Spend a little time working through PCI DSS and you quickly realize that much of the focus is on understanding and reducing risk. This often means efforting to keep sensitive info on a need-to-know. Here are just a few ways you can improve your Linux security:
Posts Tagged ‘security’
Compliance and Security – Is there a difference?
I think so. Many articles and blog posts have been written on compliance and security. Some argue that compliance and security are the same while others argue the opposite. Some people feel that compliance can weaken security.
My take is…
Limit Server Exposure with Time-Based Action Control and VPN’s
How many times have you requested a firewall access change for a temporary use, and have forgotten? Better yet, how many times would you like a firewall to be opened for a particular time frame, but thought it wasn’t an option, so it has been open ever since? For example, if your business is an 8-5 operation, why have remote access protocols like FTP, SSH, or RDP open 24 x 7? Security is all about limiting exposure, so if you don’t need that type of access, why have it?
How Not to Administer Your Server
Simply having Admin access to your server isn’t always enough. Here are some tips to help you stay up and running:
Stop Using Insecure Passwords Now!
Here are some disturbing statistics:
- A recent Hotmail security breach revealed that an overwhelming number of users are using predictable, insecure passwords:
- 61% of passwords were either only lowercase letters or all digits (examples: iloveyou or 123456).
- 20% of passwords were six or fewer characters.
- An estimated 1 in 9 people use one of the Top 500 passwords posted on WhatsMyPass.com
- 1 in 50 people are estimated to use one of the Top 20 passwords, among which are password, 123456, and qwerty.
- Many of the Top 500 passwords are simple dictionary words, curse words, or common first names.
- 60% of web users only have one password that they use for all of their online accounts, including Facebook, PayPal, email, and banks, according to a recent study.
A typical strong password guide looks a little something like this:
- At least 8 characters long
- At least three of the following:
- lower case letter
- capital letter
- numeral
- special character
But this really seems to miss the point. For example, go to Microsoft’s password checker and type in this password: qwerty123456! The checker gives this password strength “Best.” But is it really?
