System security in 5 minute chunks

At Unixlore.net, Doug Maxwell has a couple of new posts out today on SSH security:

* Actually an update and expansion of his April 19, 2006 post.

Another good read:

Over the weekends, I spend some of my time tinkering with my servers, especially my virtual private server (VPS) instance on Linode. Given the recent attacks on them, I’ve been spending more time on improving my own server security.

I’ve had my own Linode server since March, 2009. Until this point, I’ve done *nix systems administration work on my own boxes at home. At work, I mostly relied on the sysadmins. I didn’t have to focus hard on security either at home or at work. I would make sure my systems were patched, took basic security precautions in my coding, and avoided doing the obviously stupid mistakes. At home, I made sure my firewall locked down everything I didn’t need opened. I didn’t run a web server or enable ssh in. I still don’t, and this is mostly a matter of convenience and priorities. I will need to put the time into getting the pieces in place so that I’m confident attackers are going to have a really hard time breaking into my home LAN.

Having a server out on the Internet changed my attitude tremendously. Keeping my shiny new VPS protected from the botnets and baddies on the Internet would be up to me, and only me. I knew I needed to establish some baseline of security, or I would get hacked in short order. I read up on what I felt I needed and locked down my Linode instance. I disabled root ssh, set up iptables rules, installed fail2ban, etc.

I monitored the logs religiously. About a week after the server went online, I got a trickle, then a stream of attack attempts, mostly on port 22. So I moved the port to block that stream of attack and set iptables to block that port. I finally disabled PAM, but haven’t found a need to move SSH back to port 22 yet.

So, what’s my point?  My point is that I’m not a security expert. Through necessity I started learning more about systems security. By maintaining my server and continually learning more about systems administration and systems and network security, I have become much more security conscious. This in turn has made me a better software developer.

Today, everything is networked and everything is a potential point of attack. As software developers, we no longer have the luxury to ignore security.

Advertisements
Posted in Commentary, Computing, Security

Forget my flying car, I want my jar clock

You can usually tell when a jar has been opened. When you first open it or press down on the lid and release, it pops up. This behavior is a great mechanism for a one-way switch on a timer (day counter) that starts counting days once the seal has been broken and the lid flexes up. A two digit display starts at 0 and goes up to 99. After 99 days, I don’t know about you, my jar of salsa is getting dumped!

It would be too expensive now, but with continued advancements toward very cheap disposable circuit boards (pdf), this should be possible and maybe even cost effective in 10-15* years. I imagine in 20-25* years many shelf safe but perishable consumer products, intended to be refrigerated in the purchased container, will have some kind of electronic dating as part of the apparently never ending competition for consumer market-share.

Improvements on this could be tracking what the peak temperature the product reached after opening, how long has the product been at certain temperature levels, possibly even microbe sensors to check for botulism and other baddies. The possibilities are great!

*This is merely an educated guess based on the technology and consumer trends I’ve observed.

Posted in Cuisine, Invention