Linux 讀書會 - 第 8 週 09/23/2014

--- hackpadID: SBprEV2sIQu hackpadWorkspace: tossug tags: hackpad-import, tossug --- # Linux 讀書會 - 第 8 週 09/23/2014 總目錄 [edX Introduction to Linux](https://tossug.hackpad.com/dVX1LvoCcii) ## 課程筆記 **Chapter 11 - Local Security Principles** <undefined>* **Section 3**</undefined> Process Isolation: * cgroups * LXC * Virtualization <undefined>* **Section 4**</undefined> SHA-512 hashing algorithms Password aging - `chage` Pluggable Authentication Modules (PAM) Jack The Ripper - [](http://www.openwall.com/john/)http://www.openwall.com/john/ * 我查到的竟然是 "John" The Ripper！怎麼會不太一樣？ * 之前聽說還可以支google援2階段驗證 * jack the ripper應該是打錯開膛手傑克XD <undefined>* **Section 5**</undefined> Grub 1 Encryption `grub-md5-crypt` Grub 2 Password Protection [](https://help.ubuntu.com/community/Grub2/Passwords)https://help.ubuntu.com/community/Grub2/Passwords **Hardware Vulnerability** When hardware is physically accessible, security can be compromised by: 1. Key logging 2. Network sniffing 3. Booting with a live or rescue disk 4. Remounting and modifying disk content The guidelines of security are: 1. Lock down workstations and servers 2. Protect your network links such that it cannot be accessed by people you do not trust 3. Protect your keyboards where passwords are entered to ensure the keyboards cannot be tampered with 4. Ensure a password protects the BIOS in such a way that the system cannot be booted with a live or rescue DVD or USB key **Best Practices Discussed This Week** * Disable **boot from USB** in BIOS/UEFI better improves hardware security. * Lock down your laptops/computers when you away from keyboard. * Encrypt your partitions or file systems entirely. * Remember to backup your critical data periodically. * Use different strong password for each website/service. * Manage your passwords with trusted password manager. * Avoid people peeping your 2-Factor Authentication codes. Coursera - Usable Security [](https://www.coursera.org/course/usablesec)[https://www.coursera.org/course/usablesec](https://www.coursera.org/course/usablesec) KeePassX (GPLv2 license) [](http://www.keepassx.org/)http://www.keepassx.org/ Configuring OpenSSH with OATH and public keys (2 factor authentication) [](https://www.insecure.ws/2013/09/27/2-factors-authentication-openssh-and-public-keys/)[https://www.insecure.ws/2013/09/27/2-factors-authentication-openssh-and-public-keys/](https://www.insecure.ws/2013/09/27/2-factors-authentication-openssh-and-public-keys/) 2-Factor Authentication Apps * Google Authenticator * Authy ThinkPad Anti-Theft Technology [](http://shop.lenovo.com/us/sitelets/software/anti-theft-protection)http://shop.lenovo.com/us/sitelets/software/anti-theft-protection ThinkPad USB 3.0 Secure Hard Drives [](http://support.lenovo.com/us/en/documents/pd022063)http://support.lenovo.com/us/en/documents/pd022063 `pwgen` generates random/pronounceable passwords. You can get it from Homebrew if you’re using Mac OS X. ## 本週作業範圍：Chapter 12: Network Operations ## 活動簽到 [Carl Su](/ep/profile/n5euV0AaWLn) [Peter Liou](/ep/profile/rovJPUqztCt) [steven huang](/ep/profile/sncZfUbLaeE) [violetson](/ep/profile/oJusv72f72w) [P Fisher](/ep/profile/oTOWRrYfPRk)