Twitter
Home Blog Page 605

Practical Steps for Protecting IoT Devices

By
Amber Ankerholz
-

The security of IoT devices is a high priority these days, as attackers can use Distributed Denial of Service (DDoS) attacks to target them and wreak havoc on a system.

“Due to the sheer volume of unconnected devices, it can take hours and often days to mitigate such an attack,” says Adam Englander, who is a Senior Engineer of the LaunchKey product at iovation.

Adam Englander, Senior Engineer of the LaunchKey product at iovation
In his upcoming talk at ELC + OpenIot Summit, titled “IoT Lockdown — Battling Bot Net Builders,” Englander will discuss some practical steps developers can take to make their devices less vulnerable to attackers. We talked with Englander to learn more about these basic security techniques.

Linux.com: What are some common ways that IoT devices are targeted by bot net builders?

Adam Englander: IoT devices are commonly used for a few purposes. One use is as a proxy server which allows attackers to masquerade their identity and location via the compromised device. This proxy allows the attackers to reach targeted systems with a lower level of defense as the IoT device will not be identified as high risk by standard criteria. Another use of compromised IoT devices is for sending spam or phishing emails.

Email providers work very hard at identifying spam and phishing SMTP servers. These efforts are thwarted by the randomness and scale of compromised IoT devices providing the ability to circumvent blacklists. Finally, the most well-known usage for bot nets is Distributed Denial of Service, or DDOS, attacks. Attackers use devices to flood targets with networking requests.

Due to the sheer volume of unconnected devices, it can take hours and often days to mitigate such an attack. The most famous being the October 2016 attack on Dyn, which caused Internet disruption for several hours across a large percentage of the United States. A lesser known DDOS attack was launched against Krebs on Security, a security news site. The Krebs on Security site used well-known Content Deliver Network (CDN) provider Akamai. According to Akamai, the attack was nearly twice the volume of their previously recorded level for a DDOS attack.

Linux.com: What basic steps can developers take to ensure that their applications or devices are protected?

Englander: A great basic resource for developers would be the Open Web Application Security Project, or OWASP, IoT Project. The OWASP group has been providing similar information and resources for web application developers for over a decade.

Linux.com: Are there tools that you recommend? Or other specific strategies?

Englander: IoT security, like any other, is best handled by via Defense in Depth. Defense in depth is based on the premise that any security protocol can fail. You must use the highest level of security at every vulnerable point, or layer, of your system. Adding each layer to the system makes a formidable fortress for attackers to penetrate.

Linux.com: What’s the most important thing for developers to be aware of when securing devices from bot net builders?

Englander: Writing good software is not enough. Architecting the most secure solution requires layers of protection at the Linux level. Many of the bot nets being built today are utilizing poor Linux hardening. A few simple changes to the Linux OS configuration can make all of the difference.

Linux.com: What else should developers know?

Englander: The source code of the malware used for the two DDOS attacks mentioned is available on GitHub: https://github.com/James-Gallagher/Mirai.

Embedded Linux Conference + OpenIoT Summit North America will be held on February 21-23, 2017 in Portland, Oregon. Check out over 130 sessions on the Linux kernel, embedded development & systems, and the latest on the open Internet of Things.

Linux.com readers can register now with the discount code, LINUXRD5, for 5% off the attendee registration price. Register now>>

Best Third-Party Repositories for CentOS

By
Carla Schroder
-

Red Hat Enterprise Linux, in the grand tradition of enterprise software vendors, packages and supports old mold long after it should be dead and buried. They don’t do this out of laziness, but because that is what their customers want. A lot of businesses view software the same way they see furniture: you buy a desk once and keep it forever, and software is just like a desk.

CentOS, as a RHEL clone, suffers from this as well. Red Hat supports deprecated software that is no longer supported by upstream — presumably patching security holes and keeping it working. But that is not good enough when you are running a software stack that requires newer versions. I have bumped into this numerous times running web servers on RHEL and CentOS. LAMP stacks are not forgiving, and every piece of the stack must be compatible with all of the others. For example, last year I had ongoing drama with RHEL/CentOS because version 6 shipped with PHP 5.3, and version 7 had PHP 5.4. PHP 5.3 was end-of-life in August, 2014 and unsupported by upstream. PHP 5.4 went EOL in Sept. 2015, and 5.5 in July 2016. MySQL, Python, and many other ancient packages that should be on display in museums as mummies also ship in these releases.

So, what’s a despairing admin to do? If you run both RHEL and CentOS turn first to the Software Collections, as this is only Red Hat-supported source of updated packages. There is a Software Collections repository for CentOS, and installing and managing it is similar to any third-party repository, with a couple of unique twists. (If you’re running RHEL, the procedure is different, as it is for all software management; you must do it the RHEL way.) Software Collections also supports Fedora and Scientific Linux.

Installing Software Collections

Install Software Collections on CentOS 6 and 7 with this command:

$ sudo yum install centos-release-scl

Then use Yum to search for and install packages in the usual way:

$ yum search php7
 [...]
 rh-php70.x86_64 : Package that installs PHP 7.0
 [...]
$ sudo yum install rh-php70

This may also pull in centos-release-scl-rh as a dependency.

There is one more step, and that is enabling your new packages:

$ scl enable rh-php70 bash
$ php -v
PHP 7.0.10

This runs a script that loads the new package and changes your environment, and you should see a change in your prompt. You must also install the appropriate connectors for the new package if necessary, for example for Python, PHP, and MySQL, and update configuration files (e.g., Apache) to use the new version.

The SCL package will not be active after reboot. SCL is designed to run your old and new versions side-by-side and not overwrite your existing configurations. You can start your new packages automatically by sourcing their enable scripts in .bashrc. SCL installs everything into opt, so add this line to .bashrc for our PHP 7 example:

source /opt/rh/rh-php70/enable

It will automatically load and be available at startup, and you can go about your business cloaked in the warm glow of fresh up-to-date software.

Listing Available Packages

So, what exactly do you get in Software Collections on CentOS? There are some extra community-maintained packages in centos-release-scl. You can see package lists in the CentOS Wiki, or use Yum. First, let’s see all our installed repos:

$ yum repolist
[...]
repo id                  repo name
base/7/x86_64            CentOS-7 - Base
centos-sclo-rh/x86_64    CentOS-7 - SCLo rh
centos-sclo-sclo/x86_64  CentOS-7 - SCLo sclo
extras/7/x86_64          CentOS-7 - Extras
updates/7/x86_64         CentOS-7 - Updates

Yum does not have a simple command to list packages in a single repo, so you have to do this:

$ yum --disablerepo "*" --enablerepo centos-sclo-rh 
 list available | less

This use of the --disablerepo and --enablerepo options is not well documented. You’re not really disabling or enabling anything, but only limiting your search query to a single repo. It spits out a giant list of packages, and that is why we pipe it through less.

EPEL

The excellent Fedora peoples maintain the EPEL, Extra Packages for Enterprise Linux repository for Fedora and all RHEL-compatible distributions. This contains updated package versions and software that is not included in the stock distributions. Install software from EPEL in the usual way, without having to bother with enable scripts. Specify that you want packages from EPEL using the --disablerepo and --enablerepo options:

$ sudo yum --disablerepo "*" --enablerepo epel install [package]

Remi Collet

Remi Collet maintains a large collection of updated and extra packages at Remi’s RPM repository. Install EPEL first as Remi’s repo depends on it.

The CentOS wiki has a list of additional third-party repositories to use, and some to avoid.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Top 9 GNOME Shell Extensions to Customize Your Desktop Linux Experience

By
OpenSource.com
-

Everyone has a list of customizations that they absolutely must make when they first set up a new computer. Maybe it’s switching desktop environment, installing a different terminal shell, or something as simple as installing a favorite browser or picking out the perfect desktop wallpaper.

For me, towards the top of my list when setting up a new Linux machine is installing a few extensions to the GNOME desktop environment to fix a few quirks and allow it to better serve my daily use. I was originally a slow and reluctant GNOME 3 convert, but once I found the right combination of extensions to meet my needs, and found the GNOME Tweak Tool settings that changed a few other basic behaviors, I’ve been a happy GNOME 3 user for a few years now.

Read more at OpenSource.com

Node for Java Developers

By
Node University
-

The biggest audience for my Node.js workshops, courses and books (especially when I’m teaching live) is Java developers. You see, it used to be that Java was the only language professional software developers/engineers had to know. Not anymore. Node.js as well as other languages like Go, Elixir, Python, Clojure, dictate a polyglot environment in which the best tool for the job is picked.

Node.js, which is basically a JavaScript run-time on the server, is getting more and more popular in the places where Java dominated because Node is fast and easy to setup. This post will help Java developers to transition to Node in a few short sections:

Read more at Node University

IoT Cybersecurity Alliance Will Collaborate on Standards, Education

By
SDx Central
-

A new IoT Cybersecurity Alliance formed by AT&TIBMPalo Alto NetworksSymantec, and Trustonic promises to help solve one of the most critical elements of the Internet of Things (IoT) — security. The group says its goal is to work on IoT security standards as well as raise awareness about the topic.

There are numerous IoT-related associations working to promote different segments of IoT and streamline the fragmentation that exists in the industry. However, this is the first group to focus solely on security. AT&T, which was an early advocate for IoT, said it has seen a 3,198 percent increase in attackers scanning for vulnerabilities in IoT devices.

Read more at SDxCentral

Online Migrations at Scale

By
Stripe
-

Engineering teams face a common challenge when building software: they eventually need to redesign the data models they use to support clean abstractions and more complex features. In production environments, this might mean migrating millions of active objects and refactoring thousands of lines of code.

Stripe users expect availability and consistency from our API. This means that when we do migrations, we need to be extra careful: objects stored in our systems need to have accurate values, and Stripe’s services need to remain available at all times.

In this post, we’ll explain how we safely did one large migration of our hundreds of millions of Subscriptions objects.

Read more at Stripe

Safeguard and Scale Containers

By
ADMIN Magazine
-

Security, deployment, and updates for thousands of nodes prove challenging in practice, but with CoreOS and Kubernetes, you can orchestrate container-based web applications in large landscapes.

Since the release of Docker [1] three years ago, containers have not only been a perennial favorite in the Linux universe, but native ports for Windows and OS X also garner great interest. Where developers were initially only interested in testing their applications in containers as microservices [2], market players now have initial production experience with the use of containers in large setups – beyond Google and other major portals.

In this article, I look at how containers behave in large herds, what advantages arise from this, and what you need to watch out for.

Read more at ADMIN Magazine

Introduction to Realtime Linux

By
The Linux Foundation
-

Jan Altenberg gives an overview of the history of realtime Linux, the different approaches, and the advantages of the PREEMPT_RT patch in comparison to other approaches.

 

Watch Camille Fournier, Donna Dillenberger, William ‘whurley’ Hurley Live at Open Source Leadership Summit This Week

By
The Linux Foundation
-

Executives, experts, analysts, and leaders in open source technology will convene this week at Open Source Leadership Summit in Lake Tahoe. The event is invitation-only but The Linux Foundation is pleased to offer free live video streaming of all keynote sessions on Tuesday, Feb. 14 – Thursday, Feb. 16, 2017.

Catch the livestream to hear some of the world’s largest and most successful organizations discuss how to start, build, participate in and advance open source strategy and development.  

AT&T, Cloud Foundry Foundation, Goldman Sachs, Google, IBM, IDC, Leading Edge Forum, Mozilla, and VMware are among the many organizations that will keynote next week.

The livestream will begin on Tuesday, Feb. 14 at 9 a.m. Pacific. Sign up now! You can also follow our live event updates on Twitter with #LFOSLS.

All keynotes will be broadcast live, including talks by Camille Fournier, former CTO of Rent the Runway and author of O’Reilly’s forthcoming book The Manager’s Path: A Guide for Tech Leaders Navigating Growth and Change; Dan Lyons, New York Times best-selling author of Disrupted; Donna Dillenberger, IBM Fellow at the Watson Research Center; and entrepreneur William Hurley aka ‘whurley’ whose retirement savings startup Honest Dollar was acquired last year by Goldman Sachs.

Other featured keynotes include:

  • Katharina Borchert, Chief Innovation Officer, and Patrick Finch, Strategy Director, Mozilla who will discuss community innovation.

  • Al Gillen, GVP of Software Development and Open Source at IDC, will provide an analysis of open source in 2017 and beyond.

  • Abby Kearns, Executive Director of Cloud Foundry Foundation, will share how cross-foundation collaboration is a win for open source.

  • Chris Rice, SVP at AT&T Labs and Domain 2.0 Design and Architecture at AT&T, will talk about the future of networking and orchestration.

  • And more.

View the full schedule of keynotes.

And sign up now for the free live video stream.

Once you sign up, you’ll be able to view the livestream on the same page. If you sign up prior to the livestream day/time, simply return to this page and you’ll be able to view.

Open Networking Summit to Hold Private “Think Tank” Event for Industry Leaders

By
The Linux Foundation
-

An elite group of networking industry executives, investors and entrepreneurs will meet behind closed doors for a think tank discussion at Open Networking Summit (ONS) this year.

The intimate, invitation-only Open Networking Innovation Forum will facilitate a frank and open dialogue centered around the opportunities and challenges facing open networking acceleration and open source business models.                     

The purpose of this invitation-only forum is                                             

  • Open Collaboration among open networking’s visionaries, thought leaders, early adopters, business leaders, entrepreneurs, and innovators together in an intimate setting for a high-quality dialogue.    

  • Stimulating Discussion about the state of open networking, opportunities and challenges, how to accelerate adoption of open networking by various Enterprise IT Teams in a Software Defined World with emerging cloud business models.

  • Informal Networking with leaders representing the entire Enterprise, Cloud & Carrier ecosystem: CIO/CTO/VP IT/Architects, Users from multiple verticals, silicon, box, and software vendors, open source platforms providers, system integrators, venture capitalists, and others.                                      

ONS, to be held April 3-6 at the Santa Clara Convention Center, promises to be the largest, most comprehensive and most innovative networking and orchestration event of the year. The private innovation forum will take place the second day of ONS to gather executive leaders from a cross-section of the industry, including enterprise, carriers and cloud providers, startups and VCs, and others in the networking ecosystem.

In this informational Q&A, Arpit Joshipura, general manager of networking and orchestration at The Linux Foundation, discusses why he organized a think tank event for networking industry executives and what they’ll likely discuss.

Linux.com: Why are you holding a leadership event for open networking executives at ONS?

Arpit Joshipura: ONS is a the largest networking event in Silicon Valley and attracts both developers and business executives. Executive leaders and creators of innovation need a neutral platform for discussion with other like-minded thought leaders. Linux Foundation serves as a catalyst to bring the top influencers together.

Linux.com: Who is invited?

Joshipura: Networking and Orchestration is a very innovative industry and touches many verticals and markets. We are working with key leaders to represent the entire ecosystem – all layers of the stack, from creators to end users across multiple industries. In addition, Silicon Valley is the innovation capital of the world and we will bring Venture Capitalists/Visionaries like Martin Casado from Andreessen Horowitz, and startup executives. A list of some of the confirmed attendees is available on our ONS Website (here)

Linux.com: What is the format?

Joshipura: We’ll hold roundtables, chats, and panels. The format is workshop-style brainstorming.

Linux.com: What will you discuss?

Joshipura: High-level topics for discussion include Architecture Harmonization, Business Models, Open Source Adoption catalysts and blockers, Innovative use cases, vendor research, and more. As the world of Software Defined Enterprise, Service Provider Network Automation and Cloud Technologies come together, there is a huge opportunity for collaboration on topics like 5G/Private Clouds/SDN/NFV that would have a huge impact on adjacent markets like Internet of Things (IoT), Artificial Intelligence (AI), Virtual Reality (VR) and Business Intelligence.

Linux.com: How will the outcome of the discussion be used?

Joshipura: This elite group will be collectively driving the vision and direction of the entire networking and orchestration industry for the next five years to come.

Linux.com: Will there be anything published about it afterward? Why is it closed to the press?

Joshipura: No. It is closed to press to allow for open discussions specifically as several enterprise verticals like FinTech, healthcare, travel and hospitality, retail and of course communications will be sharing use cases, best practices, and lessons learned.

Linux.com readers receive 5% off the “attendee” registration to Open Networking Summit with code LINUXRD5. Save over $850 through February 19. Register now>>

1...604605606...10,743Page 605 of 10,743