January 2014 Issue of Linux Journal: Security

Lapsang Souchong!

Back when we were kids, "security" meant little more than having a secret password to keep little siblings out of the treehouse. That's still the case in some situations. Take the title of this column, for instance. If you go to the #linuxjournal IRC channel on FreeNode, saying "Lapsang Souchong" will mark you as part of the inner circle. (Note, this does not make you one of the cool kids...possibly the exact opposite!)

When it comes to computer security, however, things are quite a bit more complex. Whether you want to encrypt your data or lock down network access, Linux provides a wide variety of security tools. This month, we focus on using those tools in our Security issue.

Reuven M. Lerner starts off the issue with instructions on how to integrate Twitter into your applications. Whether you need your app to tweet results, error messages or automatic cat photos, Reuven walks through implementing the API. Dave Taylor follows up with a tutorial on using the ImageMagick suite to watermark and copyright photos. Since I use ImageMagick extensively with my BirdCam project (which you'll hear more about in a month or so), I found his column particularly interesting. If you need to work with photos, especially if direct interaction isn't possible, Dave's column will be interesting for you too.

Kyle Rankin gets into the security mindset this month by approaching privacy. Specifically, he explains how to set up Tor in order to browse the Web in private. Tor is just as useful as it once was, but thankfully, it's gotten easier and easier to implement. I follow Kyle's column with The Open Source Classroom, and this month, I talk about file encryption. Many people are intimidated by the notion of encryption, but it doesn't have to be scary. This month, we'll do just enough encryption to wet your whistle, and hopefully get you interested in learning more.

Although I may have introduced encryption in my column, Subhendu Bera takes things to a whole new level with Quantum Cryptography. Mathematics-based encryption is complex, for sure, but will it be enough as technology advances? Subhendu gives an explanation of Quantum Cryptography and a quick lesson in Quantum Mechanics as well. If you're interested in the future of cryptography, you'll love his article.

Remember Telnet? Telnet has been replaced in almost every situation by the much more secure SSH protocol. Granted, there still are a few situations that warrant the use of Telnet, but those generally are inside your network and never over the Internet. Just switching to SSH, however, isn't enough to ensure that you're secure. Sure, the connection itself is encrypted, but what if you have a user with a simplistic password? Or a script kiddie scanning for vulnerabilities? Federico Kereki describes how to harden SSH this month, making the wonderful and flexible SSH protocol a little safer to use. Whether you want to limit your allowed users or disable password connections altogether, Federico's article will guide you down the path of better SSH.

I may have started this issue with the basics of file and disk encryption, but if you are looking for more, Tim Cordova is about to be your favorite person. Going far beyond single file or even removable drive encryption, Tim shows how to encrypt your entire hard drive. Then, Tim goes even further and explains how to configure TrueCrypt in conjunction with SpiderOak to make sure your data is not only encrypted, but backed up as well! If you're interested in privacy and encryption, don't miss this article.

We finish off the security issue with Brian Trapp's article on solid-state drives. SSDs have been around for a number of years now, and we're finally to the point that we can provide some longevity statistics and reliability information. Have you been avoiding SSDs because you thought they would wear out? Did you think they had a significantly higher failure rate? Were you worried that you need Windows-specific drivers to make them work? Brian assuages many of those fears and validates those that are valid. SSDs are fast, and they can provide an incredible performance boost in most situations. You owe it to yourself to see if your scenario warrants an SSD. Brian's article will help.

This issue also contains tons of other Linux goodies. We have product announcements, opinion pieces and even fractals. You don't have to be one of the cool kids to enjoy this issue of Linux Journal, but it helps to be one of the smart kids. Thankfully, our readers tend to have that attribute in plentiful supply. We hope you enjoy this issue as much as we enjoyed putting it together.

Available to Subscribers: January 1

______________________

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Linux Journal is a nice

couponcode's picture

Linux Journal is a nice magazine to read.

Vmware Discount

Above all, however, the

sollen's picture

Above all, however, the Veneno benefits from the very special expertise that Automobili Lamborghini possesses in the development SUV Work Lights and execution of carbon-fiber materials – the complete chassis is produced as a CFRP monocoque.

Well, I just accessed my

Anonymous's picture

Well, I just accessed my full-disk-encryption password in plain, before decrypting the drive, before typing it. I thought the last few updates Canonical sent out in January 2014 were kind of suspicious, so I did some digging and there it was. You can call me paranoia, but things like this keep happening to me for some reason. Last Fall, in Google Voice and Gmail, messages that I have deleted 8-10 months ago, including from Trash, kept reapearing in my inbox but with the current date! And my Xubuntu machine, is really like a safebox. Only 3 ports open, one way only, no web/databse/ftp/email/ssh servers running etc, everything tighten down.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState