Best of Hack and /

Secure Server Deployments in Hostile Territory; Preseeding Full Disk Encryption; Own Your Own DNS; Learn How-to Secure Desktops with Qubes; What's New In 3D Printing

Secure Server Deployments in Hostile Territory
Would you change what you said on the phone, if you knew someone malicious was listening? Whether or not you view the NSA as malicious, I imagine that after reading the NSA coverage on Linux Journal, some of you found yourselves modifying your behavior. The same thing happened to me when I started deploying servers into a public cloud (EC2 in my case).

In this article, I discuss some of the techniques I use to secure servers when they are in hostile territory. Although some of these techniques are specific to EC2, most are adaptable to just about any environment.

Preseeding Full Disk Encryption
Usually I try to write articles that are not aimed at a particular distribution. Although I may give examples assuming a Debian-based distribution, whenever possible, I try to make my instructions applicable to everyone. This is not going to be one of those articles. Here, I document a process I went through recently with Debian preseeding (a method of automating a Debian install, like kickstart on Red Hat-based systems) that I found much more difficult than it needed to be, mostly because documentation was so sparse. In fact, I really found only two solid examples to work from in my research, one of which referred to the other.

Own Your Own DNS
I honestly think most people simply are unaware of how much personal data they leak on a daily basis as they use their computers. Even if they have some inkling along those lines, I still imagine many think of the data they leak only in terms of individual facts, such as their name or where they ate lunch. What many people don't realize is how revealing all of those individual, innocent facts are when they are combined, filtered and analyzed.

Learn How-to Secure Desktops with Qubes
This is the first in a multipart series on Qubes OS, a security-focused operating system that is fundamentally different from any other Linux desktop I've ever used and one I personally switched to during the past couple months. In this first article, I provide an overview of what Qubes is, some of the approaches it takes that are completely different from what you might be used to on a Linux desktop and some of its particularly interesting security features. In future articles, I'll give more how-to guides on installing and configuring it and how to use some of its more-advanced features.

What's New In 3D Printing
Three years ago, I wrote a series of articles titled "Getting Started with 3D Printing" that discussed the current state of the hobbyist 3D printing market from both the hardware and software angles. This is an incredibly fast-moving industry, and a lot has changed since I wrote those columns. So much has changed in fact, that this first article will serve just to introduce what likely will be a three- or four-part series on the current state of 3D printing. In my next articles, I'll dive deeper into particular 3D printing topics, so consider this article as an overview and sneak peek to those topics. 3D printing is a big topic, and this is Linux Journal, so I'm going to approach this topic from a Linux-using open-source perspective and stick to tools that work in Linux.
Hack and / columnist Kyle Rankin is VP of engineering operations at Final, Inc., the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book. Watch for his latest book to be released this fall. Follow him @kylerankin.
______________________