SC-Cleared Linux & Cloud Security Contract Consultant
Short version: Prefer SSM Session Manager for human access. If you must use SSH, use per-user keys, a bastion or tight source CIDRs, and a hardened sshd_config. No shared logins. No password auth. 1) Choose the access pattern Pattern When to use Notes SSM Session Manager Default for most estates No SSH ports open; IAM-controlled; … Read more
TL;DR Patch now: Linux kernel (CVE-2025-38236), OpenSSH client bugs (CVE-2025-26465/26466), and current VMware advisories; N-able N-central flaws added to CISA KEV. Watchlist: further kernel backports landing in distro trackers; VMware rollups; Microsoft August patches with multiple critical items. Action for Linux/Cloud ops: roll kernel updates with reboots, update OpenSSH clients fleet-wide (laptops, jump hosts, CI), … Read more
For many IT teams, “security” still means keeping up with patches. While patching is essential, it’s far from enough. Attackers increasingly exploit default settings and weak configurations rather than waiting for an unpatched CVE. What Hardening Really Means System hardening is about stripping away unnecessary risk: Secure SSH and key management. Enforcing password and account … Read more
Why Privilege Escalation is a Risk Most attackers don’t start with root. They pivot from low-privilege accounts. Misconfigured sudo rules and weak PAM policies are a direct highway to compromise. Checklist for sudo Hardening Least Privilege %db_admins ALL=(ALL) /usr/bin/mysql → restrict to exact commands, not ALL. No sudo without password Audit /etc/sudoers for NOPASSWD: entries. … Read more
Secure Shell (SSH) is the default entry point into most Linux systems. Unfortunately, it is also the most common attack vector exploited by automated bots and opportunistic attackers. So for any organisation running Linux servers — whether on-premises, in the cloud, or hybrid — hardening SSH is one of the simplest, highest-impact security steps you … Read more