Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
215
data protectionnetwork hardeninglinux configurationLinux Kiosk Security Guide: Best Practices for Management and Safety
Linux kiosks are everywhere, even if you don’t notice them. A ticketing station at the airport. A self-checkout line at the grocery store. A touchscreen on the factory floor. They make daily tasks easier, but the same accessibility that helps users also creates risk. . A kiosk is often exposed, unattended, and running in public. If it’s misconfigured, it doesn’t take much for an attacker to turn convenience into an entry point. That’s why Linux kiosk mode has to be more than functional — it has to be secure. Linux is a common choice for kiosks because it’s stable and adaptable, and because the open-source ecosystem gives teams more control than most platforms. That same freedom is the challenge. Every build is different, and security depends on the people setting it up. A Linux kiosk has to be thought through, not just installed and left alone. Why kiosk security matters? It’s easy to underestimate kiosks. After all, they’re just terminals running a few applications, right? Not quite. Kiosks often handle sensitive information. Such as customer details, login credentials, payment information, or industrial data. If a kiosk is compromised, the consequences can be serious: Unauthorized access to sensitive data Malware infections are spreading across networks Exploitation of unpatched vulnerabilities Physical tampering leading to data leakage Unlike office workstations, kiosks are usually unattended and publicly accessible, which makes them prime targets for attackers. That’s why security must be baked in from the start, not added as an afterthought. OS hardening for Linux kiosks Locking down the operating system is the first step in securing any Linux kiosk. The less surface area you expose, the fewer options an attacker has to work with. Start with the install itself. A kiosk doesn’t need the full set of Linux packages you’d find on a desktop. The leaner the build, the safer it is, so strip away anything that isn’t essential— extra services, background daemons, unused tools. User accounts are another weak spot. Applications should never run as root. Instead, use restricted accounts or a chroot environment, and add Linux security modules like SELinux or AppArmor to keep processes contained. System partitions deserve attention, too. Making critical directories read-only stops attackers from tampering with the base OS. OverlayFS is a useful option here, since it lets temporary changes happen in memory while the core system stays intact. Finally, secure the boot process. Secure Boot can stop unapproved kernels before they load, and kernel lockdown features add another layer by blocking unsigned modules. Without those checks, a Linux kiosk mode system is much easier to tamper with. Application-level isolation in Linux device environments Even if the OS is hardened, poorly configured applications can still be a weak point. Sandboxing applications: Whether it’s a browser, a custom interface, or a point-of-sale application, run each component in a sandbox or container. This prevents a single compromised application from affecting the whole system. Session isolation: Automatically empty the session data on each use: cookies, cache, and temporary files. The temporary directories should be created using tmpfs, and hence they will vanish after reboot. Least privilege principle: Applications must have the minimum necessary permissions. This minimizes the effects in case an attacker is allowed access to the process. These prevent the malicious software from having an easy time taking over or moving horizontally through the kiosk. Network security for Linux kiosk A variety of kiosks are linked to either the internet or internal networks to update or provide reporting/backend services. Such connectivity brings danger, but it can be mitigated: Firewalls and traffic filtering: Using iptables or nftables, configure the software to allow or deny incoming and outgoing traffic. Accept only theconnections to reliable servers. Encrypted communication: TLS should be used to encrypt network traffic. Authentication of the certificates must be done appropriately to avoid a man-in-the-middle attack. Network segmentation: Have kiosks on a different VLAN or a different network segment to allow them to be laterally moved in the event of compromise. Even a physically secure kiosk can be exposed if network access is ignored. Layered defenses are essential. Data protection and storage Kiosks may process sensitive user data, making secure storage critical: Ephemeral storage: Design kiosks to erase user data after every session. This ensures that no residual information is left behind. Encryption at rest: Full-disk encryption or partition-level encryption protects data if the device is physically stolen. Key management: Encryption is only effective if keys are stored securely. Ideally, keys should reside outside the kiosk, being centrally managed and rotated regularly. A secure kiosk is one where even physical theft doesn’t compromise sensitive information. Centralized management for scale Managing multiple kiosks individually is a logistical havoc you don’t want to face. Enterprise-grade MDM solutions similar to Scalefusion allow administrators to: Push operating system updates and security patches Monitor health and security events in real time Enforce policies consistently across all kiosks Remotely reset, wipe, or recover devices in case of issues Centralized management ensures consistent security across the devices and drastically reduces human error. Physical security matters too Even the most hardened Linux kiosk is vulnerable if attackers can access the hardware: Use tamper-proof casings and lockable enclosures. Hide or disable unused ports, like USB or HDMI. Employ environmental sensors or alerts for physical tampering. Monitoring, auditing, and continuous hardening Security is not a set-it-and-forget-it process.Ongoing monitoring is very important: Collect logs for audit and anomaly detection. Regularly test recovery procedures and update patches. Audit user sessions and software configurations to detect deviations. Wrapping it up A Linux kiosk isn’t just another endpoint. It’s out in the open, often unattended, and that makes it an easy mark if it isn’t secured properly. Locking down the OS is only the start. You also have to think about how apps run, how the network is exposed, what happens to stored data, and how each device is managed once it’s deployed. Tools like Scalefusion make that work easier — patches, policies, monitoring — but they don’t solve everything. People still have to check logs, review configurations, and deal with the hardware itself. A kiosk is only as strong as the team that keeps it in shape. . Explore the best practices for safeguarding and overseeing Linux-based kiosks in large deployments. Uncover essential tactics for maintaining data integrity and fortifying network security.. Linux kiosk management, kiosk security measures, application isolation techniques, network hardening Linux, data protection strategies. . MaK Ulac
Sep 25, 2025
•
Desktop Security
77
key managementsecure accesslinux configurationConfigure Key-Based SSH Authentication In Linux Using PuTTY
This tutorial explains how you can replace password-based SSH authentication with key-based authentication which is more secure because only the people that own the key can log in. In this example, we're using PuTTY as our SSH client on a Windows system. . The link for this article located at HowToForge is no longer available. . The link for this article located at HowToForge is no longer available.. tutorial, explains, replace, password-based, authentication, key-based, authenti. . LinuxSecurity.com Team
Jul 06, 2009
•
Server Security
74
network enhancementipv6linux configurationIPv6 Design Improvements: Enhancing Linux Networking Performance
IPv6 is the next-generation Internet protocol designed by the IETF as a replacement for IPv4. Most of today's Internet uses IPv4, which has been remarkably resilient in spite of its age; however, it is beginning to have problems in various features areas. . . .. IPv6 is the next-generation Internet protocol designed by the IETF as a replacement for IPv4. Most of today's Internet uses IPv4, which has been remarkably resilient in spite of its age; however, it is beginning to have problems in various features areas. Its most visible shortcoming is the growing shortage of IPv4 addresses needed by all the new devices connecting to the Internet. Other limitations are in such areas as QoS, security, autoconfiguration, and mobility. As a result, the IETF defined IPv6 to fix the problems in IPv4, and added many enhancements to cater the future Internet. This article addresses the problems in IPv4 that lead to the design of IPv6, presenting the IPv6 design philosophies and IPv6 features, as well as a technical tutorial to enable IPv6 support on your Linux machines. The link for this article located at LinuxWorld is no longer available. . IPv6 is the next-generation Internet protocol designed by the IETF as a replacement for IPv4. Most o. next-generation, internet, protocol, designed, replacement. . Anthony Pell
Jan 20, 2004
•
Network Security
72
network securitylinux configurationsecure installationConfiguring a 486 Computer as a Secure Internet Gateway
This LG article discusses configuring an old 486 machine as a secure Internet gateway with two ethernet interfaces. "When finished this will be a very lean install, weighing in at about 130 MB plus swap, there will be no X . . . . This LG article discusses configuring an old 486 machine as a secure Internet gateway with two ethernet interfaces. "When finished this will be a very lean install, weighing in at about 130 MB plus swap, there will be no X Windows, though I like to install Midnight Commander for file management. I'm going to make a couple of assumptions here, first, you know how to install Linux and are familiar with its use. Second I assume you are setting up a gateway computer permanently attached to the internet be it by cable modem, DSL or whatever and will not be used for anything else like a ftp, telnet or web server." The link for this article located at LinuxGazette is no longer available. . Set up a 486 computer as a secure Internet gateway with dual Ethernet interfaces by installing a lightweight Linux and configuring firewall and NAT settings. Linux Gateway Configuration, Secure Network Setup, 486 Machine Security, Internet Gateway Management. . Anthony Pell
Jun 18, 2000
•
Firewalls
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More