A Technical I.T./DevOps Blog
Problem scenario
You think that the users should not click the “make visible” option when entering a password. As an I.T. professional, you are not sure if this should be used or not. You read and think that it should not be used. Is it recommended that you have a practice of not letting the users make the password visible?
Solution
It is not clear.
…
Problem scenario
You want to implement a secure protocol for authentication. You want there to be a password and a second factor of authentication. Can an email (being in possession of an inbox) be a factor in MFA?
Answer
Maybe.
No, according to NIST: https://pages.nist.gov/800-63-FAQ/
But many companies do use email as a factor in multi-factor authentication.
…
Problem scenario
You know hackers and malicious social engineers love passwords. You are considering enforcing password rotations temporally (as a systems administrator, security consultant, or I.T. manager). You want planned periodic password changes to happen in a mandatory way. In theory if a password was once lost, changing it mitigates the damage. This is intuitive and consistent with a variety of sources. Many OSes and LDAPs facilitate built-in password expirations based on time intervals.
…
Continue reading “Is It a Best/Recommended Practice to Rotate Passwords?”
Problem scenario
A NIC or network interface is not being protected by a zone in the firewalld. You run firewall-cmd commands with different flags, but some NIC (e.g., a virtual NIC) will not persistently remain in a zone. You want your firewall-cmd commands to have a permanent effect. The –permanent flag is supposed to work, but it is not helping. What should you do?
Solution
If a firewall-cmd command fails with a –permanent flag,
…
Problem scenario
You want to not broadcast your home’s network (e.g., to make sure people do not borrow your bandwidth or hack your devices such as your thermostat with ransomware). You want to keep using your WiFi. You try to disable the “Broadcast Network Name (SSID)”, but you get a prompt like “WARNING:
Disabling Broadcast Network Name (SSID) will disable Wi-Fi Protected Setup (WPS) functionality. Are you sure you want to change?”
Should you click “OK”?
…
Continue reading “Should You Disable WPS on Your WiFi/Router at Home?”
Problem scenario
You are configuring a new physical server without an image, without an automated unattended installation script or a remote ghosting-type tool (such as Ghost or the NIM tool). How should you format it, install Linux and configure it?
Solution
…
Continue reading “How Do You Set Up a New Linux Server on Hardware?”
Problem scenario
You are trying to run a cryptsetup open command. You enter the passphrase, but you get “Requested offset is beyond real size of device.” What should you do?
Solution
Try starting over with that partition. Can you create a partition that is at least 16 MB? If it is less than that, or there are some overlapping partitions, that may be your problem.
…
Continue reading “How Do You Troubleshoot “Requested offset is beyond real size of device”?”
It is 15 questions and the answers are available. Click here for the Security Quiz.
…
Continue reading “Announcement: Security Quiz Published Today”
Problem scenario
You want to run some firewall-cmd commands. You see the flag –remove-port. Will it allow or block the given TCP/UDP port?
Answer
It will block connectivity on the port.
…
Continue reading “Does Removing a Port with firewall-cmd Allow or Block Connectivity?”
Problem scenario
You want to run some firewall-cmd commands. You see the flag –add-port. Will it allow or block the given TCP/UDP port?
Answer
It will allow connectivity on the port.
…
Continue reading “With firewall-cmd Does Adding a Port Allow or Block Connectivity?”