Language Selection

English French German Italian Portuguese Spanish

SSH Security Primer: Server Security Settings

Filed under
HowTos

My previous article in this series discussed SSH client security settings. To summarize, if you can’t control installations of rogue SSH clients, your only control is to limit outbound access through firewalling or other network-layer controls. Another of my articles discusses the issues with allowing outbound SSH access to the Internet.

SSH Servers: A Basic Risk Analysis

How do you secure your SSH servers? What are the total risks of such servers to your organization? You’re well aware of the possibility of people hacking your server and getting unauthorized access. That’s bad. But there are other risks. The SANS Institute’s Top 20 risk list really stresses SSH risks. If compromised, that host can be a router/forwarder that will forward any kind of traffic to any host the p0wned box can access—even your "secured" hosts given Internet Assigned Numbers Authority (IANA) reserved IP addresses. (Read RFC 3330 and RFC 1918 for the gory details on these addresses.) In most cases, those addresses aren’t accessible over the Internet.

More of a concern is your host’s threat to the rest of the Internet.

Full Story.

More in Tux Machines

Tiny, stackable, Linux-based IoT module hits Kickstarter

On Kickstarter, Onion launched a tiny, Linux-based “Omega” IoT module, along with a dock, stackable expansion modules, a cloud service, and web app tools. Onion’s Omega joins a growing number of single board computers and computer-on-modules for Internet of Things applications that have tapped Qualcomm’s MIPS-based, WiFi-enabled Atheros AR9331 system-on-chip. For a pledge of $25, Onion’s Kickstarter campaign offers the Omega computer-on-module combined with a “dock” that turns it into an sandwich-style single board computer. Read more

Development activity in LibreOffice and OpenOffice

The LibreOffice project was announced with great fanfare in September 2010. Nearly one year later, the OpenOffice.org project (from which LibreOffice was forked) was cut loose from Oracle and found a new home as an Apache project. It is fair to say that the rivalry between the two projects in the time since then has been strong. Predictions that one project or the other would fail have not been borne out, but that does not mean that the two projects are equally successful. A look at the two projects' development communities reveals some interesting differences. Read more

11 Ways That Linux Contributes to Tech Innovation

Over the past six months I've asked new Linux Foundation corporate members on the cutting edge of technology to weigh in on what interesting or innovative trends they're witnessing and the role that Linux plays in them. Here's what engineers, CTOs, and other business leaders from companies including CoreOS, Rackspace, SanDisk, and more had to say. Read more