belongs to 𝕀 is more than or equal to 90% (or 0.9):

In other words, we fix our confidence interval at α = 0.10 and compute the confidence interval accordingly. Now, it won’t be easy for us to create confidence intervals for finite sample sizes. This is because the information about the distribution of the sample mean estimator is given by the Central Limit Theorem, which assumes large sample sizes (n approaches infinity). So instead of finite confidence intervals, we introduce asymptotic confidence intervals, which are defined as follows:

The confidence intervals that we are describing for our example are two-sided because we are not interested in an upper or lower boundary that limits the value of our true parameter. On the other hand, in a one-sided confidence interval, our goal is to obtain a tight upper or lower bound for the true parameter. For instance, if we are interested in determining the mean concentration of toxic wastes in a water body, we don’t care about how low the mean could be. Our focus would be to determine how large the mean could be i.e., finding a tight upper bound for the mean concentration of the toxic wastes. This article shall restrict our discussion to two-sided confidence intervals as they are more relevant to our example. Why two-sided confidence interval for our example? Because we are not interested in overestimating or underestimating the true parameter p. Our focus is simply to find an interval that contains p with a certain confidence/level.

A two-sided confidence interval is generally symmetric about the estimator that we are using to determine the true parameter. In most cases, if θ-hat is our estimator for θ, then the two-sided confidence interval for θ (particular to our estimator) is represented as:

will find later!). In our example, the confidence interval is described as follows:

(Equation 2)

(Equation 3)

And for the rest of the article, our goal will be to determine ‘a’.

Just a few concluding questions:

𝕀 is going to depend upon the level 1 – α, the sample size n, and the value of the estimator θ-hat. So different estimators yield different confidence intervals.

The answer is no. This must seem obvious: if 𝕀 was dependent on θ, then we wouldn’t have been able to calculate it. Hence, consider this as a rule of thumb: “Confidence intervals must be independent of the true parameter we are trying to estimate”.

(Think….) The answer will be discussed later.

D) Deriving the Asymptotic Confidence Intervals for the Sample Mean Estimator

Now that we are well versed with the general notion and associated terminologies, we can start constructing the confidence interval for our example:

We let A be the following interval:

Where a is some constant. Why this interval only? Because the above interval gives equation 1 a special form:

(Equation 4)

Does the LHS seem familiar? Remember equation 3?

Now, we shall use the properties of the gaussian distribution to compute the LHS of the above equation:

Using property 2 of Gaussian distributions i.e., standardizing the distribution to get the standard gaussian Z, we obtain the following equation:

Recall that by the property of symmetry of the standard gaussian, we have,

Recall the definition of quantiles of the gaussian distribution: q(α/2) denotes the αth/2 quantile. Thus, we obtain:

So, finally, we’ve obtained an expression for a! Let’s substitute this expression for ‘a’ in equation 2:

So, are we done? Not yet. Recall that the confidence interval cannot depend upon the true parameter p, which is not seen in the above expression. So, now we have another problem: remove the dependency of 𝕀 on p. The question is how? Well, there are 3 ways to resolve this problem.

E) Plug-in Method and the Frequentist Interpretation

The first method, which is possibly the simplest involves replacing the true parameter p in the expression for 𝕀 with the value of the estimator p-hat i.e., replace p with the sample mean. This gives us the following results:

Yes, we’ve obtained a confidence interval! We’ll now plug in some real values and calculate 𝕀 for our example. Recall that from our survey we found out that 544 people prefer tea over coffee, while 306 people prefer coffee over tea.

So, now we compute:

The 90% plug-in confidence interval for the proportion of people that prefer tea over coffee.

The 95% plug-in confidence interval for the proportion of people that prefer tea over coffee.

Let’s solve these problems:

1) 90% plug-in confidence interval implies 1 – α = 0.90, giving us α=0.10. Using any statistical software, we can obtain that:

we obtain:

2) 95% plug-in confidence interval implies 1 – α = 0.95, giving us α=0.05. Using any statistical software, we can obtain that:

Substituting all these results in the expression for 𝕀plug-in, we obtain:

Observation: 𝕀plug-in for 95% confidence is larger than 𝕀plug-in for 90% confidence. This makes sense. The more we want to be confident about our parameter lying in an interval, the more is going to be the width of the interval. Before proceeding further with our discussion of the other methods, I find it very important to put forward a small question (that has a humongous answer):

What is the probability that the true p belongs to in the interval [0.6077, 0.6723]?

Answer: It’s not 0.95! That might seem confusing. We wanted to create an interval such that the probability that the interval contained p was at least 0.95. We did so and now we are saying that the probability is not 0.95! What’s the mystery?. Remember, I had asked you to find if confidence intervals are a random or deterministic quantity. The answer to that question was random since confidence intervals were dependent upon the estimator, which itself is a random quantity. In other words, the confidence interval for the parameter p depends upon the random sample we’ve chosen. If we had surveyed some other portion of Mumbai’s population, then the sample mean could have taken a different value, say 0.62 giving us a different confidence interval. Since 𝕀 was random, we could make statements such as:

But, once we plug in the true values, then the random 𝕀 assumes a deterministic value i.e., [0.6077, 0.6723]. It is no longer random. The probability that the true p belongs to this interval can be only 1 (if true p is some number that lies between 0.6077 and 0.6723) or 0 (if true p is some number that does not lie between 0.6077 and 0.6723). Mathematically,

There’s no other probability that’s possible. We are calculating the probability that one deterministic quantity lies in another deterministic quantity. Where’s the randomness? Probabilistic statements require randomness, and in the absence of randomness, the statements do not make much sense.

It’s like asking what’s the probability that 2 is between 1 and 3? Of course, 2 is between 1 and 3, so the probability is 1; it’s a sure event. What’s the probability that 2 is between 3 and 4? Of course, 2 is not between 3 and 4, so the probability is 0; it’s an impossible event. Well, you might think we are back to square 1 since these intervals don’t make sense. What’s the use of that math we did? That’s because we still haven’t understood the interpretation of confidence intervals. (The mystery increases…)

So, how do we interpret 𝕀? Here, we shall discuss the frequentist interpretation of confidence intervals. Suppose we observed different samples i.e., we went across Mumbai surveying several groups of 850 people. For each sample, we’ll construct a 95% confidence interval. Then the true p will lie in at least 95% of the confidence intervals that we created. In other words, 95% is the minimum proportion of confidence intervals that contain the true p. Now that’s randomness. And that’s why we can make probabilistic statements here.

F) Conservative Bound Method

In this method, we replace the occurrence of p with the maximum value that the function of p can take. This method may not apply in many situations, but in our case, it works well. The expression we obtained for 𝕀 was:

Here we replace the above function with its maximum value. How does that work? Remember that the probability that p belongs to 𝕀 must be at least 1 – α. So, if we substitute the maximum value of the above function, we’ll obtain the maximum width of the confidence interval, which does not really affect our probability of ‘at least 1 – α’. That’s why is called the conservative bound method. In fact, conservative confidence intervals have a higher probability of containing the true p because they are wider. So, we are interested in obtaining:

The maximum value can easily be found by using calculus. But instead, I’ll use the graphical approach as it’s more intuitive. The graph for sqrt(p*(1 – p)) is shown below:

[Image by Author (made from Desmos Graphing Calculator)]

It can be seen that sqrt(p*(1 – p)) is maximised for p = 0.5, and the maximum value of the function is 0.5. Substituting all this in the expression for 𝕀 we obtain,

Thus, we have obtained the conservative confidence interval for our example. We shall now solve the following problems:

Compute:

The 90% conservative confidence interval for the proportion of people that prefer tea over coffee.

The 95% conservative confidence interval for the proportion of people that prefer tea over coffee.

Let’s solve these problems:

that:

we obtain

that:

we obtain:

Notice that the conservative confidence intervals are wider than the plug-in confidence intervals.

G) Quadratic Method

We shall now discuss the final method, which is possibly the hardest of all three. Although it generally gives good results (in terms of narrower confidence intervals), the process of calculating the intervals is much longer. The idea is as follows:

1) We assume that the true p  belongs to 𝕀:

This gives us a system of two inequalities:

The above inequalities can also be represented as:

2) We square the above expression, which gives us:

We replace the ‘≤’ sign with ‘=’ sign and open the brackets to get the following quadratic equation:

3) We solve the above quadratic equation to get two solutions which shall be the lower and upper limits of the ‘solved’ confidence interval. Using the quadratic equation,

Yes, the solved confidence interval is that long-expression, which I cannot even fit in a single line. As I said, the interval is narrower, but the process is longer. We shall now solve the following problems:

Compute:

The 90% solved confidence interval for the proportion of people that prefer tea over coffee.

The 95% solved confidence interval for the proportion of people that prefer tea over coffee.

Let’s solve these problems:

1) 90% solved confidence interval implies 1 – α = 0.90, giving us α=0.10. Using any statistical software, we can obtain that:

a simple quadratic and solve it using any quadratic equation calculator:

Solving, the above equation, we obtain:

2) 95% solved confidence interval implies 1 – α = 0.95, giving us α=0.05. Using any statistical software, we can obtain that:

Instead of using that long formula, we’ll obtain a simple quadratic and solve it using any quadratic equation calculator:

Solving, the above equation, we obtain:

Notice that the solved confidence intervals are narrower than the plug-in confidence intervals, but with a difference of only about 0.0001. So, it’s better but the magnitude of complexity is much more than the improvement attained.

This concludes our discussion on confidence intervals. The next and the final article of this series will describe the process of hypothesis testing. Unlike estimation and confidence intervals that gave results in numerical format, hypothesis testing will produce results in a yes/no format. It’s going to be a very exciting and challenging journey ahead!

Conclusion

In this article, we continued with our statistical project and understood the essence of confidence intervals. It’s important to note that we took a very basic and simplified example of confidence intervals. In the real world, the field of confidence intervals is vast. Various probability distributions require a mix of several techniques to create confidence intervals. The purpose of this article was to not only see confidence intervals as a mix of theory and math but also to make us feel the idea. I hope you enjoyed reading this article!

If you liked my article and want to read more of them, visit this link. The other articles of this series will be found on the same link.

Note: All images have been made by the author.

About the Author

Image by Author

I am currently a high school student, who is deeply interested in Statistics, Data Science, Economics, and Machine Learning. I have written two data science research papers. You can find them here.

The media shown in this article are not owned by Analytics Vidhya and are used at the Author’s discretion.

Related

Securing Patient Records On Wearables Just Got Simple

Wearables are on the fast track, evolving from a consumer product to an enterprise-ready tool for enhanced user productivity. The education market for wearables is expected to grow at nearly 46 percent per year through 2023, and the demand for wearables in public safety is growing.

Wearables in Healthcare on the Rise

Before considering the security of modern wearables, it’s important to set the stage for the adoption of wrist computing in healthcare. Why are medical professionals moving in the direction of wearable devices in the first place?

From a practical standpoint, wearables can allow nurses to be hands-free while taking care of patients. It may reduce their need to carry another mobile device for information or medical alerts. As apps become more readily deployable and manageable on devices like the Gear S3, stakeholders from across the healthcare enterprise are finding ways to utilize this new technology. They’re looking to wearables as a way to improve clinical communications, streamline the patient experience and enhance productivity among care providers.

Hospitals may wish to deploy wearables to patients, for example, to ensure their full participation in the ecosystem workflow. As a clinical tool, a wearable may serve as a heart rate monitor. As a productivity enhancer, a wrist-worn device may notify the patient of wait times or confirm medication information, easing the administrative burden on staff members.

Wearables also give nurses an easy way to check medical records and view patient identification information. They offer hospital staff a new communication channel, serving as a streamlined means to enable nurses to dispatch for assistance, or keep in touch with team members.

Additionally, doctors can use wearables to perform a medication allergy check before beginning a procedure. They can also access these devices to alert medical teams in an emergency, or to brief themselves on patient records before surgery.

The range of clinical and productivity uses already available is just the beginning. These are early days for wearables in hospitals, and with the emergence of new apps, practitioners will see a range of new functions arise. For this to happen, though, the wearable ecosystem must be secure.

Securing Patient Data in the Mobile Era

White Paper

Download this free guide on ensuring the security of your healthcare apps. Download Now

Building a Secure Ecosystem

The Gear S3 is secured by Knox Tizen Wearable 2.0, a hardware-based, built-in platform delivering security, manageability, productivity and personalization. Fortified with Samsung Knox security, the platform offers security enhancements at the kernel level.

Tizen Security Enhancement offers permissions management for apps and data, a key element in securing mobile devices. The Trusted Boot function secures the device on startup, analyzing whether booting components have been tampered with, while Kernel Protection delivers real-time kernel monitoring and protection. Keys are securely stored in a TrustZone.

One way enterprise IT managers can ensure the security of their mobile devices, in any format, is through hands-on management of their inventories. Knox Tizen Wearable 2.0 gives IT managers access to hundreds of APIs to effectively manage Gear devices.

Device management tools in the ecosystem include call, data and SMS management, along with control over microphone and ring tone. IT managers can install and remove apps, allow or disallow an application, and lock or wipe a device, fortifying security across the healthcare enterprise.

Firewall settings and configuration controls with Samsung Knox security further enhance security. The rise of enterprise-grade security is helping drive the rapid adoption of wearables across a range of industries, including healthcare. As developers create new apps to customize the wearable experience, the Tizen security ecosystem ensures IT managers have the needed level of security to deploy wrist-worn devices even in information-sensitive environments, including hospitals and other medical facilities.

What does the future of healthcare look like? Here’s a glimpse at how wearables promote patient health and engagement.

Configure Postfix With Gmail On Ubuntu

Introduction

Postfix is used mail transfer agent that is used to send and receive emails. It is easy to install and configure on Ubuntu server.

In this tutorial, we will show you how to configure Postfix with Gmail on Ubuntu.

Prerequisites

Before you proceed, you will need the following −

A running Ubuntu server

A Gmail account

A valid domain name that is configured to point to the server’s IP address

Step 1: Install Postfix

In the first step install Postfix on your Ubuntu system. You can do this by running following command −

sudo apt-get install postfix

During installation, you will be prompted to select mail server configuration and there options. You should choose “Internet Site” and fill your server’s domain name when ask.

Step 2: Configure Postfix

Once Postfix is installed, you need to configure it to use Gmail as a relay for all emails. Open the main Postfix configuration file by using the following command −

sudo nano /etc/postfix/main.cf

Add the following lines to the end of the file −

smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous

Save and exit the file.

Step 3: Create a Gmail App Password

To use Gmail as a relay server, you need to create an App Password in Gmail configuration. This password is use to authenticate Gmail’s servers for relaing emails. To create an App Password, you can follow these steps −

Log in to your Gmail account.

Go to your Google Account settings page.

Select “Mail” as the app and “Other (Custom Name)” as the device.

Make a note of the password that is generated.

Step 4: Add Gmail Credentials in Postfix

Now that you have created an App Password, you need to add it to Postfix. Create a new file called “sasl_passwd” in the /etc/postfix directory by running the following command −

sudo nano /etc/postfix/sasl_passwd

Save and exit the file.

Now, use following command to hash the sasl_passwd file −

sudo postmap /etc/postfix/sasl_passwd Step 5: Restart Postfix

Now restart Postfix service to apply the changes by using following command −

sudo systemctl restart postfix Step 6: Test the Configuration

If everything is configured correctly, the email should be sent and received by the recipient.

Advanced Configuration Options

There are several additional configuration options, you can use this to fine-tune Postfix and Gmail integration. Here are some of the most useful ones −

“smtp_tls_CAfile” − This option allows you to specify a custom Certificate Authority (CA) file to use for TLS encryption. This can be useful if you want to use a different CA than the default one included with Ubuntu.

“smtp_tls_security_level” − This option determines the level of security that is required for TLS encryption. The possible values are “may”, “encrypt”, “dane”, and “verify”. The default value is “may”, which means that TLS encryption is used if possible.

“smtp_tls_mandatory_protocols” − This option specifies the minimum TLS protocol version that is allowed. The possible values are “TLSv1”, “TLSv1.1”, and “TLSv1.2”. The default value is “TLSv1”.

“smtp_tls_mandatory_ciphers” − This option specifies the minimum TLS cipher that is allowed. The default value is “high”.

“smtp_tls_exclude_ciphers” − This option allows you to exclude specific TLS ciphers from the list of allowed ciphers.

“smtp_tls_note_starttls_offer” − This option adds a note to the message headers indicating whether the server offered a STARTTLS command during the SMTP session.

You can add these options to the chúng tôi file, just like the relayhost and sasl_passwd options. Here is an example configuration that uses some of these options −

smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_security_level = encrypt smtp_tls_mandatory_protocols = !SSLv2,!SSLv3 smtp_tls_mandatory_ciphers = high smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, SRP, CAMELLIA128, CAMELLIA256, SEED smtp_tls_note_starttls_offer = yes

This configuration specifies the following options −

smtp_use_tls is set to “yes”, which enables TLS encryption for the SMTP connection.

smtp_sasl_auth_enable is set to “yes”, which enables SASL authentication.

smtp_sasl_password_maps is set to /etc/postfix/sasl_passwd, which contains the Gmail credentials.

smtp_sasl_security_options is set to “noanonymous”, which requires the client to identify itself using SASL authentication.

smtp_tls_CAfile is set to chúng tôi which is the default CA file for Ubuntu.

smtp_tls_security_level is set to “encrypt”, which requires the use of TLS encryption.

smtp_tls_mandatory_protocols is set to “!SSLv2,!SSLv3”, which disallows the use of SSLv2 and SSLv3.

smtp_tls_mandatory_ciphers is set to “high”, which requires the use of strong TLS ciphers.

smtp_tls_exclude_ciphers is set to a list of weak TLS ciphers that are not allowed.

smtp_tls_note_starttls_offer is set to “yes”, which adds a note to the message headers indicating whether the server offered a STARTTLS command.

Conclusion

In this tutorial, we have shown you how to configure Postfix with Gmail on Ubuntu. This configuration allows you to send and receive emails using your Gmail account. By following these steps, you can easily set up Postfix to use Gmail as a relay on your Ubuntu server.

Update the detailed information about Securing Apache On Ubuntu – Part 2 on the Achiashop.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!