editor

Vulnerability Scanning with OpenVAS (Greenbone)

by

Why Vulnerability Management is Core Security Unpatched vulnerabilities are still the #1 root cause of breaches. OpenVAS provides an open-source equivalent to Nessus/Qualys for vulnerability scanning. Deployment Checklist Install Greenbone Community Edition. Run authenticated scans (SSH/WinRM creds). Integrate with patch management (Ansible playbooks). Schedule monthly full scans; weekly delta scans. Track remediation progress with reporting. … Read more

Intrusion Prevention on Linux – Beyond Firewalls

by

Why IPS Matters A firewall blocks what you tell it to. An Intrusion Prevention System (IPS) blocks what it learns is malicious. With modern exploits riding on “legitimate” ports like 443, IPS is critical. Practical Options Fail2ban: Lightweight, bans brute force sources based on log patterns. Suricata: Full IDS/IPS with deep packet inspection. Snort: Classic … Read more

Linux Log Analysis – Turning Noise Into Action

by

The Problem A Linux server generates thousands of log lines per hour. Without structure, critical alerts drown in noise. Attackers rely on this. Core Logs to Monitor /var/log/auth.log – SSH, sudo, login attempts. /var/log/syslog / messages – system and kernel alerts. journald – structured logging with filters. Application logs – Apache, Nginx, PostgreSQL, etc. Practical … Read more

Using Wazuh for Threat Detection and Log Monitoring

by

Why SIEM is Non-Negotiable Most organisations already collect logs. Few actually use them. A SIEM turns noise into alerts. Wazuh (fork of OSSEC) offers enterprise-grade SIEM, free and open source. Deployment Checklist Install Wazuh Manager on a central server. Deploy Wazuh Agents to endpoints (Linux, Windows, cloud). Integrate Logs: journald, syslog, Apache, MySQL, cloud services. … Read more

VPNs, Bastion Hosts, and Secure Remote Access

by

Why Remote Access is Still the #1 Attack Vector Every penetration tester says the same: the quickest win is remote access. Misconfigured VPNs, exposed RDP, and weak SSH bastions give attackers exactly what they need. With hybrid work the default, clients can’t afford sloppy access models. VPN Best Practices Use modern protocols: OpenVPN or WireGuard; … Read more

Linux Account Hygiene – Stopping Insider Threats Before They Start

by

The Problem Stale accounts are goldmines for attackers. Contractors leave, interns move on, yet their SSH keys and sudo rights linger. Practical Checklist Regular Account Review awk -F: ‘{ print $1 ” ” $3 }’ /etc/passwd | sort -n -k2 → identify unused accounts. Disable, Don’t Delete usermod -L accountname → preserves forensic history. SSH … Read more

Hardening sudo and PAM – Privilege Control in Linux

by

Why Privilege Escalation is a Risk Most attackers don’t start with root. They pivot from low-privilege accounts. Misconfigured sudo rules and weak PAM policies are a direct highway to compromise. Checklist for sudo Hardening Least Privilege %db_admins ALL=(ALL) /usr/bin/mysql → restrict to exact commands, not ALL. No sudo without password Audit /etc/sudoers for NOPASSWD: entries. … Read more

Why Unpatched Systems Still Cause Breaches  

by

The Reality of Patch Neglect Every breach report tells the same story: attackers don’t need zero-days when organisations leave critical patches unapplied. In 2025, ransomware groups exploit vulnerabilities within 72 hours of disclosure. Yet enterprises still average 60+ days to patch. Common Excuses vs Reality “Patching breaks production.” → True if done ad hoc. Mitigated … Read more

Automating Linux Patch Management with Ansible

by

Why Patching Matters Most breaches exploit known vulnerabilities, often months or years old. WannaCry (2017) succeeded because thousands of systems weren’t patched despite updates being available. Even today, unpatched Apache, Exim, or kernel flaws are exploited within days of disclosure. Manual patching doesn’t scale. Clients need automation. Ansible Patch Management Checklist Inventory Hosts Define Linux … Read more

Linux Firewalling – Moving from iptables to nftables

by

Why Firewalls Still Matter Despite cloud hype, perimeter and host firewalls remain the frontline of security. Every year, unfiltered services (SSH, RDP, databases) are scanned within minutes of going online. The problem: many environments still rely on iptables, even though it is now legacy. nftables is the modern replacement, offering unified configuration, better performance, and … Read more

Building a Strong Audit Trail with systemd and journald

by

Why Audit Trails Matter In security incidents, the first question is always: “What happened, when, and who was responsible?” Without reliable logs, the answer is guesswork. Audit trails underpin compliance (GDPR, ISO 27001, CIS Controls) and are often the single factor that separates swift incident response from reputational disaster. On modern Linux systems, systemd-journald is … Read more

Securing SSH on Linux: A Practical Baseline Checklist

by

Secure Shell (SSH) is the default entry point into most Linux systems. Unfortunately, it is also the most common attack vector exploited by automated bots and opportunistic attackers. So for any organisation running Linux servers — whether on-premises, in the cloud, or hybrid — hardening SSH is one of the simplest, highest-impact security steps you … Read more

Using a VPN for Remote Access

by

When non-IT people hear the term “VPN” they tend to think of a commercial service where for a monthly subscription you can connect your computer internet connection and surf the Web anonymously by passing your Internet traffic through a “VPN server” run by the VPN service provider. This is one usage for a VPN – … Read more

Why You Should Never Use A VPN For Security

by

The following is a copyright-free (creative-commons) released post by someone explaining why you should never use a VPN if you want security. Most average computer and internet users are unaware of the facts mentioned in this post.  I thought this post expresses the realities about VPNs succintly and clearly, and so I decided to reproduce … Read more

How To Backup Your Website

by

It’s vital to backup your website regularly. Servers fail, websites get hacked. So here’s a quick guide to how to backup your website. How To Backup Your Website There’s a kind of unspoken law about backups. If you backup, you probably won’t need the backups. But if you don’t – you sure as anything will! … Read more

What is the VATMOSS Law?

by

As of 1 January 2015 there’s a big change coming to Value Added Tax in the EU.  The so-called “Place of Supply” or “VATMOSS” law will apply. What is the VATMOSS Law? First of all, a disclaimer. I am not a lawyer or accountant. The following post is my personal view and interpretation of  VATMOSS.  You … Read more

How To Pursue Content Theft and Copyright Violation

by

Content and copyright theft is an increasing problem on the Web. So what should you do if you discover your content has been stolen by another website? How To Pursue Content Theft and Copyright Violation Yesterday I discovered that some of my website content had been copied and pasted onto someone else’s website. On the … Read more

Here’s An Example of Corporate Jargon To Avoid

by

Don’t you hate corporate jargon on websites? I do. I can’t stand business buzzword jargon or corporate drivel. Well stand by for an extreme example of corporate jargon that I came across on the website of one particular large corporation. Here’s An Example of Corporate Jargon To Avoid What follows below is a short extract … Read more

The Getty Images Copyright Infringement Letter

by

Getty Images has become notorious for the practice of what has become known as the Getty Images Copyright Infringement Letter. Or as some people call it The Getty Images Extortion Letter Scam. The Getty Images Copyright Infringement Letter Getty Images continually scan the Web for alleged infringement of image copyright of images owned by them. … Read more