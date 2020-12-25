Security Leftovers
-
Security updates for Friday
Security updates have been issued by Fedora (xen) and SUSE (flac and openexr).
-
What Is Penetration Testing and How Does It Improve Network Security?
When setting up a new security system, you need to make sure it works properly with as few vulnerabilities as possible. Where digital assets worth thousands of dollars are involved, you can’t afford to learn from your mistakes and only fill in gaps in your security that hackers previously exploited.
The best way to improve and guarantee your network’s security is by continuously testing it, looking for flaws to fix.
[...]
There are various examples of pentests depending on the type of attack the ethical hacker launches, the information they get beforehand, and limitations set by their employee.
[...]
Pen testing your own network isn’t your best option as you likely have extensive knowledge of it, making it harder to think outside the box and find hidden vulnerabilities. You should either hire an independent ethical hacker or the services of a company that offers pen testing.
Still, hiring an outsider to hack into your network can be very risky, especially if you’re providing them with security information or insider access. This is why you should stick to trusted 3rd party providers. Here's a small sample of those available.
-
John Goerzen: Rehabilitating Asynchronous Communication with NNCP: A Cross Between Tor, ssh, and UUCP
If you already know UUCP, think of NNCP as UUCP brought into the modern era, with modern security and tools.
Basically, NNCP permits you to send files to a remote system, request files from a remote system, and pipe data to an NNCP command that requests execution remotely. So you could, say, pipe a zfs send to NNCP which sends it to the remote and pipes it to zfs receive when it gets there.
NNCP has a delay-tolerant, resumable protocol that can run over just about any reliable connection: TCP, serial, Tor, radios of various kinds, you name it. But that’s not all; it also can dump its queue onto something like a USB stick for transport, or even make a tar-style stream that could be munged however you like. If you want to get fancy, you can assign priorities to data packets, so that, for instance, outbound email will always get sent before that 1TB file you’ve got to send also. You can also configure it so that certain carriers handle certain priorities of data; your cell phone would only handle the most urgent, but a USB stick would take anything.
NNCP is source-routed; you can tell it that the way that Bob reaches Alice is via Carl, then Betty. Bob can generate a message that will be sent along that route, fully encrypted and authenticated at each step of the way; Carl can’t see the content of the message or even anything about it other than its next hop.
[...]
For the laptop being backed up, while traveling it can queue up its backups, or photos, or videos, or whatever. They could be triggered by a command when on a good connection, or automatically. The data could be copied to USB and given to a friend to transmit; perfectly safe due to encryption. Or it could all wait until arriving at home, safely out of your other syncing directories. The NNCP documentation has an example of this.
For the server being backed up slowly, that’s easily solved; the slow backup would simply be queued up, and transmitted and processed when it’s ready. This wouldn’t interrupt other backups.
How about the 2TB transmission problem? That’s also made a lot easier. A command could be run to fill up a USB stick with parts of the queue, then that USB stick plugged in and transmitted whenever at a fast location. Repeat as needed while the slow system continues its upload of the remaining bits.
NNCP has a lot of interesting use cases documented as well.
If you are already familiar with how public keys work in SSH, then NNCP should be immediately familiar as well. It is a similar concept (though arguably somewhat easier to set up).
I am working on setting up a NNCP network, and will have more posts on how to do so once I’ve got it going. In the meantime, the documentation for the project is also pretty good.
-
This week in KDE: kio-fuse and NeoChat rise
First of all, KDE’s FUSE-based remote location mounter kio-fuse got its first stable release, which means it can now be pre-installed by distros. [...] Dolphin now lets you set its “homepage” to non-local locations including arbitrary KIOSlaves, such as remote://, baloosearch:// and so on (Derek Christ, Dolphin 21.04) KRunner’s history is now activity-aware by default! This means for example that there will no longer be a data leak if you use an activity with history turned off (Alexander Lohnau, Plasma 5.21)
today's howtos
Today in Techrights
Android Leftovers
