Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
data protectionencryptioncryptographyHow to Secure Email with TLS in Postfix Configuration for Businesses
It is no secret that email is the preferred method of communication for businesses - a trend that has only been magnified with the increase in remote workers brought on by the pandemic. That being said, email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to another, leaving the content of messages in transit vulnerable to compromise without additional protection via encryption technology such as the Transport Layer Security (TLS) standard. . Learn how TLS works to help secure email communications, and how to securely implement TLS in the Postfix open-source mail transfer agent (MTA) to help fortify email against spoofing and data theft. TLS Basics: What is Transport Layer Security (TLS)? Transport Layer Security ( TLS) is a cryptographic protocol that offers end-to-end encryption technology for messages “in transit” from one secure email server that has TLS enabled to another, helping to protect user privacy and prevent eavesdropping or content alteration. TLS is the successor protocol to SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. TLS is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications. For optimal security and privacy of message content, TLS is required between all servers handling email communications (including hops between internal and external servers). It is recommended that all clients and servers insist on mandatory usage of TLS in their email communications - preferably the most recent version, TLS 1.3. TLS is used by leading email providers and ISPs including Google, Microsoft, Yahoo and Comcast, and is also used to secure web communications via HTTPS. How Does TLS Help Secure Email Communications? TLS secures email communications by encrypting messages from mail server to mail server, making it more difficult forhackers to intercept and read messages. The TLS protocol uses a combination of symmetric cryptography - where data is encrypted and decrypted with a secret key known to both sender and recipient - and asymmetric cryptography - which uses a public and private key pair to encrypt and decrypt data - to maintain a balance between performance and security. TLS supports the use of digital certificates to authenticate receiving servers (authentication of sending servers is optional), helping to prevent email fraud and data compromise by verifying that receivers (or senders) are in fact who they claim to be. “Opportunistic TLS” describes a scenario in which TLS is used by both sending and receiving parties to negotiate a secured session and encrypt a message, and represents the most secure implementation of the TLS protocol. The widely used open-source Postfix mail transfer agent (MTA) - which has earned a reputation of being highly secure - can be configured to support TLS , giving Postfix users the ability to encrypt mail and to authenticate remote SMTP clients or servers. Get simplified instructions on how to configure TLS for Postfix configuring ssl tls for postfix 5c87cb54aa89 . Summary Using and enforcing the use of TLS in your email communications must be viewed as an important part of a defense-in-depth approach to securing business email and protecting sensitive information.TLS is used by almost all leading email providers and ISPs; however, the protocol must be properly set up and configured to provide optimal security. In this article, you learned the basics on implementing TLS to help secure against sender fraud and data compromise. If you are would like further details, or have additional questions, please comment below. We'd love to help! This article was originally published on the Guardian Digital blog. . TLS, or Transport Layer Security, is key for secure email communication, encrypting data to protect sensitive info from interception and eavesdropping. TLS Implementation,Email Security, Postfix Configuration, Encrypted Email, Data Protection. . Brittany Day
Jul 19, 2021
•
102
security practicesopen source toolssecure codingInterview With Wietse Venema: TCP Wrapper and Postfix Security Insights
Wietse Venema is best known for the software TCP Wrapper, which is still widely used today and is included with almost all unix systems. Wietse is also the author of the Postfix mail system and the co-author of the very cool suite of utilities called The Coroner's Toolkit or "TCT". He is currently working at the Thomas J. Watson Research Center and he has gratiously agreed to allow us to catch up with him and and see what he's been up to lately.. Wietse Venema is best known for the software TCP Wrapper, which is still widely used today and is included with almost all unix systems. Wietse is also the author of the Postfix mail system and the co-author of the very cool suite of utilities called The Coroner's Toolkit or "TCT". He is currently working at the Thomas J. Watson Research Center and he has gratiously agreed to allow us to catch up with him and and see what he's been up to lately. Linuxsecurity.com: Thanks for taking the time to interview with us. How you doing these days? The most we hear from you is when Postfix is updated, the mailing lists, or something like that. What are you up to? Wietse: I have been finishing things, so that I can start work on new projects. After a major documentation rewrite for the Postfix mail system, I finished the manuscript for a book on computer forensic analysis with Dan Farmer. When I finish something, I normally start reading everything that I can lay my hands on and then inspiration comes. Linuxsecurity.com: On your website you mentioned you go bike riding, weather permitting, how's the weather been where you are this year? Wietse: It has been fairly typical here in southern New York state. We dig ourselves out from the snow a few times in January and February. Once the snow is gone in March, we spend quality time walking up a hill or riding a bike. Many several former railroads are/were converted into trails, and riding them is fun. Unlike Europe, where I grew up, the roads in southern New York state are notreally safe for riding a bicycle. Linuxsecurity.com: You have a suite of tools available on your website. Any new ones coming out that address basic fundamental security practices that still aren't followed or are you going to add any new functionality to your existing programs? Wietse: Some tools such as TCP WRAPPER are complete, and adding more features does not make them more useful. I would update them only so that they survive changes in operating systems, language compilers and/or network protocols. Some tools such as SATAN have served their purpose, and now have historical value only. Linuxsecurity.com: Does the continued success of TCP Wrapper surprise you? If so, why is that? What does TCP Wrapper have that makes it so valuable today. Perhaps the biggest virtue is that tcp_wrappers works as expected. This means that not only the software is relatively error free, it is also possible for human beings to install, configure, and forget tcp_wrappers without getting into trouble. It does not matter how well software is written when people can't figure out how to use it, or when it has sharp edges that make it unsafe to use. Being safe and secure is hard enough with software like tcp_wrappers that spans only a few thousand lines of code. With a 10 times larger system such as Postfix, even relatively error-free software contains a number of errors, and one has to build additional safety features into the architecture to prevent accidents from happening. Just like elevators have safety brakes that prevent them from crashing into the basement, Postfix has safety brakes that most people never notice until they are needed. Linuxsecurity.com: Postfix is a really good Mail Transport Agent (MTA), I've been using it for a long time and I set it up for someone any chance I get. Why did you decide to write a new MTA instead of scaling down an existing MTA? :-) Wietse: Indeed, why would anyone spend so much time writingyet another UNIX-based mail system, when Sendmail and qmail already existed? When I was looking for a programming project, neither mail system was a desirable option for me, and enough people felt the same way. Writing a new mail system from scratch was a change from previous projects. Normally I would retrofit security features almost invisibly, either by replacing an existing server such as portmap by a hardened version that was 100% compatible, or by adding a very thin layer such as tcp_wrappers. In the case of the Postfix mail system, there was no way that the changes could be made in an invisible manner. Linuxsecurity.com: What is your take on spam and the role the MTA plays in helping to prevent it? Wietse: Stopping email that contains spam is not fundamentally different from stopping email that contains viruses. In both cases, complex content analysis is better done outside the mail system. That allows people to choose the best mail system and the best spam/virus software for their environment. And in both cases, a lot of spam or viral email comes from systems that have no business sending email directly across the Internet. These are often PCs on residential networks that have been compromised via some worm of virus, and that are under remote control by criminals that use those systems to send spam and/or to infect more systems. These rogue systems can often be recognized by the way they implement the email protocols wrongly, if not by their residential IP address. Blocking direct mail from rogue systems is best done by the ISP that hosts those systems, but that happens rarely. The next best solution is to block direct mail from rogue systems at the receiving end, and that is where Postfix can help. Linuxsecurity.com: In one article, I wrote about how attackers are still breaking into computer systems using well-known exploits. Any ideas on how to help instill basic security practices in administrators andvendors? Wietse: I think that learning by example is a good way to bring the point across. This is what Dan Farmer and I attempted years ago with our white paper on improving the security of your system by breaking into it. I have the same experience when explaining how to build more secure software. People just don't see that there is a problem until you can show good examples of software that does not do the things that it obviously was meant to do. Security problems happen when there is a mismatch between expected behavior and actual behavior. Linuxsecurity.com: How did you get into the forensics side of computers? Wietse: The initial motivation for getting involved with computer forensics was to reconstruct computer break-ins, so that I could prevent them from happening again. An amazing amount of information can be found after an incident. As computers become more complex, humans have less control over when and where information is stored, and how that storage is recycled when information is discarded. Because of this it is practically impossible to erase all information about an incident from a disk, without physically destroying the hardware. Erasing all memory is difficult too, if you don't want to draw attention by crashing the system. How much reconstruction is possible depends only on the amount of skill and effort you're willing to put in. Linuxsecurity.com: You and Dan Farmer still work on The Coroner's Toolkit (TCT). What research, seminars, or open source programs you working on in forensics? Wietse: We just finished a manuscript for a book on computer forensic analysis that we hope will come out this year. In this book we write about things that we learned after we released the TCT. For some experiments we used the TCT, and for other measurements we wrote a few new tools. When this book is published I will be happy to turn my attention to other projects. Linuxsecurity.com: We just wanted to catchup with you and see how things were going. Can you please give us a final statement about keeping our systems secure? Wietse: You don't make a system secure by patching the holes - if the system wasn't built to be secure then it never will be. Linuxsecurity.com: Wietse provided this quote: "As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of computer system security, proper security will not be a reality." Roger Schell et al., Preliminary notes on the Design of Secure Military Computer Systems, 1973. Archive of seminal security papers at https://seclab.cs.ucdavis.edu/projects/history/seminal.html Linuxsecurity.com: Okay one last thing, where were you and who drew that caricature on your website? Wietse: The caricature was drawn, by an artist whose name I do not know, at a conference dinner in 1997 when the Forum of Incident Response and Security Teams (www.first.org) met for its annual conference in Bristol, UK. I have supported this organization for many years, and I even had the privilege of spending more than the maximal time as its chair. Duane Dunston is an Information Technology Specialist (Security) for the National Climatic Data Center. He was previously a contractor for STG Inc. for the same organization. He received his B.A. and M.S. degrees from Pfeiffer University and he has his GSEC certification from SANS . Hey, Ann Curry! . Wietse Venema explores how TCP Wrapper and Postfix continue to influence modern security strategies in the current landscape.. Wietse Venema, TCP Wrapper, Postfix Mail Agent, Computer Forensics, Security Practices. . Duane Dunston
Jul 09, 2004
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More