0 security - kevwells.com

Threat Radar

TL;DR Patch now: Linux kernel (CVE-2025-38236), OpenSSH client bugs (CVE-2025-26465/26466), and current VMware advisories; N-able N-central flaws added to CISA KEV. Watchlist: further kernel backports landing in distro trackers; VMware rollups; Microsoft August patches with multiple critical items. Action for Linux/Cloud ops: roll kernel updates with reboots, update OpenSSH clients fleet-wide (laptops, jump hosts, CI), … Read more

Cloud Misconfiguration: Still the #1 Security Threat

  Despite billions invested in security tools, the leading cause of cloud breaches is still misconfiguration. It’s rarely a zero-day exploit – it’s someone leaving an S3 bucket open, mis-scoping IAM permissions, or forgetting to disable test environments. The Most Common Mistakes Publicly accessible storage buckets. “Allow all” firewall and security group rules. Over-privileged IAM … Read more

Backup and Disaster Recovery Strategy

Why DR is Business Survival, Not IT Overhead Ransomware, hardware failure, or cloud outages all kill availability. Without tested backups and recovery, firms collapse. Practical Strategy 3-2-1 Rule: 3 copies, 2 media types, 1 offsite. Encryption at rest + transit. Automated verification: test restores weekly. Documented RTO/RPO targets aligned to business needs. Applied Example Small … Read more

Vulnerability Scanning with OpenVAS (Greenbone)

Why Vulnerability Management is Core Security Unpatched vulnerabilities are still the #1 root cause of breaches. OpenVAS provides an open-source equivalent to Nessus/Qualys for vulnerability scanning. Deployment Checklist Install Greenbone Community Edition. Run authenticated scans (SSH/WinRM creds). Integrate with patch management (Ansible playbooks). Schedule monthly full scans; weekly delta scans. Track remediation progress with reporting. … Read more

VPNs, Bastion Hosts, and Secure Remote Access

Why Remote Access is Still the #1 Attack Vector Every penetration tester says the same: the quickest win is remote access. Misconfigured VPNs, exposed RDP, and weak SSH bastions give attackers exactly what they need. With hybrid work the default, clients can’t afford sloppy access models. VPN Best Practices Use modern protocols: OpenVPN or WireGuard; … Read more

Linux Account Hygiene – Stopping Insider Threats Before They Start

The Problem Stale accounts are goldmines for attackers. Contractors leave, interns move on, yet their SSH keys and sudo rights linger. Practical Checklist Regular Account Review awk -F: ‘{ print $1 ” ” $3 }’ /etc/passwd | sort -n -k2 → identify unused accounts. Disable, Don’t Delete usermod -L accountname → preserves forensic history. SSH … Read more

Hardening sudo and PAM – Privilege Control in Linux

Why Privilege Escalation is a Risk Most attackers don’t start with root. They pivot from low-privilege accounts. Misconfigured sudo rules and weak PAM policies are a direct highway to compromise. Checklist for sudo Hardening Least Privilege %db_admins ALL=(ALL) /usr/bin/mysql → restrict to exact commands, not ALL. No sudo without password Audit /etc/sudoers for NOPASSWD: entries. … Read more

Linux Firewalling – Moving from iptables to nftables

Why Firewalls Still Matter Despite cloud hype, perimeter and host firewalls remain the frontline of security. Every year, unfiltered services (SSH, RDP, databases) are scanned within minutes of going online. The problem: many environments still rely on iptables, even though it is now legacy. nftables is the modern replacement, offering unified configuration, better performance, and … Read more

Securing SSH on Linux: A Practical Baseline Checklist

Secure Shell (SSH) is the default entry point into most Linux systems. Unfortunately, it is also the most common attack vector exploited by automated bots and opportunistic attackers. So for any organisation running Linux servers — whether on-premises, in the cloud, or hybrid — hardening SSH is one of the simplest, highest-impact security steps you … Read more

Why You Should Never Use A VPN For Security

The following is a copyright-free (creative-commons) released post by someone explaining why you should never use a VPN if you want security. Most average computer and internet users are unaware of the facts mentioned in this post.  I thought this post expresses the realities about VPNs succintly and clearly, and so I decided to reproduce … Read more