Enterprise Linux Security

DDoS (Denial of Service) attacks are incredibly common, and apparently, are breaking records. In this episode, Jay and Joao discuss a recent blog post from Cloudflare regarding how popular this attack vector is becoming nowadays, as well as a quick refresher on Denial of Service attacks in general.

Ransomware is one of the absolute worst things that can happen to your organization, often resulting in weeks of downtime. We discussed Ransomware recently, and now we have an interesting and time-appropriate story - a popular ransomware group apparently had an imposter within their ranks.

Passwords - for better or worse, they're a reality and something we have to deal with. With the average person having many accounts, it's gotten to the point where we just can't manage these by ourselves. Password managers help us securely store these confidential secrets, but recently Lastpass (one of the most popular password managers) has suffered a breach. Although no actual passwords within vaults were cracked, recent events do raise a red flag. In this episode, Jay and Joao discuss whether or not you should trust password managers.

Ransomware - an extremely frustrating security threat that can cause business disruption, data loss, as well as long work days during the recovery process. But how do you recover from such an event? In this foundational episode, Jay and Joao discuss some tips on how to deal with this, tips you'll hopefully never need but are good to have nonetheless.

By using clever infrastructure engineering strategies to increase reliability, you can minimize disruption and downtime for your organization. Another technique to consider is the concept of Digital Twin - having a full system clone/mirror you can use to test enhancements, perform a root-cause analysis, or more. In this episode, Jay and Joao discuss Digital Twins and how the concept can potentially help your organization.

Artificial intelligence seems to be all the rage nowadays, and not just in SciFi movies. Organizations can utilize AI to assist with difficult or time-consuming tasks. Now, AI has made its way into the security industry - and AI tools to check for security concerns are already starting to pop up. In this episode, Jay and Joao discuss AISecOps.

Adding unnecessary components to the Kernel is generally a bad idea, as it increases its threat surface. In this episode, Jay and Joao discuss a recent story that's a perfect example of why it's important to keep this under control. A vulnerability was recently discovered in the Linux kernel that scored the highest possible rating, and it all started when ksmbd was added.

When it comes to patching, were you aware that there's more than one type of patch? In this episode of Enterprise Linux Security, Jay and Joao discuss the various types of patching that's performed today.

Open-Source is great - with code being open, everyone has access to it. That means that the code can be audited - and that makes it more secure, right? Well, possibly. In the recent talk "The Code is Open, But Who's Looking at it?" Joao discusses the concept in detail. This talk was recorded at OSAD 2022. New episodes of Enterprise Linux Security will resume after the holidays. But for now, enjoy the talk!

While it's certainly never a good thing to become the victim of a cyber-attack, it can be even more embarrassing if the CVE the threat actor used to get a foothold into your systems was patched a long time ago. In this episode, Jay and Joao discuss malware that's currently taking advantage of vulnerabilities that were patched over a year ago! As important as software updates happen to be, why are so many organizations unable to keep up with them?

Supply chain attacks in open source software projects are a real possibility. In fact, we've covered actual incidents in previous episodes of this podcast. In this episode, Jay and Joao discuss developing legislation that will require the components within open source projects to be a part of a bill of materials (among other requirements). This is definitely something you'll want to be aware of if your organization produces open-source software, but even non-developers should be aware of it as well.

If you're in charge of maintaining servers and related equipment, what should you monitor? While monitoring is something that will grow and expand over time, Jay and Joao will give you some tips in this episode. Check out this episode for some tips on some of the baseline checks you should implement with your monitoring solution of choice.

As if Wi-Fi couldn't get anymore tedious, five (yes, FIVE) vulnerabilities were discovered in the Linux mac80211 framework, which can potentially impact literally anyone that uses Wi-Fi. Thankfully, patches are already out to fix these vulnerabilities, but there's important lessons to be learned here that this recent incident makes incredibly clear. Also, the ongoing White House security directive saga continues with some adjustments that broaden its scope.

In this episode, Jay and Joao discuss how much of a target Linux is, as well as some myths surrounding Linux and security. Also, there will be some news updates as well.

In this episode, Jay and Joao discuss a handful of cybersecurity events in the news. While none of these stories are super exciting from a technical standpoint, there's definitely some lessons to be learned. As part of this discussion, Jay and Joao will talk about topics related to the recent Grand Theft Auto leak, as breaches that targeted Uber, 2k games, and more.

Recent news of Patreon firing their security team is making the rounds online, and in this episode, Jay and Joao will talk about this very strange story and some takeaways from it.

What are some of the important areas that a Chief Information Security Officer should focus on? In this episode, Jay and Joao discuss a recent…

Continuous Integration/Continuous Delivery is huge concept when it comes to application deployment nowadays, and with good reason. Automating the compilation, testing, and other aspects of the development process increases efficiency and reliability. Security is another layer of a good CI/CD system, and in this episode, Jay and Joao discuss CI/CD and the security aspects of the popular deployment style.

What happens when you open up the Remote Desktop Protocol (RDP) to the public Internet? Definitely some shenanigans, that's what. In this episode, Jay and Joao discuss some recent news, which includes a company that made the mistake of making RDP available to everyone, multiple crypto-malwares at the same time, and other news.

When Ransomware attacks begin spreading, how would officials go about finding the source? Most of the time, finding the culprit(s) behind cyber-attacks is a very challenging task. In this episode of Enterprise Linux Security, Joao and Jay discuss some methods that were recently used to de-anonymize ransomware domains.

System Administrators are the heroes we need, and in today's episode of Enterprise Linux Security, we celebrate Sysadmin Day 2022 and the many people that work tirelessly to keep our servers running.

In episode 36 of the Enterprise Linux Security podcast, Jay and Joao record an episode live for the first time.

In this episode, Jay and Joao discuss a recent report that identifies the "Top 25 most dangerous software weaknesses." This list includes the usual suspects, as well as some very interesting findings as well. In addition, the descriptions of the common weaknesses serves as a good jumping in point if you're new to this podcast.

What would it be like to suffer a cyberattack event, that literally closes down an entire business? That's exactly what happened to United Structures of America, a steel manufacturing company. In this episode, Jay and Joao discuss what happened, and some of the lessons learned that should cause other organizations to take a hard look at how insecure their own systems are.

Atlassian software is constantly under attack, and often the source of many lost weekends for IT admins. Recently, a brand-new vulnerability has been discovered - CVE-2022-26134. This particular vulnerability is remotely exploitable, and has been listed as critical. In this episode, Jay and Joao discuss this vulnerability, as well as some of the struggles around Atlassian software in general.

Are you a fan of MySQL? What if we told you that there's an infinite supply of it online, right out in the open?! It's literally as bad as it sounds! In this episode, Jay and Joao discuss how over 3.6 million MySQL instances are publicly available, as well as other forms of unintended public access.

A "researcher" with a screen name of "Sockpuppets" decides to demonstrate how insecure some specific online resources are, in the worst way possible. You can't make this stuff up! In this episode, Jay and Joao discuss what this individual wanted to accomplish (and what happened instead).

There are many tools and utilities around security and network management, and in this episode of Enterprise Linux Security, Jay and Joao discuss some of their favorites.

In this episode, Jay and Joao unpack some recent news around the BVP47 vulnerability, and some very interesting details around it and how it came to be. This is one of those "spy thriller" type episodes, so don't miss it!

Through the course of the podcast so far, Jay and Joao have discussed foundational topics, as well as news and current trends. In this episode, second factor authentication is discussed. This foundational episode will go over what it is, why you should use it, and also some of the things that can potentially weaken its benefit.

In the industry, we spend a great deal of time hardening our security, doing our due diligence when it comes to patching, implementing firewalls, avoiding EOL software, as well as many other aspects of our security focus. But unfortunately, even a well thought out implementation of common security controls can be rendered useless if we miss the low hanging fruit - such as training our employees and making sure they understand how serious security is, and how they can help. In this episode, Jay and Joao will discuss that and more.

In the 25th episode of Enterprise Linux Security, Jay and Joao catch up on a few things in the news, including the results of a recent Internet Crime Report, and more!

The situation surrounding Lapsus$ is becoming more and more interesting, and in this episode of Enterprise Linux Security Jay and Joao discuss the latest developments regarding the group that has caused quite a ruckus recently.

Cyber security is a huge topic, and through the years the industry changes rapidly to keep up with current threats and related challenges. As a result, some of the beliefs and mindsets we've adopted in the industry have changed as well. In this episode, Jay and Joao discuss 5 myths in the security industry that either need to be adjusted, or downright debunked.

Encryption is a great benefit to take advantage of, especially when it comes to hosting web sites. But how exactly do TLS certificates work? In this episode, Jay and Joao discuss foundational concepts surrounding certificates, as well as some advice and recommended practices.

In the 21st episode of Enterprise Linux Security, Jay and Joao discuss the recent "Dirty Pipe" vulnerability, as well as Nvidia's recent breach.

Cloud Computing is all the rage these days - but what happens when a company moves to the cloud to quickly? While cloud computing can be a very rewarding technology, it can also get out of hand quite quickly. In this video, Joao and Jay discuss the concept of Cloud Governance, something that any organization that utilizes the cloud can (and should) take advantage of.

2021 is now in the past, but there's some very interesting details in the year-end vulnerability report produced by RBS. These details give us a look at some of the trends that will impact 2022 and beyond. In this episode, Joao and Jay discuss the report and some of its findings.

The New Year is just beginning, and we already have a few important CVE's to discuss, this time around Polkit and LUKS. The CVE numbers for these vulnerabilities are CVE-2021-4034 and CVE-2021-4122 respectively. In this episode, Jay and Joao discuss these vulnerabilities.

We've discussed supply-chain attacks in the past, and now it's time to see an actual example that happened recently. However, this particular incident is especially unique as the libraries in question were allegedly poisoned by the actual developer. In this episode, Joao and Jay discuss the recent sabotage regarding two very popular NPM libraries.

It's frustrating when critical infrastructure encounters an issue that results in a disruption of service. High Availability is a concept that aims to help alleviate (or hopefully eliminate) such downtime, and is a very attractive goal for system administrators. In this episode, Jay and Joao discuss high availability, as well as its pros and cons.

Disasters in the world of tech are frustrating for everyone, not just the company that experienced the incident. In this episode, Jay and Joao discuss thoughts around what it actually means to recovery from a disaster, and why it's typically n

urity. CrowdSec aims to prevent intrusions and other forms of malicious activity, but it does it in a different way - it utilizes intelligence gathered from other users in order to enhance its protection. In this episode, Jay and Joao discuss CrowdSec with Philippe Humeau, the CEO of the project.

Joao and Jay talk about the worst healthcare breaches of 2021, and some lessons that can be learned from these events.

center of the development cycle (rather than an outside resource). In this episode, Jay and Joao discuss DevOps and how it's changed the landscape.

Recently, some interesting security news has occurred, and two specific developments are the main discussion in this episode. Trojan Source is a newly discovered tactic that can be used to hide malicious code and execute something completely unexpected, even when the source code appears to be syntactically correct. In addition, CISA recently mandated a large number of CVE's to be patched in the very near future, which will likely have ramifications even outside of the United States. Also, Jay and Joao also discuss the recently released Fedora 35, which is a distribution that has a large presence on the workstations that administrators use.

Remaining on legacy Linux distributions can lead to additional security risks as time goes on, and migrating to a newer and better supported distribution can be a very difficult endeavor for most administrators. In this episode, Jay and Joao are joined by Jack from AlmaLinux, and we talk about ELevate - a tool that can be used to migrate from a distribution in the Enterprise Linux family to another Enterprise Linux distribution. This helps alleviate some of the burden of distro migration, and as a community project it's also a great project to get started with contributing to an open-source project.

Although there's no such thing as a "perfect" deployment image, including some sane defaults into your images and templates can save you a lot of work down the road, and also give you the opportunity to include more secure defaults. In this episode, we'll discuss deployment image defaults as well as some recent news.

We've talked about Enterprise Linux Security from the worldview of the system administrator, but what's it like on the other side? In this episode, Jay and Joao are joined by Atalay Kelestemur, an Ethical Hacker, as we discuss the mindset of the attacker.

When you write software, there's no reason to reinvent the wheel - shared libraries and other resources exist to enable you to create applications while avoiding redundant work. Unfortunately, sometimes the software supply itself chain is attacked, which would mean that your application contain malware or security threats you didn't account for. In this episode of Enterprise Linux Security, Joao and I discuss supply chain attacks, as well as some ways to mitigate this threat.

Jay and Joao discuss the challenges when it comes to migrating Linux distributions, and the effect this has on security.

Regardless of your role in your company, understanding the various types of attack vectors is extremely important. In this episode of Enterprise Linux Security, Jay and Joao discuss the most common attack vectors that are used today, which will set the foundation for future episodes.

In episode 1 of the Enterprise Linux Security Podcast, Jay and Joao talk about CVEs: Common Vulnerabilities and Exposures. It's an important topic to understand in the world of security, and we'll talk about what this means, how they're classified, and much more!

Enjoy the first episode of a brand new, bi-weekly podcast. Joao and I will get together in each episode and talk about all things Linux Security, with a focus on the Enterprise.