Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday September 06 2015, @04:06PM   Printer-friendly
from the I'm-not-paranoid,-they-really-are-out-to-get-me! dept.

Linux Foundation project director Konstantin Ryabitsev has publicly-released the penguinistas' internal hardening requirements to help sysadmins and other paranoid tech bods and system administrators secure their workstations.

The baseline hardening recommendations are designed that balance security and convenience for its many remote admins, rather than a full-blown security document.

The document is designed to be adapted to individual admins' requirements, and contains explanations justifying security paranoia.

Severity levels range from low to critical, and escalate to "paranoid" for those willing to operate in blacked-out faraday cages under more inconvenient but secure conditions.

"We use this set of guidelines to ensure that a sys admin's system passes core security requirements in order to reduce the risk of it becoming an attack vector against the rest of our infrastructure," Ryabitsev explains.

"You may read this document and think it is way too paranoid, while someone else may think this barely scratches the surface.

"Security is just like driving on the highway - anyone going slower than you is an idiot, while anyone driving faster than you is a crazy person."

Ryabitsev is a web and Linux security geek who manages Linux Foundation-hosted collaborative projects. He says the guidelines should be adjusted if they are out of step with organisational risk appetites.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0, Offtopic) by MichaelDavidCrawford on Sunday September 06 2015, @04:17PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Sunday September 06 2015, @04:17PM (#232999) Homepage Journal

    Not long after Working Software released Working Printlogger, I got a call from a man who could not tell me even his name. He wanted to know whether I could develop a custom build that could not be removed.

    His, uh... "Company" kept its printer in a securely - like men with guns - room with the printer itself under constant video surveillance. What he wanted was a way to ensure that no one could print without being logged.

    After an hour of discussion I sadly concluded I couldn't supply a solution.

    I have since realized that I now know many ways I could have done that, for example to have patched the Bejesus out of the system with a huge rat's nest of JMP instructions. To disable Working Printlogger for "The Company" would render the Mac OS System unable to boot.

    At the time I could have pulled that off but that solution and others I've come up with simply did not occur to me.

    --
    Yes I Have No Bananas. [gofundme.com]
    Starting Score:    1  point
    Moderation   -2  
       Offtopic=2, Total=2
    Extra 'Offtopic' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   0  
  • (Score: -1, Offtopic) by Anonymous Coward on Sunday September 06 2015, @06:16PM

    by Anonymous Coward on Sunday September 06 2015, @06:16PM (#233026)

    wat?