Tag: security

All the articles with the tag "security".

• The Firewall Rule Order That's Breaking Your Setup

  14 May, 2025

  Firewall rules are evaluated top-down, first match wins. One misplaced ALLOW rule silently defeats all security.

• Sticky Bit, Setuid, Setgid: Linux Special Permissions Explained

  9 May, 2025

  Understand sticky bit, setuid, and setgid: what they do, how to set them, security implications, and real-world use cases.

• Is fail2ban Actually Working? Here's How to Check

  7 May, 2025

  Verify fail2ban is protecting you: check jails, test bans, monitor logs, common misconfiguration, and unban IPs when needed.

• SSHFS: Ditch SCP & Access Remote Files

  29 Apr, 2025

  SSHFS mounts remote filesystems over SSH so you can browse and edit files locally — faster than scp for interactive work.

• SSH Agent Forwarding: How It Works

  26 Apr, 2025

  Understand SSH agent forwarding security risks. When it's safe (almost never), and better alternatives like ProxyJump for jump hosts.

• Stop Putting Passwords in Docker ENV

  28 Mar, 2025

  ENV bakes secrets into layers visible in docker history. Use BuildKit --secret, runtime vars, or .env files.

• The umask You've Been Ignoring

  7 Mar, 2025

  Understand Linux umask: what it is, how 022 and 027 work, calculating file permissions, and why it matters for shared directories and security.

• Running Docker Containers as Non-Root (And Why You Should)

  19 Feb, 2025

  Running as root in containers is a security foot-gun. Learn the USER instruction and numeric UID/GID pattern.

• The Role of Antivirus and Endpoint Detection and Response Systems

  16 Jul, 2024

  AV vs EDR — traditional antivirus signatures vs behavioral endpoint detection. What each catches, what it misses, and what you actually need.

• Certificate Pinning: A Secure Connection Guide

  10 Jul, 2024

  Certificate pinning locks your app to a specific TLS cert so MITM attackers can't swap in a rogue CA — how it works and when to use it.

• Understanding the regreSSHion Vulnerability in OpenSSH

  2 Jul, 2024

  regreSSHion (CVE-2024-6387) is a remote code execution bug in OpenSSH — what it is, which versions are affected, and how to patch fast.

• How to securely deploy Cloudflare Tunnels

  13 Jun, 2024

  Cloudflare Tunnels expose local services to the internet without open ports — secure setup with zero-trust access controls.