Security

Secure Server Deployments in Hostile Territory, Part II

In my last article, I started a series on some of the challenges related to spawning secure servers on Amazon EC2. In that column, I discussed some of the overall challenges EC2 presents for security compared to a traditional infrastructure and elaborated on how I configure security groups and manage secrets. more>>

Hacking a Safe with Bash

Through the years, I have settled on maintaining my sensitive data in plain-text files that I then encrypt asymmetrically. Although I take care to harden my system and encrypt partitions with LUKS wherever possible, I want to secure my most important data using higher-level tools, thereby lessening dependence on the underlying system configuration. more>>

One Port to Rule Them All!

I was chatting with Fred Richards on IRC the other day (flrichar on freenode) about sneaking around hotel firewalls. Occasionally, hotels will block things like the SSH port, hoping people don't abuse their network. Although I can respect their rationale, blocking an SSH port for a Linux user is like taking a mouse away from a Windows user! more>>

Secure Server Deployments in Hostile Territory

Would you change what you said on the phone, if you knew someone malicious was listening? Whether or not you view the NSA as malicious, I imagine that after reading the NSA coverage on Linux Journal, some of you found yourselves modifying your behavior. The same thing happened to me when I started deploying servers into a public cloud (EC2 in my case). more>>

A Machine for Keeping Secrets?

[I can't begin to describe all the things Vinay Gupta does. Fortunately, he does, at http://re.silience.com. more>>

Using Hiera with Puppet

With Hiera, you can externalize your systems' configuration data and easily understand how those values are assigned to your servers. With that data separated from your Puppet code, you then can encrypt sensitive values, such as passwords and keys. more>>

Urgent Kernel Patch for Ubuntu

Linux is engineered with security in mind. In fact, the most fundamental security mechanisms are built right in to the kernel itself, which makes it extremely hard for malicious code to bypass. more>>

Mumblehard--Let's End Its Five-Year Reign

Linux has a well deserved reputation as being one of the most secure platforms for individuals and businesses. This is largely due to the way security is integrated into the system, but there is a great risk in being too complacent. Recent events serve to remind us that there is no such thing as an uncrackable system. more>>

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Drupal is a very widely used open-source content management system. It initially was released in 2001, and recent statistics show Drupal as the third-most popular content management system, with just less than 800,000 Web sites utilizing Drupal as a content management system. more>>

Flexible Access Control with Squid Proxy

Large enterprises and nuclear laboratories aren't the only organizations that need an Internet access policy and a means of enforcing it. My household has an Internet access policy, and the technique I've used to enforce it is applicable to almost any organization. In our case, I'm not too concerned about outside security threats. more>>

Tighten Up SSH

SSH is a Swiss Army knife and Hogwart's magic wand all rolled into one simple command-line tool. As often as we use it, we sometimes forget that even our encrypted friend can be secured more than it is by default. For a full list of options to turn on and off, simply type man sshd_config to read the man page for the configuration file. more>>

Security in Three Ds: Detect, Decide and Deny

Whenever a server is accessible via the Internet, it's a safe bet that hackers will be trying to access it. Just look at the SSH logs for any server you use, and you'll surely find lots of "authentication failure" lines, originating from IPs that have nothing to do with you or your business. more>>

Nmap—Not Just for Evil!

If SSH is the Swiss Army knife of the system administration world, Nmap is a box of dynamite. It's really easy to misuse dynamite and blow your foot off, but it's also a very powerful tool that can do jobs that are impossible without it. more>>

Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi

Years ago, I worked for an automotive IT provider, and occasionally we went out to the plants to search for rogue Wireless Access Points (WAPs). A rogue WAP is one that the company hasn't approved to be there. So if someone were to go and buy a wireless router, and plug it in to the network, that would be a rogue WAP. more>>

Sharing Admin Privileges for Many Hosts Securely

The problem: you have a large team of admins, with a substantial turnover rate. Maybe contractors come and go. Maybe you have tiers of access, due to restrictions based on geography, admin level or even citizenship (as with some US government contracts). more>>

Syndicate content