Current_Issue.tar.gz - No Room for Smugness (Well, Maybe a Little)
I remember July 19, 2001, fairly well. Yes, it was my birthday, but more profound than that was the Code Red Internet worm (en.wikipedia.org/wiki/Code_Red_worm) that was at its peak infection point. Because I was the network administrator for a school district, the summer was spent upgrading and reinstalling servers to prepare for the next year. The Code Red onslaught was a great reminder that I needed to patch the few Windows servers I administered. Unfortunately, my main Windows machine already was infected, and at that point, we weren't entirely sure how much hidden damage was done to the machines. Because it was summer, I decided formatting the hard drive and starting over would be the easiest way to be sure my server wasn't infected. Because it was summer, the downtime wouldn't really be a problem, and reformatting Windows computers tends to make them work a bit better anyway. So that's what I did.
The problem was that before I even could download the security patch, my Windows server would become infected. I tried the “race” a handful of times, but in the end, I had to put my Windows server behind a Linux firewall/proxy machine that would protect it while it updated. I won't lie; using Linux to protect my Windows server during the upgrade did make me a little smug. I even bragged to my fellow school technology directors (most of whom run Microsoft shops) about how impervious Linux is to attack.
Then, in September, the Nimda worm (en.wikipedia.org/wiki/Nimda) crippled my Linux Web server.
Granted, my server didn't get infected with the worm, because like Code Red, Nimda targeted Microsoft's IIS server. The sheer number of concurrent infection attempts, however, effectively caused my poor little Web server to stop responding. It was then that I really began to realize how security is an active process, not just the result of smart planning. We don't all need to be security experts, but if we're in charge of any computers, we need to be aware of the tactics and tools available to protect them. Here at the Linux Journal office, we decided the perfect way to start the new year would be with an issue devoted to security.
One of the first obstacles to securing your infrastructure effectively can be the sheer size of it. It's true that command-line administration is quick and easy, but if you have hundreds or thousands of servers, even the command line can be overwhelming. Kyle Rankin shows us a few shortcuts he uses to connect to multiple servers via SSH.
Our own local security expert, Mick Bauer, continues his series on securing Samba. Mick shows us that the best offense is a good defense, and starting with a secure configuration is the key to sysadmin bliss. Jeramiah Bowling broadens the scope and details how to test our entire system's security. If you don't test your security for vulnerabilities, you can be sure someone else will.
If you want to get real serious about catching the bad guys, be sure to read Grzegorz Landecki's article on detecting botnets. They tend to be scary, because a large enough botnet can take down even a secure server. Early detection is key—well, that and a geographically diverse network infrastructure. For most of us though, early detection is about the best we can do.
Speaking of bad guys, this issue will make you happy to know that Kyle Rankin hasn't chosen the Dark Side of the Force. This month, he also explains how to attack computers that aren't even powered up. Did you think powering off a computer cleared the RAM? I did, but Kyle gives us a whole new reason to stay up at night worrying. His article is a tutorial on how to exploit the few seconds it takes for RAM to “forget” its contents. I'm sure the article is intended to teach us how to best secure ourselves from malicious attempts to do the same, but it's truly scary how simple the process can be.
This issue of Linux Journal is bound to appeal to everyone on some level. Whether you need to learn about secure authentication with PAM, or you just want to learn about new products, get a few tech tips and catch up on our latest programming column, you'll want to secure this issue under lock and key. Otherwise, someone like Kyle might sneak in and take it.
Shawn Powers is the Associate Editor for Linux Journal. He's also the Gadget Guy for LinuxJournal.com, and he has an interesting collection of vintage Garfield coffee mugs. Don't let his silly hairdo fool you, he's a pretty ordinary guy and can be reached via e-mail at firstname.lastname@example.org. Or, swing by the #linuxjournal IRC channel on Freenode.net.
|Nativ Disc||Sep 23, 2016|
|Android Browser Security--What You Haven't Been Told||Sep 22, 2016|
|The Many Paths to a Solution||Sep 21, 2016|
|Synopsys' Coverity||Sep 20, 2016|
|Naztech's Roadstar 5 Car Charger||Sep 16, 2016|
|RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop||Sep 15, 2016|
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Android Browser Security--What You Haven't Been Told
- Nativ Disc
- The Many Paths to a Solution
- Naztech's Roadstar 5 Car Charger
- Securing the Programmer
- Synopsys' Coverity
- RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop
- NordVPN for Android
- Non-Linux FOSS: Chrome, for One
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide