Would you change what you said on the phone, if you knew someone malicious was listening?
Whether or not you view the NSA as malicious, I imagine that after reading the NSA coverage on
Linux Journal, some of you found yourselves modifying your behavior. The same thing
happened to me when I started deploying servers into a public cloud (EC2 in my case).
With Hiera, you can externalize your systems' configuration data and
easily understand how those values are assigned to your servers. With
that data separated from your Puppet code, you then can encrypt sensitive
values, such as passwords and keys.
Linux has a well deserved reputation as being one of the most secure platforms
for individuals and businesses. This is largely due to the way
security is integrated into the system, but there is a great risk in
being too complacent. Recent events serve to remind us that there is no
such thing as an uncrackable system.
Drupal is a very widely used open-source content management system.
It initially was released in 2001, and recent statistics show Drupal
as the third-most popular content management system, with just less than
800,000 Web sites utilizing Drupal as a content management system.
Large enterprises and nuclear laboratories aren't the only organizations
that need an Internet access policy and a means of enforcing it. My
household has an Internet access policy, and the technique I've used to
enforce it is applicable to almost any organization. In our case, I'm not
too concerned about outside security threats. more>>
SSH is a Swiss Army knife and Hogwart's magic wand all rolled into one
simple command-line tool. As often as we use it, we sometimes forget that
even our encrypted friend can be secured more than it is by default. For
a full list of options to turn on and off, simply type man
to read the man page for the configuration file.
Whenever a server is accessible via the Internet, it's a safe bet that
hackers will be trying to access it. Just look at the SSH logs
for any server you use, and you'll surely find lots of "authentication
failure" lines, originating from IPs that have nothing to do with you
or your business. more>>
If SSH is the Swiss Army knife of the system administration world, Nmap
is a box of dynamite. It's really easy to misuse dynamite and blow your
foot off, but it's also a very powerful tool that can do jobs that
are impossible without it.
Years ago, I worked for an automotive IT provider, and occasionally we went
out to the plants to search for rogue Wireless Access Points (WAPs). A
rogue WAP is one that the company hasn't approved to be there. So if
someone were to go and buy a wireless router, and plug it in to the
network, that would be a rogue WAP. more>>
you have a large team of admins, with a substantial turnover rate. Maybe
contractors come and go. Maybe you have tiers of access, due to
restrictions based on geography, admin level or even citizenship (as with
some US government contracts). more>>
The Security issue of Linux Journal always makes me feel a little
guilty. It turns out that although I have a fairly wide set of technology
skills, I'm not the person you want in charge of securing your network
or your systems. By default, Linux is designed with a moderate amount
of security in mind. For that, I am incredibly grateful. more>>
It's time for another Readers' Choice issue of Linux
Journal! The format
last year was well received, so we've followed suit making your voices
heard loud again. I couldn't help but add some commentary in a few places,
but for the most part, we just reported results. Please enjoy this year's
Readers' Choice Awards!
I've been hesitating for a couple months about whether to mention
sshpass. Conceptually, it's a horrible, horrible program. It basically
allows you to enter an SSH user name and password on the command line,
so you can create a connection without any interaction. A far better
way to accomplish that is with public/private keypairs. more>>