Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 7 articles for you...
79
open sourceidentity managementaccess managementJanssen Project: New Cloud-Native Identity Management From Linux Foundation
The Linux Foundation has announced a new, secure cloud-native identity and access management software platform - the Janssen Project . . Every time we use an online pay service, manage our finances online, or enter our credit-card information, we're demonstrating our good faith. Now, one organization wants to help us feel even more secure. Today (Dec. 8), the Linux Foundation announced a cloud-native identity and access management software platform that prioritizes security and performance, the Janssen Project, which is based on the Gluu server and features signing and encryption functionalities. The integrity of our connections online is conveyed via identity software, from our devices to a complex web of backend services. Despite assurances and encouragement on this use, which we grow increasingly dependent on, digital identity remains a challenge and is at the very crux of delivering truly trustworthy online security. . Protect your digital exchanges using the innovative cloud-based identity verification system developed by the Linux Foundation.. Cloud-Native Identity Management, Security Solutions, Open Source Software. . LinuxSecurity.com Team
Dec 09, 2020
•
Security Projects
76
security practicespatch managementcyber defenseKey Cyber Defense Insights: Lessons From Successful Organizations
Most organizations are very bad at computer security. They don't patch well, and they have short, simple passwords that don't expire. They have dozens to hundreds of people in elevated groups. They don't have a clue who has which permissions in their environment. . Their networks are flat and often wide open to hundreds of contractors, business partners, and vendors. Defenses aren't appropriately prioritized, and they try and fail to accomplish dozens of projects at the same time. My average security audit findings report is well over 100 pages long and often contains dozens and dozens of critical findings. The link for this article located at InfoWorld is no longer available. . Companies face challenges in cybersecurity; insights on software updates, password management, and user permissions can foster enhancements.. Computer Security Best Practices, Cyber Defense Strategies, Access Management Insights. . Alex
Jun 04, 2014
•
Organizations/Events
82
access managementsecurity strategytwo-man controlUnderstanding NSA Two-Man Controls for Sysadmin Security
In an effort to lock the barn door after the horse has escaped, the NSA is implementing two-man control for sysadmins: NSA chief Keith Alexander said his agency had implemented a "two-man rule," under which any system administrator like Snowden could only access or move key information with another administrator present. With some 15,000 sites to fix, Alexander said, it would take time to spread across the whole agency. . The link for this article located at Schneier on Security is no longer available. . The NSA's two-person control strategy enhances security protocols by requiring dual authorization for critical tasks, reducing insider threats and ensuring accountability.. Two-Man Control, NSA Security Measures, Sysadmin Access Management, Security Strategies. . Dave Wreski
Jul 24, 2013
•
Government
81
data securityrisk managementaccess managementManaging Privileged Access for Data Security and Compliance
While most attention today is placed on containing complex malware and outside hacking threats, enterprises could significantly improve their risk posture by taking a look at how well they manage the access they give privileged insiders, such as network and database administrators and other IT professionals. What most organizations find is that they don't have a firm enough grip on the access these users have.. To keep sensitive information safe and to maintain regulatory compliance, it's crucial that privileged insider access be properly managed. The link for this article located at CSO Online is no longer available. . To keep sensitive information safe and to maintain regulatory compliance, it's crucial that privileg. while, attention, today, placed, containing, complex, malware, outside, hacking, threats. . LinuxSecurity.com Team
Dec 23, 2011
•
Privacy
77
security toolaccess managementattack preventionDenyHosts: Protect SSH Access From Repeated Attacks and Intrusions
DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon. . From the DenyHosts web site: "DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks. If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system? DenyHosts attempts to address the above... " This tutorial is based on a Debian Sarge system, however, it should apply to other distributions with almost no modifications. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you! The link for this article located at HOWTO Forge is no longer available. . Fail2ban mitigates incessant SSH login attempts, reinforcing security measures by disabling dubious IP addresses.. DenyHosts, SSH Security, Dictionary Attack Prevention. . LinuxSecurity.com Team
Feb 20, 2006
•
Server Security
77
network securityIAM solutionsLinux complianceAchieving SOX Compliance on UNIX/Linux Systems Through IAM Solutions
his document addresses how an organization can use identity and access management solutions (IAM) such as Symark's PowerBroker and PowerPassword-UME for UNIX and Linux operating systems to meet Sarbanes-Oxley (SOX) requirements for effectiveness of internal controls for financial reporting requirements. Symark PowerBroker and PowerPassword-UME safely delegate administrative privileges (including root) and provide secure logins and strong password and user management policies, keystroke logging and indelible audit trails. This document demonstrates how Symark PowerPassword-UME and PowerBroker work in tandem to protect the integrity of data across heterogeneous UNIX/Linux systems to help bring your IT systems into compliance especially with the SOX section 404 requirements for internal IT controls. . The link for this article located at BitPipe.com is no longer available. . IAM solutions are vital for Linux networks to comply with the Sarbanes-Oxley Act, ensuring secure access, robust audit trails, and role-based controls. IAM Solutions, UNIX Compliance, Sarbanes-Oxley Act, Data Integrity. . LinuxSecurity.com Team
Feb 03, 2006
•
Server Security
74
access managementsecurity outsourcingIT infrastructureGartner: Future of Cloud Security Emphasizes Access Management
The network security forecast is cloudy, and that's not a bad thing if you're to believe what analysts are saying at this week's Gartner IT Security Summit. Gartner predicts that by 2008, carriers like AT&T, Verizon, MCI and others will operationalize security functions like firewalls and intrusion detection into routers and switches, leaving enterprises to concentrate on identity and access management and other security duties away from the perimeter. By extending security to the Internet cloud, denial-of-service attacks, for example, never reach the gateway. . "We would take what an MSSP does and mesh that with our infrastructure so that the service provider and carrier becomes one," said AT&T CISO Ed Amoroso. CISOs, meanwhile, will still have network responsibilities like setting policy and aligning policy with an enterprise business model. They'll be alleviated of costly signature updates and license renewals. "Carriers and ISPs will provides these services for you," Gartner research director John Pescatore said. While this boils down to essentially outsourcing these services to carriers, enterprises may be skeptical about doing so until auditors are satisfied. The link for this article located at SearchSecurity is no longer available. . Experts forecast a shift towards cloud-driven security solutions by 2025, emphasizing user authentication and permissions oversight.. Cloud Security, Network Services, Security Outsourcing, Access Management, IT Infrastructure. . Brittany Day
Jun 07, 2005
•
Network Security
77
access managementcorporate securityIT administrationBest Practices For Terminating A Systems Administrator Securely
Perhaps one of the most challenging situations in an IT organisation is to let a systems administrator go. This individual has the proverbial keys to the kingdom as a trusted member of your corporate team. If the time comes to part . . . . Perhaps one of the most challenging situations in an IT organisation is to let a systems administrator go. This individual has the proverbial keys to the kingdom as a trusted member of your corporate team. If the time comes to part ways, it's imperative to do a thorough job of removing the employee's physical and logical access to your network and facilities. The first step is to consult with the appropriate legal, human resources and management personnel to ensure a proper basis for the termination or to work out the severance specifics for the layoff. Next you can zero in on the technical and security issues that need to be addressed. The goal is to complete the process with little or no disruption of business processes and to do it in a professional and complete manner. You need to eliminate the employee's access to corporate sites and assets, networks, systems and applications to prevent him from damaging company property and data. Accomplishing this requires inventory, planning, execution and monitoring. What follows are some guidelines for completing the four-step process. . Managing the intricate procedure of dismissing a network engineer while safeguarding data integrity and maintaining functional stability.. employeeTermination, accessManagement, ITSecurity. . LinuxSecurity.com Team
Dec 22, 2003
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More