SC-Cleared Linux & Cloud Security Contract Consultant
Secure access with SSH keys, sudo, PAM, and cloud IAM roles.
In many cloud security reviews, Identity and Access Management (IAM) often turns out to be the weakest area. AWS provides powerful tools to control access, but its defaults are permissive and administrators often grant overly broad rights. The result is predictable: accounts with far more privilege than needed, with API keys that never expire, and … Read more
Identity and Access Management (IAM) is at the centre of every security framework I have worked with. Whether on Linux systems or in cloud platforms, controlling who can do what is fundamental. In my experience, organisations often underestimate IAM. They focus on firewalls or malware protection, while leaving access control inconsistent or poorly documented. In … Read more
Pluggable Authentication Modules (PAM): Controlling Access in Linux Pluggable Authentication Modules (PAM) form the backbone of authentication and access control on most modern Linux systems. In my work, PAM is often overlooked or misunderstood. Administrators know it exists but rarely configure it beyond the defaults. That leaves opportunities for weak passwords, mismanaged access, and non-compliance. … Read more
On almost every Linux system sudo is central to access control. It allows administrators to delegate privileges without handing out the root password. Used properly, it enforces least privilege. Used poorly, it creates a false sense of security and leaves audit gaps. This article sets out the best practices for configuring and managing sudo. The … Read more
Secure Shell (SSH) is the standard tool for remote administration of Linux systems. In practice, it is also one of the most common weaknesses I encounter when reviewing environments. Misconfigurations are frequent, and attackers actively exploit them. Hardening SSH is one of the most effective early steps in strengthening infrastructure security. 1. Why SSH Security … Read more