Tag: compliance

In this blog I described some of the logical problems with vulnerability scanners. False positive and false negative errors. Additionally, the worry that problems exist but our tool hasn’t even tried looking for them. Let’s try to make this practical! I’m working on a consulting job as a sub-sub-contractor on a U.S. Department of Defense […]

Last week I wrote that compliance and complacency are major challenges in the cloud. Yes, defensive technology is the same. However, the cloud poses some specific threats. Multitenancy Multitenancy scares people the most. You share cloud infrastructure with other customers. Your cloud services are running on virtual machines. Those VMs run on shared hardware. You […]

GDPR or the General Data Protection Regulation takes effect next May. It’s an EU regulation. However, everyone must comply with it or else suffer heavy financial penalties and risk criminal prosecution. What Is GDPR? Simply put, the GDPR requires strong protection of personal privacy of people in the EU. Violations can lead to crippling fines, […]

I wrote a series of blog posts a while ago about SSH authentication using cryptographic keys rather than passwords. I discussed why SSH keys provide easier authentication, how to set up an SSH key agent, and how to maintain multiple websites. There are two areas of security to consider regarding SSH. I think of them […]

Earlier this week I told you how to set up the journal daemon. Now that it has had time to gather data, let’s see how to easily extract meaningful reports from the Linux system log files. First, let’s see the complete journal data. Look at the first line to see how far back the journal […]