Language Selection

English French German Italian Portuguese Spanish

Unix How-To: Give Me That Old-Time Security!

Filed under
Security
HowTos

Even in the wild frontiers of today's Internet, good basic Unix system security provides extremely valuable protection against security breaches. In today's column, I'm going to rant about some basic security rules of thumb that every Unix sysadmin ought to consider.

The first basic security rule is to keep your consoles safe. Lock them up, eliminate them by replacing them with console servers (recovering rack space at the same time), and make sure that only a very select group of people have access to them. What's more, access to your data centers should be limited to just those who need to lay hands on the servers. If anyone can walk in and out, you're asking for a headache.

Data centers should be equipped with UPS or, better still, a generator to keep them up through significant power outages. Wait, you ask, is power to the data center security? You bet it is! Anything that threatens the productivity of your staff and the smooth running of your business is a security concern. UPS systems can often be configured to send low battery signals to systems and initiate auto-shutdown options, further preventing hardware loss. Check your UPS systems and make use of this feature if it's supported. If your AC is not also on the UPS or generator, auto-shutdown of systems might prevent them from being damaged through overheating.

rest here




More in Tux Machines

today's howtos

Red Hat and Fedora: Red Hat Academy, Lynne Chamberlain, Flatpak Apps, and Video of Fedora 26

Security: Windows 10 Bypass, Slackware OpenJDK Update and More

  • [Older] GHOSTHOOK ATTACK BYPASSES WINDOWS 10 PATCHGUARD
    A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers. Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particular its mitigations against memory-based attacks, are well regarded. Researchers at CyberArk, however, found a way around PatchGuard through a relatively new feature in Intel processors called Processor Trace (Intel PT).
  • [Slackware] OpenJDK 8 security round-up for July ’17
    Sooner than I anticipated, there is an update for OpenJDK 8. Andrew Hughes (aka GNU/Andrew) announced the release of IcedTea 3.5.0. The new icedtea framework compiles OpenJDK 8 Update 141 Build 15 (8u141_b15). This release includes the official July 2017 security fixes.
  • ROI (Not Security) the Most Immediate IoT Challenge
    According to Defining IoT Business Models, a new report from Canonical, the software company behind the Ubuntu Linux distribution, device security and privacy (45 percent) falls behind quantifying the return of investment (ROI) of their IoT projects (53 percent) as an immediate challenge. Canonical drew its conclusions from a survey of 361 IoT professionals conducted by IoTNow on behalf of the company.
  • Apply the STIG to even more operating systems with ansible-hardening
    Tons of improvements made their way into the ansible-hardening role in preparation for the OpenStack Pike release next month. The role has a new name, new documentation and extra tests. The role uses the Security Technical Implementation Guide (STIG) produced by the Defense Information Systems Agency (DISA) and applies the guidelines to Linux hosts using Ansible. Every control is configurable via simple Ansible variables and each control is thoroughly documented.
  • Open Source Flaw 'Devil's Ivy' Puts Millions of IoT Devices at Risk
    Millions of IoT devices are vulnerable to cybersecurity attacks due to a vulnerability initially discovered in remote security cameras, Senrio reported this week.
  • Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law [Ed: Microsoft should make a start by stopping the addition of back doors to all its software]
  • SECURITY FOR THE SECURITY GODS! SANDBOXING FOR THE SANDBOXING THRONE
    Last year, probably as a distraction from doing anything else, or maybe because I was asked, I started reviewing bugs filed as a result of automated flaw discovery tools (from Coverity to UBSan via fuzzers) being run on gdk-pixbuf. Apart from the security implications of a good number of those problems, there was also the annoyance of having a busted image file bring down your file manager, your desktop, or even an app that opened a file chooser either because it was broken, or because the image loader for that format didn't check for the sanity of memory allocations.

5 open source tools for developing IoT applications

The internet of things is growing at a staggeringly fast pace, and is quickly coming to revolutionize virtually every aspect of modern life. Aspiring developers hoping to hop on board and profit off the growing phenomenon are constantly looking for the right tools to use. So what are the open source tools best suited for working with the IoT, and where can developers find them? A plethora of open source tools lay at the disposal of any would-be developer eager and wise enough to use them. By utilizing these five, you’ll find yourself tackling challenges and developing successful applications in no time. Read more Related: