Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
79
access controlsystem integritysecurity checklistMitigating IT Access Risks: Virtualization Security Checklist Overview
What's the most dangerous threat to your virtualized systems? Hint: it's not the latest zero-day exploit. The most pressing risk is IT staff who have full privileges in these systems. . Take the February 2011 attack by an IT employee who'd been laid off from a pharmaceutical company. The ex- employee logged in remotely and deleted virtual hosts that ran the company's critical applications, including email, financial software, and order tracking. The company sustained about $800,000 in losses from a few keystrokes, the FBI says. The link for this article located at Information Week is no longer available. . Recognize the risks associated with IT access in cloud environments by implementing essential security protocols and examining case studies.. Virtualization Security, IT Access Risks, Security Measures, System Integrity, Risk Mitigation. . LinuxSecurity.com Team
Oct 21, 2011
•
Security Projects
77
security practicesapplication securitysslFrequent SSL Issues: Tips for Developers and Administrators
SSL is a wonderful protocol, but it is frequently used badly. This note is intended to point out some of the more common errors made by applications using SSL. This checklist should be useful for application developers, system administrators, and the occasional penetration tester. This note assumes you have at least a casual knowledge of SSL, but is not a paper about cryptography. If you know enough to write an SSL library, you will know every single one of the mistakes I mention below, plus a few more. Still, I hope that those of you who are writing SSL toolkits will consider why these mistakes are made. Perhaps it will help you design your toolkits so that novices use them correctly. . The link for this article located at Fr33d0m is no longer available. . Frequent SSL blunders by developers, system admins, and security testers. Discover ways to enhance your SSL implementation!. SSL Errors, Application Security, Encryption Guidance. . LinuxSecurity.com Team
May 22, 2006
•
Server Security
77
Linux securitysystem administrationhacking preventionEssential Security Checklist For Linux System Administrators
Linux is an amazing operating system considering how it was originally created. It was a modest program written for one person as a hobby - Linus Torvald of Finland. It has grown into a full-fledge 32-bit operating system. It is solid, stable and provides support for an incredible number of applications. It has very powerful capabilities and runs very fast and rarely crashes. . Unfortunately Linux machines are broken almost every day. This happens not because it is an insecure operating system. It contains all the necessary tools to make it very secure. But the truth is. It hasn't become significantly more secure with the increase in popularity. On the other hand, our understanding of the hackers methods and the wide variety of tools and techniques available contributed to help system administrators to secure their Linux computers. The link for this article located at WebProNews is no longer available. . Maintaining robust security protocols is crucial for Linux to mitigate risks and safeguard systems adequately.. Linux Security Practices,System Administration Guide,Hacking Prevention Techniques. . LinuxSecurity.com Team
Oct 27, 2005
•
Server Security
82
IT securityfederal guidelinessecurity checklistNIST 2004: Overview of Security Configuration Checklists Explained
A program that experts have said is the missing piece in federal efforts to promote secure computing will be ready later this year. Officials at the National Institute of Standards and Technology announced that a security configuration checklists program for information technology products, including a logo that vendors can put on their wares, is on track for completion before the end of 2004. . . .. A program that experts have said is the missing piece in federal efforts to promote secure computing will be ready later this year. Officials at the National Institute of Standards and Technology announced that a security configuration checklists program for information technology products, including a logo that vendors can put on their wares, is on track for completion before the end of 2004. A security configuration checklist describes the software options and settings that users can choose to minimize the security risks associated with a particular type of hardware or software. More commonly referred to as lockdown guides or security benchmarks, security checklists are basically documents for securing IT hardware or software in different settings. Security checklists for home computer users, for example, would be different from those for federal computer users handling sensitive data. A checklist could include scripts, templates and pointers to Web sites where users can download software updates or firmware upgrades to make products more secure from attack by viruses and other malicious code spread via the Web. The link for this article located at fcw.com is no longer available. . An initiative aimed at bolstering national secure data operations, provides technology setup guides for various environments.. IT Security Checklists, Configuration Standards, Secure Computing Strategies. . Anthony Pell
Aug 20, 2004
•
Government
74
security measuresincident responsesecurity architectureEssential Security Checklist For Revamping Risk Management
Recently, a former student and propective client asked me to send, along with a proposal, a checklist of things he needs to be thinking about to help his company's goal of "revamping security" in 2004. This is that checklist. Be forewarned. While risks change somewhat with network size, bandwidth, and connectivity, while business requirements grow, and while the technology we can use to mitigate and mediate risk gets fancier (it is hoped to meet the changing risks), there is nothing new under the sun. Also, this is purposely very high level. It is a general checklist of things to consider. . . .. NetSec Letter #32, 12 January 2004 Security Checklist Fred Avolio, Avolio Consulting, Inc., Avolio Consulting, Inc. - Internet Security Consulting Recently, a former student and propective client asked me to send, along with a proposal, a checklist of things he needs to be thinking about to help his company's goal of "revamping security" in 2004. This is that checklist. Be forewarned. While risks change somewhat with network size, bandwidth, and connectivity, while business requirements grow, and while the technology we can use to mitigate and mediate risk gets fancier (it is hoped to meet the changing risks), there is nothing new under the sun. Also, this is purposely very high level. It is a general checklist of things to consider. Foundation/Overview 1. Business requirements assessment 1. What is your enterprise's mission/goal? 2. What does it require from computers, networks, and the Internet in support of the mission? 2. Risk assessment 1. Where are your computers? 2. To where do your network connections go? 3. What sorts of threats are there to computers and networks in those environments? 4. Any particular risks unique to your business? (E.g., defense contractor, pharmaceutical firm, furrier.) 5. Any particular risks unique to your organization? (E.g., did your company recently help topple a dictator, spill a lot of oil into the ocean or a fresh water supply, or endorse the wrong political candidate?) 3. Security Architecture 1. What controls are already in place? Did you remember to include physical controls? Someone recently told me that a particular product did not support administrative access using 2-factor authentication. He asked if limiting administrative access to the console was sufficiently secure. I told him, sure. A cipher lock and photo ID is 2-factor. 2. Of those in place (firewalls, desktop AV, routers with ACLs, IDSes, password-protected screen savers, VPNs, etc.), which mitigate the identified risks? 3. Do not forget the "little things." For example, security awareness education is part of the security architecture. 4. System administration procedures 1. Backup and restore 2. Access controls 3. Revision control 5. Acceptable Use Policies (for users) 1. Computer use 2. Mobile computer use 3. E-mail 4. Internet access 5. Home computer use 6. VPN use 7. Screensavers 6. Computer Security Incident Response Procedures 1. Definition of a security incident 2. Who, what, when, where, why, and how. Types of Security and Places to Deploy * Prevention, detection, response * Perimeter, servers, and desktops o Perimeter devices are gateways -- routers, firewalls, etc. o Servers include web, e-mail, name, time, and application servers. o Desktops include mobile computers and hand-held. Periodic Review and Audit This whole process requires review and consideration by a team of individuals. Why? Because every one of us has blind-spots. [In God in the Docket, CS Lewis says every one of us had a fatal flaw to which we are blind. More recently, the late pastor Jack Miller said, smiling, "Cheer up! You're ever so much worse than you think you are."] Every one of us has his own agenda. Also, people make mistakes in executing plans and procedures. Further, things -- risks, requirements, and technology -- change. So the policy and procedures have to change. Promotions, Self and Otherwise My (growing) speaking and teaching calendar is at /. Did you buy your parents or friends apersonal (computer) firewall for Christmas? Personal Firewall Day is January 15th. See NetsecLetter #31 ( / There was an interesting Web Informant this week from David Strom. David seems to be enamored with the dark side. Is he? Read "Web Informant #355, 9 January 2004: Aiding and Abetting Adrian" at https://www.stromspa.com For an excellent editorial on a similar topic, Dave Piscitello wrote "Ethical Hacking could be so much more than an oxymoron..." at . Jon Callas, CTO, CSO, and DSD (Dynamite Sharp Dude) had some very interesting (as usual) comments on a webcast "The Dawn of Pervasive Encryption" at Other related articles and courses are * WatchGuard LiveSecurity * How to Develop an Information Security Incident Response Team and Plan * Avolio, Foundations of Enterprise Network Security words * The Castle Defense * . NetSec Letter #32, 12 January 2004Security ChecklistFred Avolio, Avolio Consulting, Inc., Avolio Con. recently, former, student, propective, client, asked, along, proposal, checklis. . Anthony Pell
Jan 12, 2004
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More