Language Selection

English French German Italian Portuguese Spanish

Avoiding security blunders in Linux and IT infrastructures

Filed under
HowTos

When it comes to IT infrastructure security, there are things that IT managers just shouldn't do. This two-part tip is written for those who'd like to avoid making those mistakes. It covers four security areas that are either ignored or overlooked in IT infrastructure security, with a focus on securing Linux-based hosts.

In part one, I focus on problems with installations and the hard-perimeter, soft-center security approach. In part two, I look at common gaps in physical security and the problems caused by the "set-it-and-forget-it" mentality.

Installing more than you need

Using the default installation options during the installation of a Linux distribution can lead to the unnecessary installation of applications or services. This can include tools like X Window, Web browsers and email servers that may not be required on a host. These additional packages can provide services, tools and vulnerabilities that an attacker could exploit in order to compromise your host.

Part 1.

Part 2.

More in Tux Machines

Linux Graphics

Sean Michael Kerner on the Linux Foundation's Projects

  • MirageOS Unikernel Effort Moves Forward
    Linux Foundation backed Xen Project helps to advance the state of the MirageOS unikernel operating system with a new release that now supports the KVM hypervisor. The open-source MirageOS unikernel project reached a major milestone on Feb. 23, with the launch of MirageOS 3.0. The basic idea behind a unikernel is that it is a highly-optimized and purpose-built operating system that can help to enable efficient operation and delivery of applications. The MirageOS 1.0 release debuted back in December 2013 as an effort led by the Linux Foundation's Xen hypervisor virtualization project. With the new MirageOS 3.0 release, the unikernel is now expanding beyond the confines of the Xen hypervisor and now also supports the KVM and Bhyve hypervisors as well.
  • Linux Foundation Forms New Open Network Automation Project
    Today the Linux Foundation consolidated the ECOMP and OPEN-O project to form the new Open Network Automation Project (ONAP). ECOMP perhaps has had the shortest life-span of any Linux Foundation project, lasting barely a month. ECOMP only becamean official Linux Foundation project a few short weeks ago, after being donated by AT&T. The Enhanced Control, Orchestration, Management and Policy (ECOMP) is an effort that AT&T has been building for several years to help enable its network transformation for virtualization. OPEN-O on the other hand was announced a year ago, as the Open Orchestrator effort.

Red Hat on Programming

  • Top 3 machine learning libraries for Python
    You don't have to be a data scientist to be fascinated by the world of machine learning, but a few travel guides might help you navigate the vast universe that also includes big data, artificial intelligence, and deep learning, along with a large dose of statistics and analytics. ("Deep learning" and "machine learning" are often used interchangeably, so for a quick terminology primer that might help you understand the difference, read Nvidia's blog post, What's the Difference Between Artificial Intelligence, Machine Learning, and Deep Learning?) In this article, I'll look at three of the most popular machine learning libraries for Python.
  • Which is the best programming language for beginners?
    What is the best language for a budding programmer to get their start with? There are probably as many opinions about which language is best for beginners as there are languages to choose from. And the options change all of the time. When we asked this question two years ago, Python came out on top as the clear winner. But is it still the best choice today?

Games for GNU/Linux