Security

Security Hardening with Ansible

Ansible is an open-source automation tool developed and released by Michael DeHaan and others in 2012. DeHaan calls it a "general-purpose automation pipeline" (see Resources for a link to the article "Ansible's Architecture: Beyond Configuration Management").

Linux Security Threats on the Rise

Every year, heck...every month, Linux is adopted by more companies and organizations as an important if not primary component of their enterprise platform. And the more serious the hardware platform, the more likely it is to be running Linux. 60% of servers, 70% of Web servers and 95% of all supercomputers are Linux-based!

Tails above the Rest, Part III

In my first two columns in this series, I gave an overview of Tails, including how to get the distribution securely, and once you have it, how to use some of the basic tools.

Tails above the Rest: the Installation

A few columns ago, I started a series aimed at helping everyone improve their privacy and security on the Internet. The first column in this series was an updated version of a Tor column I wrote a few years ago.

Non-Linux FOSS: My Portable Windows Lab

Portable apps aren't anything new. There are variations of "single executable apps" for most platforms, and some people swear by keeping their own applications with them for use when away from home. I don't usually do that, as most of what I do is on-line, but there is one exception: security.

The Growing Role of UEFI Secure Boot in Linux Distributions

With the increasing prevalence of open-source implementations and the expansion of personal computing device usage to include mobile and non-PC devices as well as traditional desktops and laptops, combating attacks and security obstacles against malware is a growing priority for a broad community of vendors, developers and end users.

Two-Factor Authentication System for Apache and SSH

If you run a publicly accessible Web server for your own use (and let's face it, if you're reading Linux Journal, there's a very good chance you do), how do you go about limiting the risk of someone accessing your site and doing bad things? How about SSH, an even bigger concern?

Quantum Cryptography

Classical cryptography provides security based on unproven mathematical assumptions and depends on the technology available to an eavesdropper. But, these things might not be enough in the near future to guarantee cyber security. We need something that provides unconditional security. We need quantum cryptography.

Encrypting Your Cat Photos

The truth is, I really don't have anything on my hard drive that I would be upset over someone seeing. I have some cat photos. I have a few text files with ideas for future books and/or short stories, and a couple half-written starts to NaNoWriMo novels. It would be easy to say that there's no point encrypting my hard drive, because I have nothing to hide.

More Secure SSH Connections

If you need remote access to a machine, you'll probably use SSH, and for a good reason. The secure shell protocol uses modern cryptography methods to provide privacy and confidentiality, even over an unsecured, unsafe network, such as the Internet.

DNSSEC Part I: the Concepts

Like IPv6, DNSSEC is one of those great forward-looking protocols that unfortunately hasn't seen wide adoption yet. Before I implemented it myself, I could see why. Although some people think BIND itself is difficult to set up, DNSSEC adds an extra layer of keys, key management and a slew of additional DNS records.

Web Administration Scripts

During the past month or so, I've also been dealing with an aggressive DDOS (that's a "distributed denial of service") attack on my server, one that's been a huge pain, as you might expect. What's odd is that with multiple domains on the same server, it's one of my less-popular sites that seems to have been the target of the attacks.

Surf Safely with sshuttle

In past articles, I've explained how to set up a SOCKS proxy with SSH. I've demonstrated how to tunnel traffic with SSH. I've even shown how to circumvent a company firewall with SSH. I've never been able to use SSH completely as a VPN, however, and that's always bummed me out—until I discovered sshuttle.

Government: Using an Open Source Framework to Catch the Bad Guy

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it.

Elliptic Curve Cryptography

When it comes to public key cryptography, most systems today are still stuck in the 1970s. On December 14, 1977, two events occurred that would change the world: Paramount Pictures released Saturday Night Fever, and MIT filed the patent for RSA.