Blog
Top 10 things to secure your network
- Details
- Category: Information Technology
- Hits: 193
1. Implement a firewall
The de facto firewall for Ubuntu is ufw (uncomplicated firewall). I personally love this tool as it is easy to configure and maintain. You recall that CIS Benchmark I have referred to numerous times in this article and others? Yeah. Follow that. There are a couple of other firewall packages that are referenced in the guides. Pick one and use the recommended settings.
By default, I would recommend to block all inbound traffic from the internet, allow all outbound traffic from the server, and block all but port 22/TCP (for ssh access) and any other required ports on the local network. My personal go to is to block everything by default and then add rules only for services I
Firewall Configuration for HA Clusters on Linux
- Details
- Category: Information Technology
- Hits: 333
In my previous article, I showed you how to configure high availability clustering for MySQL or MariaDB. But what if you are working in a secure environment where you need to have all ports locked down except those required for functionality? There are a variety of ports that will need to be open depending on required functionality. But they do not have to be open to the world. This article is working under the assumption that the firewall is enabled and already configured to restrict access as needed for your environment.
The most obvious port to be opened for any SQL server is TCP port 3306 to other servers that need to access the database. Another obvious choice is protected access on TCP port 22 if you
Create a Highly Available MySQL Cluster
- Details
- Category: Information Technology
- Hits: 343
This document is intended to walk you through setting up multiple servers to store your databases. You can of course get by with a single server, but then this document would not be for you. Our requirement is to configure a cluster of servers to allow us to perform maintenance on any one server in the cluster while maintaining access to the data stored in the cluster.
It is important to note that this will not speed up access to data. That is not the goal. Only one node will be operating as a master at any given time. The others are replication partners that are grabbing any changes to the master and copying those changes into their copy of the database. They are not directly serving any
Using an immutable desktop
- Details
- Category: Information Technology
- Hits: 2048
There seems to be a new trend in IT -- immutability. But what is it? Immutability is a security mechanism intended to assure the user (or engineer) that the system they built remains as it was built without the addition of any mailware or modified configurations caused by any nefarious actors. Think of it as installing your operating system on a CD. A bad actor cannot modify the files on the CD because they are read only. This is the same for the operating system partition. But how do you configure a system to be immutable? It is much easier than you think, but it does come with its limitations.
Testing Ubuntu 24.04 LTS Daily Builds
- Details
- Category: Information Technology
- Hits: 2563
One Way Forward: Finding a path to what comes after Unix
- Details
- Category: Information Technology
- Hits: 2748
I recently read a series of articles from Laim Proven of The Register that gives some fairly in-depth history of Unix and how software codebases become bloat over time. The information was fascinating and pretty remarkable for the implication that we should at times throw code away and start from scratch. When we don't, we retain old code for the sake of "backwards compatibility" that is never used or accessed and merely takes up space. Since storage has become so cheap, there is little to
Read more: One Way Forward: Finding a path to what comes after Unix