Enterprise Linux Security Podcast

Enterprise Linux Security Episode 55 – Should You Trust Password Managers?

2023-02-082023-02-02 by jay

Podcast: Play in new window | Download (Duration: 47:43 — 87.7MB)

Subscribe: Apple Podcasts | Spotify | RSS

Passwords – for better or worse, they’re a reality and something we have to deal with. With the average person having many accounts, it’s gotten to the point where we just can’t manage these by ourselves. Password managers help us securely store these confidential secrets, but recently Lastpass (one of the most popular password managers) has suffered a breach. Although no actual passwords within vaults were cracked, recent events do raise a red flag. In this episode, Jay and Joao discuss whether or not you should trust password managers.

Live video version

Download Links

MP3 version
MP3 version (smaller file, lower bitrate)
Ogg version

Relevant Articles

LastPass Customers Need to Change All of Their Passwords

Enterprise Linux Security Episode 54 – Recovering from Ransomware

2023-03-222023-01-27 by jay

Podcast: Play in new window | Download (Duration: 49:19 — 90.6MB)

Subscribe: Apple Podcasts | Spotify | RSS

Ransomware – an extremely frustrating security threat that can cause business disruption, data loss, as well as long work days during the recovery process. But how do you recover from such an event? In this foundational episode, Jay and Joao discuss some tips on how to deal with this, tips you’ll hopefully never need but are good to have nonetheless.

Download Links

MP3 version
MP3 version (smaller file, lower bitrate)
Ogg version

Relevant Articles

CISA Ransomware Guide

Enterprise Linux Security Episode 53 – Digital Twins

2023-02-082023-01-19 by jay

Podcast: Play in new window | Download (Duration: 37:06 — 68.3MB)

Subscribe: Apple Podcasts | Spotify | RSS

By using clever infrastructure engineering strategies to increase reliability, you can minimize disruption and downtime for your organization. Another technique to consider is the concept of Digital Twin – having a full system clone/mirror you can use to test enhancements, perform a root-cause analysis, or more. In this episode, Jay and Joao discuss Digital Twins and how the concept can potentially help your organization.

Download Links

MP3 version
MP3 version (smaller file, lower bitrate)
Ogg version

Relevant Articles

Digital Twin (Wikipedia article)
More malicious packages posted to online repository. This time it’s PyPI

Enterprise Linux Security Episode 52 – AISecOps

2023-03-222023-01-12 by jay

Podcast: Play in new window | Download (Duration: 39:59 — 73.6MB)

Subscribe: Apple Podcasts | Spotify | RSS

Note: There’s no video version for this episode, Jay’s camera stopped working near the beginning. It’s fixed now, but this episode is audio-only as a result.

Artificial intelligence seems to be all the rage nowadays, and not just in SciFi movies. Organizations can utilize AI to assist with difficult or time-consuming tasks. Now, AI has made its way into the security industry – and AI tools to check for security concerns are already starting to pop up. In this episode, Jay and Joao discuss AISecOps.

Download Links

MP3 version
MP3 version (lower quality, smaller file)
Ogg version

Relevant articles

Cisco App Dynamics (Note: This is not an endorsement – just an example of one of these solutions)

Enterprise Linux Security Episode 51 – Samba in the Kernel, What Could Possibly Go Wrong?!

2023-02-082023-01-05 by jay

Podcast: Play in new window | Download (Duration: 42:31 — 78.2MB)

Subscribe: Apple Podcasts | Spotify | RSS

Adding unnecessary components to the Kernel is generally a bad idea, as it increases its threat surface. In this episode, Jay and Joao discuss a recent story that’s a perfect example of why it’s important to keep this under control. A vulnerability was recently discovered in the Linux kernel that scored the highest possible rating, and it all started when ksmbd was added.

Download Links

MP3 version
MP3 version (smaller file, lower bitrate)
Ogg version

Relevant Articles

Enterprise Linux Security Episode 50 – The Many Faces of Patching

2023-02-082022-12-29 by jay

Podcast: Play in new window | Download (Duration: 35:32 — 65.4MB)

Subscribe: Apple Podcasts | Spotify | RSS

When it comes to patching, were you aware that there’s more than one type of patch? In this episode of Enterprise Linux Security, Jay and Joao discuss the various types of patching that’s performed today.

Download Links

Relevant Articles

The Many Faces of Patching

Enterprise Linux Security Episode 49 – The Code is Open, But Who’s Looking at It?

2023-03-222022-12-22 by jay

Podcast: Play in new window | Download (Duration: 30:54 — 56.9MB)

Subscribe: Apple Podcasts | Spotify | RSS

Open-Source is great – with code being open, everyone has access to it. That means that the code can be audited – and that makes it more secure, right? Well, possibly. In the recent talk “The Code is Open, But Who’s Looking at it?” Joao discusses the concept in detail. This talk was recorded at OSAD 2022. New episodes of Enterprise Linux Security will resume after the holidays. But for now, enjoy the talk!

Download Links

MP3 version
MP3 version (lower bitrate, smaller file)
Ogg version

Enterprise Linux Security Episode 48 – New Malware, Old Vulnerabilities

2023-02-082022-12-15 by jay

Podcast: Play in new window | Download (Duration: 35:59 — 66.2MB)

Subscribe: Apple Podcasts | Spotify | RSS

While it’s certainly never a good thing to become the victim of a cyber-attack, it can be even more embarrassing if the CVE the threat actor used to get a foothold into your systems was patched a long time ago. In this episode, Jay and Joao discuss malware that’s currently taking advantage of vulnerabilities that were patched over a year ago! As important as software updates happen to be, why are so many organizations unable to keep up with them?

Download Links

MP3 version
MP3 version (lower bitrate, smaller file)
Ogg version

Relevant Articles

Shikitega – New stealthy malware targeting Linux

Enterprise Linux Security Episode 47 – Legislating Open Source

2023-03-222022-11-25 by jay

Podcast: Play in new window | Download (Duration: 32:26 — 59.7MB)

Subscribe: Apple Podcasts | Spotify | RSS

Supply chain attacks in open source software projects are a real possibility. In fact, we’ve covered actual incidents in previous episodes of this podcast. In this episode, Jay and Joao discuss developing legislation that will require the components within open source projects to be a part of a bill of materials (among other requirements). This is definitely something you’ll want to be aware of if your organization produces open-source software, but even non-developers should be aware of it as well.

Relevant Articles

Gov’t Adds Open Source Security to Software Supply Chain
20-page PDF with more specific details on the bill

Download Links

Enterprise Linux Security Episode 46 – Monitoring

2023-02-082022-10-28 by jay

Podcast: Play in new window | Download (Duration: 45:08 — 83.0MB)

Subscribe: Apple Podcasts | Spotify | RSS

If you’re in charge of maintaining servers and related equipment, what should you monitor? While monitoring is something that will grow and expand over time, Jay and Joao will give you some tips in this episode to get you started. Check out this episode for some tips on some of the baseline checks you should implement with your monitoring solution of choice.