July 2017 - Lewis Data Security

Humble Book Bundle: Cybersecurity

This isn’t a bad bundle for $15, all told. I’d consider it a buy if you want to understand some of the underlying security and crypto concepts, but not if you’re looking for up to the minute exploits or state of the industry type stuff.

For example: The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd Edition is a book from 2011. A fair bit of it is still relevant, but six years is a long time. On the other hand, something like Cryptography Engineering: Design Principles and Practical Applications is going to be a solid foundational crypto book for a long time.

If you have zero certs or industry experience, the CEH isn’t the worst place in the world to start to get a beginning job, but it’s basically just a memorization test and the industry knows it.

Hardening SSH With Configuration Changes

Hardening SSH can be a challenge, but it’s critical to get done.

hardening ssh - version

OpenSSH is the administrative tool of choice for any good Unix/Linux sysadmin, and every bad guy in the world knows it. There’s a lot of scanning constantly looking for low-hanging fruit like misconfigured SSH services.

Continue reading “Hardening SSH With Configuration Changes”

Another day, another Flash exploit

Adobe posted security bulletin APSB17-21 today, detailing a new exploit vector that potentially lets bad actors run code on your machine.

Just uninstall Flash. Most major content providers offer an html5 option and have for a while now.

YubiKeys for half off

This really isn’t a deal site, per se, but I feel like it’d be a disservice not to mention that Yubikeys are half off for Amazon’s Prime Day. They are supported by KeePassXC as of last month, and picking up a YubiKey 4 for $20 is a steal if you have a use case for one.

Configuring Fail2Ban To Protect Services

There are a number of automated banning tools that check for bad behavior but I like fail2ban as it’s flexible and extensible. Configuring fail2ban requires adjustment and testing but can be comprehensive. Certainly sshguard and denyhosts are solid options and if you’re only looking for something to monitor ssh, those are a great way to go.

installing configuring fail2ban — some of the wonderful ssh tools available to bad guys

Note: This a guide to one security tool. You are responsible for securing and exposing a service to the internet. I would not put a fresh box up with ssh open on the internet with only fail2ban installed, for example. (You might also want to harden the service directly.)

Continue reading “Configuring Fail2Ban To Protect Services”

CISSP Exam Preparation

So, the CISSP. Largely considered the gold standard by business types around the world, I finished the certification process last month and found everything underwhelming. Here’s what I did for CISSP exam preparation!

Continue reading “CISSP Exam Preparation”

Signal, of course

If you’re reading this and you haven’t already installed Signal by the incredible Open Whisper Systems, go give it a try. One of the most seamless and painless ways to add security and privacy to your SMS life:

Signal for iOS

Signal for Android

Crypto Wars

I’ve got two pieces about the state of modern crypto wars! The current dialog is about hash functions SHA-2 versus SHA-3. They also talk about some other competing functions like BLAKE and KangarooTwelve, but in the interest of sanity I’m going to stick to SHA-2 and SHA-3. These are both NIST-published standards, and NIST standards are generally the bar used by .. well, everyone.

Continue reading “Crypto Wars”

Beginnings

I intend this to be a little blog to comment about security stuff that I’m interested in. Sometimes it’ll be broad news, sometimes it’ll be tools, sometimes it’ll be random personal stuff about whiskey.

I hate ads, so the only revenue on here is via Amazon affiliate links.