Here are some tips and tricks to help you improve the security of your organization’s Tomcat deployment.
With password-based authentication so prevalent online these days, you may need or already use some sort of password management tool. There are various online or offline services or software tools for that matter, and they vary in terms of their sophistication, user interface or target environments (e.g., enterprises or end users). For end users, there are a few GUI-based password managers, for instance, KeePass(X). If you do not want any kind of GUI dependency for password management, I would highly recommend pass, a simple command-line utility for password management.
These days, it seems as though anyone who uses the Internet is a tasty morsel for insatiable data thieves. Marketers, governments, criminals and random snoops won’t be satisfied until they can snarf whatever information they want about us at any time. If you want to dodge ad trackers, have sensitive sources to protect or you just want to conduct your normal online activities without being spied on, then The Amnesiac Incognito Live System (better known as Tails) could help.
Unpatched sites and improperly issued SSL certificates could be leaving users vulnerable. A month after the Heartbleed OpenSSL security vulnerability was first publicly disclosed, there are strong indications that there are still a whole lot of vulnerable users.
Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritised list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process. Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities, but there are also those that offer broad IT security scanning.
Last week, the oVirt Project delivered a new version of its open source virtualization management system, complete with a feature I’ve eagerly awaited for the past two years. The feature, called Hosted Engine, enables oVirt admins to host the system???s management server (aka the engine) on one of the virtualization hosts it manages. This article walks through the installation and first steps of a basic oVirt install using the Hosted Engine feature.
You can spend 50-60 hours a week managing your Unix servers and responding to your users’ problems and still feel as if you’re not getting much done or you can adopt some good work habits that will both make you more successful and prepare you for the next round of problems.
When it comes to forensics, penetration and security testing Kali Linux – which is designed for security professionals and packed with more than 300 security testing tools — is arguably the most developed of the Linux distributions. Available in 32 bit, 64 bit, ARM, Live USB, and VMware versions, Kali Linux is maintained and funded by Offensive Security Ltd. Version 1.0.6 released on January 9, 2014 delivers a host of improvements, including the switch to Debian and use of an FHS-compliant system.
There are dozens of other excellent alternative solutions to proprietary software and thousands of open source projects that can serve small businesses. It can sometimes be difficult to select the software which best matches specific needs, but there are plenty of people globally willing to help you make those decisions and help take small businesses down the path to an open and productive future.
Amazon Web Services has an extremely functional and easy to use web console called the AWS Management Console. It’s brilliant for performing complex tasks on your AWS infrastructure, although as a Linux sysadmin, you may want something more “console” friendly.