Awesome security hardening.
• مجموعه ای حجیم از مواد مختلف با موضوع افزایش امنیت. از راهنمایی های دقیق تا ابزارها و معیارهای اساسی:
• Security Hardening Guides and Best Practices;
— Hardening Guide Collections;
— GNU/Linux;
- Red Hat Enterprise Linux - RHEL;
- CentOS;
- SUSE;
- Ubuntu;
— Windows;
— macOS;
— Network Devices;
- Switches;
- Routers;
- IPv6;
- Firewalls;
— Virtualization - VMware;
— Containers - Docker - Kubernetes;
— Services;
- SSH;
- TLS/SSL;
- Web Servers;
- Mail Servers;
- FTP Servers;
- Database Servers;
- Active Directory;
- ADFS;
- Kerberos;
- LDAP;
- DNS;
- NTP;
- NFS;
- CUPS;
— Authentication - Passwords;
— Hardware - CPU - BIOS - UEFI;
— Cloud;
• Tools;
— Tools to check security hardening;
- GNU/Linux;
- Windows;
- Network Devices;
- TLS/SSL;
- SSH;
- Hardware - CPU - BIOS - UEFI;
- Docker;
- Cloud;
— Tools to apply security hardening;
- GNU/Linux;
- Windows;
- TLS/SSL;
- Cloud;
— Password Generators;
• Books;
• Other Awesome Lists;
— Other Awesome Security Lists.
#Security #hardening
@Engineer_Computer
• مجموعه ای حجیم از مواد مختلف با موضوع افزایش امنیت. از راهنمایی های دقیق تا ابزارها و معیارهای اساسی:
• Security Hardening Guides and Best Practices;
— Hardening Guide Collections;
— GNU/Linux;
- Red Hat Enterprise Linux - RHEL;
- CentOS;
- SUSE;
- Ubuntu;
— Windows;
— macOS;
— Network Devices;
- Switches;
- Routers;
- IPv6;
- Firewalls;
— Virtualization - VMware;
— Containers - Docker - Kubernetes;
— Services;
- SSH;
- TLS/SSL;
- Web Servers;
- Mail Servers;
- FTP Servers;
- Database Servers;
- Active Directory;
- ADFS;
- Kerberos;
- LDAP;
- DNS;
- NTP;
- NFS;
- CUPS;
— Authentication - Passwords;
— Hardware - CPU - BIOS - UEFI;
— Cloud;
• Tools;
— Tools to check security hardening;
- GNU/Linux;
- Windows;
- Network Devices;
- TLS/SSL;
- SSH;
- Hardware - CPU - BIOS - UEFI;
- Docker;
- Cloud;
— Tools to apply security hardening;
- GNU/Linux;
- Windows;
- TLS/SSL;
- Cloud;
— Password Generators;
• Books;
• Other Awesome Lists;
— Other Awesome Security Lists.
#Security #hardening
@Engineer_Computer
GitHub
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
A collection of awesome security hardening guides, tools and other resources - decalage2/awesome-security-hardening
آیا ubuntu ها در ایران سالم هستند ؟
داشتم برای آزمایشگاه امنیت یه ابونتو نصب میکردم؛ موقع به روز رسانی توجهم به این آدرس جلب شد:
https://ir.archive.ubuntu.com
بارها این آدرسها رو دیده بودم اما بحث های زنجیره تامین که در ماههای اخیر در جریان است منو به فکر فرو برد . نفوذ به یک محصول برای نفوذ اصلی به یک هدف بزرگ .supply chain attack
در نصب و به روز رسانی اوبونتو ، کاربران ایرانی ابونتو به ریپوی خاص هدایت میشن. خب این محل خوبیه برای تارگت کردن یکسری کاربر خاص. حالا آیا کسی در این زنجیره نصب و به روز رسانی ابونتو نفوذ نکرده ؟ چون کاربر مشخص هست و نفوذ گر علاقمند هم داره . ریسک این موضوع درنظر گرفته شده ؟
پی نوشت: ویندوز که همش میتونه باتلاقی برای نفوذ باشه اینو میدونم ولی خواستم توجه رو به سمت لینوکس که خیلی ها فکر میکنن مشکل فقط ویندوزه ؛ جلب کنم .
#امنیت #امنیت_سایبری #زنجیره_تامین
#cybersecurity #supplychain #supplychainsecurity #linux #ubuntu
@Engineer_Computer
داشتم برای آزمایشگاه امنیت یه ابونتو نصب میکردم؛ موقع به روز رسانی توجهم به این آدرس جلب شد:
https://ir.archive.ubuntu.com
بارها این آدرسها رو دیده بودم اما بحث های زنجیره تامین که در ماههای اخیر در جریان است منو به فکر فرو برد . نفوذ به یک محصول برای نفوذ اصلی به یک هدف بزرگ .supply chain attack
در نصب و به روز رسانی اوبونتو ، کاربران ایرانی ابونتو به ریپوی خاص هدایت میشن. خب این محل خوبیه برای تارگت کردن یکسری کاربر خاص. حالا آیا کسی در این زنجیره نصب و به روز رسانی ابونتو نفوذ نکرده ؟ چون کاربر مشخص هست و نفوذ گر علاقمند هم داره . ریسک این موضوع درنظر گرفته شده ؟
پی نوشت: ویندوز که همش میتونه باتلاقی برای نفوذ باشه اینو میدونم ولی خواستم توجه رو به سمت لینوکس که خیلی ها فکر میکنن مشکل فقط ویندوزه ؛ جلب کنم .
#امنیت #امنیت_سایبری #زنجیره_تامین
#cybersecurity #supplychain #supplychainsecurity #linux #ubuntu
@Engineer_Computer
👍5❤1
Network Security Channel
Post Quantum Cryptography and Compliance Reality.pdf
Post-Quantum Cryptography just entered operational reality.
Ubuntu 26.04 LTS shipped this week — and the most significant change wasn't the new desktop or the Rust-based utilities.
It was this: PQC is now the default. Not opt-in. Not a beta flag. The default.
Every SSH session and TLS connection on a fresh Ubuntu 26.04 install now negotiates ML-KEM-768 — NIST's finalised post-quantum key exchange — alongside the classical X25519. An attacker must break both to compromise the session.
Five things CISOs and compliance teams should do now
1 — Run a cryptographic asset inventory: Map every use of RSA, ECDH, ECDSA, and DH across your systems, libraries, certificates, and third-party integrations. You cannot migrate what you cannot see.
2 — Classify data by longevity: Long-retention data is your highest HNDL priority. Start the migration there.
3 — Document your position under ISO 27001 A.8.24: "Use of Cryptography" already requires a documented policy. An undocumented risk decision on HNDL is itself a compliance gap.
4 — Include PQC in your vendor risk programme: Your quantum exposure is only as low as your weakest cryptographic dependency. Ask your key vendors when they're moving.
5 — Upgrade TLS and SSH first: Ubuntu 26.04 has done this for new deployments. For existing infrastructure, this is the practical starting point — hybrid ML-KEM with classical fallback, backward compatible, running today.
Enterprise infrastructure migrations at scale take 5–10 years.
CRQCs — quantum computers powerful enough to break RSA-2048 — are 7–15 years away by most estimates.
The window is narrowing.
Ubuntu 26.04 is the infrastructure layer moving.
The compliance and regulatory layer is next.
Is your organisation tracking PQC readiness? Have you run a cryptographic inventory yet? Genuinely curious where teams are on this.
#PostQuantumCryptography #PQC #Cryptography #CISO #Cybersecurity #ISO27001 #Compliance #Ubuntu #NIST #LowerPlane #InformationSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Ubuntu 26.04 LTS shipped this week — and the most significant change wasn't the new desktop or the Rust-based utilities.
It was this: PQC is now the default. Not opt-in. Not a beta flag. The default.
Every SSH session and TLS connection on a fresh Ubuntu 26.04 install now negotiates ML-KEM-768 — NIST's finalised post-quantum key exchange — alongside the classical X25519. An attacker must break both to compromise the session.
Five things CISOs and compliance teams should do now
1 — Run a cryptographic asset inventory: Map every use of RSA, ECDH, ECDSA, and DH across your systems, libraries, certificates, and third-party integrations. You cannot migrate what you cannot see.
2 — Classify data by longevity: Long-retention data is your highest HNDL priority. Start the migration there.
3 — Document your position under ISO 27001 A.8.24: "Use of Cryptography" already requires a documented policy. An undocumented risk decision on HNDL is itself a compliance gap.
4 — Include PQC in your vendor risk programme: Your quantum exposure is only as low as your weakest cryptographic dependency. Ask your key vendors when they're moving.
5 — Upgrade TLS and SSH first: Ubuntu 26.04 has done this for new deployments. For existing infrastructure, this is the practical starting point — hybrid ML-KEM with classical fallback, backward compatible, running today.
Enterprise infrastructure migrations at scale take 5–10 years.
CRQCs — quantum computers powerful enough to break RSA-2048 — are 7–15 years away by most estimates.
The window is narrowing.
Ubuntu 26.04 is the infrastructure layer moving.
The compliance and regulatory layer is next.
Is your organisation tracking PQC readiness? Have you run a cryptographic inventory yet? Genuinely curious where teams are on this.
#PostQuantumCryptography #PQC #Cryptography #CISO #Cybersecurity #ISO27001 #Compliance #Ubuntu #NIST #LowerPlane #InformationSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer