sources/tech/20201221 5 open source security practices from 2020.md
6.9 KiB
5 open source security practices from 2020
Here are manageable ways to keep your systems and data safe and secure.
Few of us really want to read articles about security. They're usually uncomfortable (and overwhelming) reminders of the things we aren't doing to keep our data safe and secure. Luckily for us, this year, Opensource.com authors specifically focused on writing about manageable security tasks. Some are afternoon projects, while others are small steps you can take to improve your default security settings.
Here are 13 of our favorites.
Encryption
How often have you watched a talk or read something about cryptography that is either so theoretical that it is hard to understand or so high-level that you don't have a concrete example to build on its themes? In Never forget your password with this Python encryption algorithm, Moshe Zadka gives us the best of both worlds: theory and application. Check it out!
We live in an increasingly complex world where we often need to manage several calendars at once. We have our work calendar, our kids' school and activity calendars, our personal appointments, sports and TV schedules… and, if you're using CalDAV, managing all of those calendars could put your security and privacy at risk. Ivan Kupalov explains how to avoid these risks in How to replace CalDAV with a secure calendar protocol.
Mike Bursell introduces Enarx, a new "application deployment system enabling applications to run within Trusted Execution Environments (TEEs) without rewriting for particular platforms or SDKs." In Why we open sourced our security project, Mike explains why he and his co-developer decided to make the project open source.
Email infrastructure
Here's a bargain for you—two articles for the price of one: Free! Victor Lopes and Marc Skinner explain how SSL can help secure your email solutions. Victor's Eliminate spam using SSL with an open source certification authority introduces MailCleaner as an open source anti-spam solution for your email infrastructure, and Marc's How to secure your Linux email services with SSL/TLS walks through enabling SSL/TLS between email endpoints.
You may not have needed to manage SSL certificates before, but you've surely been affected by them. As a user, you've probably gotten an error message on your browser or experienced an outage on a favorite online service. As a system administrator, it's your responsibility to minimize or eliminate these experiences for customers. In Manage your SSL certificates with the ssl-on-demand script, Abhishek Tamrakar offers some ideas on managing these certs and avoiding guaranteed headaches if you ignore them.
Firewalls
If firewalls are one of your responsibilities (and they probably are), Seth Kenlon has you covered. First, he introduces Getting started with Linux firewalls, and then he takes a deeper dive into more advanced capabilities of firewalld in Open ports and route traffic through your firewall.
Vulnerability management
WordPress is by far the most popular web content management system, making it a popular target for cyber threats. Therefore, it is imperative that system administrators keep WordPress installations secure, and Lucy Carney offers 6 tips for securing your WordPress website to help you do so.
Two words you often hear in security are hardening and compliance. In fact, the process of securing your system can also be called "hardening," and depending on your industry, internal or external parties (e.g., your infosec team or a government regulatory agency) may require you to "harden" your system to a minimum security level. Lynis is a tool that will help you achieve that level and audit its capabilities. Gaurav Kamathe's Scan your Linux security with Lynis will help you get started with it.
After you read Gaurav's article, Ari Noman's Use this command-line tool to find security flaws in your code will help you take the principles of hardening to the code level by using the Graudit tool to uncover programming flaws and code vulnerabilities.
Identity management
Will you do me a favor? Before you continue reading, turn on two-factor authentication (2FA) in all of your accounts. Everywhere! And if your organization is looking for an open source solution to produce multi-factor authentication (MFA) in your services, look no further than privacyIDEA. Find out more in Cornelius Kölbel's Open source alternative for multi-factor authentication: privacyIDEA.
In Protect your network with open source tools, Chantale Benoit introduces a couple of open source security tools under the Apache Foundation umbrella. They are Syncope, "an open source system for managing digital identities in an enterprise environment," and Metron, an "advanced security analytics framework that detects cyber anomalies, such as phishing activity and malware infections."
Living a security lifestyle
Security is an ongoing practice. As these articles demonstrate, good security is something you integrate into your life and into your code. Give them all a read, and see what you can do to improve your digital security over the coming year.
via: https://opensource.com/article/20/12/security
作者:Seth Kenlon 选题:lujun9972 译者:译者ID 校对:校对者ID