Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
82
security guidancebest practicessoftware securityGuide Overview: NSA And CISA Supply Chain Security Recommendations
The NSA and CISA released the guide “ Securing the Software Supply Chain: Recommended Practices Guide for Developers ” last month and while David Wheeler, the director of open-source supply chain security at the Linux Foundation and OpenSS, welcomes it, he said there are some questionable requirements. . The guide covers aspects of security such as how to develop secure code, how to verify third-party components, and how to harden the build environment, among other things. It’s also part of the government’s effort to bolster supply chain security stemming from last year’s Executive Order, which aims to curb the 650% growth in supply chain attacks, according to Sonatype’s 2021 State of the Software Supply Chain. The guide encourages developers to take regular and relevant security training and that they should be evaluated periodically, at least annually. The security training for the development team is ideally conducted by a centralized, expert security team that can help product teams grow their expertise in secure development. . The framework addresses elements of safety such as software crafting, external assessments, and educational resources for programmers.. Software Supply Chain,Cybersecurity Best Practices,Developer Security Training. . Brittany Day
Oct 22, 2022
•
Government
212
security guidancebest practicescloud securityKubernetes Hardening Guidance From NSA And CISA For Cloud Security
Hardening guidance from the NSA and CISA seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes. . Earlier this week, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling and management of applications, usually in a cloud environment. According to the most recent State of Kubernetes Security report by RedHat, more than half the security professionals surveyed said they delayed deploying Kubernetes applications into production due to security. . The NIST and DOC have published updated Docker security best practices to assist system operators in reducing vulnerabilities in cloud environments efficiently.. Kubernetes Hardening, Cloud Security Practices, NSA Guidance, CISA Security Advisory. . Brittany Day
Aug 05, 2021
•
Cloud Security
76
risk managementsecurity guidancesecurity risksCloud Security Alliance Announces Major Threats In Cloud Computing
The Cloud Security Alliance and Hewlett-Packard will release research today at RSA Conference that identifies the top threats to cloud computing. The document is a companion to the CSA's "Security Guidance for Critical Areas in Cloud Computing," which was updated in December. . Chris Whitener, HP's chief security strategist, said companies are eager to jump into cloud computing to reduce capital costs, reduce the need to manage computing infrastructure and leverage the on-demand capabilities of utility-type computing offered by the cloud. But they often fail to do so without assessing cloud computing security risks. "The No. 1 thing you shouldn't do is approach this with complete ignorance," Whitener said. "And unfortunately, this is something that a lot of people do. Understand and limit your risk profile. If you approach this with complete abandon, you're asking for it." The Top Threats to Cloud Computing document released today ranks seven threats that apply across all of the different cloud computing models: infrastructure as a service, platform as a service and software as a service. The link for this article located at Search Security is no longer available. . The chief security officer of HP elaborated on the vulnerabilities associated with cloud infrastructure and the major cybersecurity challenges emphasized at the RSA Conference.. Cloud Security, Cloud Threats, Risk Management, Infrastructure as a Service, Security Research. . Anthony Pell
Mar 01, 2010
•
Organizations/Events
77
security guidanceoperating systemconfiguration managementComprehensive Overview of NSA Security Guidance for Operating Systems
NSA has developed and distributed configuration guidance for operating systems. These guides are currently being used throughout the government and by numerous entities as a security baseline their systems. . The link for this article located at NSA.gov is no longer available. . Delve into NSA's OS configuration protocols that enhance security baselines against cyber threats. This guidance includes hardening, updates, and vulnerability management for robust security.. Operating Systems Guidance, Safety Protocols, NSA Security Practices. . LinuxSecurity.com Team
Mar 20, 2007
•
Server Security
77
intrusion detectionDebianweb applicationHow To Configure Mod_Security For Apache On Debian And Ubuntu
This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. In the first chapter I will show how to install mod_security on Debian Sarge, Ubuntu 6.06 LTS (Dapper Drake), and on Fedora Core 5, and in the second chapter I will describe how to configure Apache for mod_security which is independent from the distribution you're using. . I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you! The link for this article located at HowTo Forge is no longer available. . I want to say first that this is not the only way of setting up such a system. There are many ways o. mod_security, article, shows, install, configure, apache, module. . LinuxSecurity.com Team
Jul 12, 2006
•
Server Security
82
security guidanceinformation securitycybersecurityDOD Directive On Operational Security Emphasizes Future Guidance
The secretary of Defense will soon issue a directive placing a renewed emphasis on operational security (OPSEC) throughout the department. Tom Mauriello, director of the interagency OPSEC support staff, said a document has been awaiting DOD Secretary Donald Rumsfeld's signature . . . . The secretary of Defense will soon issue a directive placing a renewed emphasis on operational security (OPSEC) throughout the department. Tom Mauriello, director of the interagency OPSEC support staff, said a document has been awaiting DOD Secretary Donald Rumsfeld's signature since before Operation Iraqi Freedom began that would infuse more funding and guidance in the realm of operational security. Mauriello's comments came during a June 4 speech at the Army Small Computer Program's IT conference. He refused to answer any follow-up questions, and would only tell FCW that there will soon be a "resurgence of emphasis" on OPSEC coming down from the Pentagon. During a high-energy, wide-ranging 90-minute presentation, Mauriello discussed all aspects of OPSEC from the physical through the cyber realm and explained the five-part process. The link for this article located at FCW is no longer available. . The Minister of Security is expected to announce a new protocol highlighting the importance of information protection.. Operational Security, DOD Directive, Security Guidance, Cybersecurity Initiatives. . Anthony Pell
Jun 06, 2003
•
Government
82
risk managementsecurity guidancesecurity issuesFederal Agencies High-Risk Security Issues And GAO's Updated Guidance
Although information security is one of two governmentwide issues labeled "high-risk," guidance and legislation issued over the past six months could significantly reduce federal agencies' risk, according to the General Accounting Office. Security has been on the GAO high-risk list . . . . Although information security is one of two governmentwide issues labeled "high-risk," guidance and legislation issued over the past six months could significantly reduce federal agencies' risk, according to the General Accounting Office. Security has been on the GAO high-risk list since 1997, but threats have increased over the past two years, and the government's ability to respond has not kept pace. Many improvements have been made in response to numerous GAO and inspector general reports, but security program management "continues to be a widespread and fundamental problem," according to GAO's high-risk report, released Jan. 17. The link for this article located at FCW is no longer available. . Although information security is one of two governmentwide issues labeled 'high-risk,' guidance and . although, information, security, governmentwide, labeled, 'high-risk, guidance. . Anthony Pell
Jan 23, 2001
•
Government
77
risk managementsecurity practicessecurity guidanceTen Immutable Security Principles: Timeless Guidance For Protection
This Microsoft article does a good job of outlining a list of security issues that no patch can fix. Only dilligence in maintaining your systems can ensure you're systems are as secure as possible. "In other cases, the reported problems simply . . . . This Microsoft article does a good job of outlining a list of security issues that no patch can fix. Only dilligence in maintaining your systems can ensure you're systems are as secure as possible. "In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don't result from product flaws. Over the years, we've developed a list of issues like these, that we call the Ten Immutable Laws of Security. Don't hold your breath waiting for a patch that will protect you from the issues we'll discuss below. It isn't possible for Microsoft - or any software vendor - to "fix" them, because they result from the way computers work. But don't abandon all hope yet - sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems." The link for this article located at Microsoft.com [newsforge] is no longer available. . Implement the principle of least privilege to ensure users have only necessary access, greatly reducing breach damage potential. Immutable Laws, Security Practices, System Maintenance, Risk Management. . LinuxSecurity.com Team
Nov 06, 2000
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More