Monday, April 25, 2022

Week 13. Kali Linux and Red Hat Enterprise Linux distributions

 

For comparison, I have chosen Kali Linux and Red Hat Enterprise Linux (RHEL)

 


 

RHEL was developed by Red Hat company that functioned as a Linux distributor. It is an operating system that has its development origins in North Carolina in the 1990-s when a businessman Bob Young and distribution creator Marc Ewing started to cooperate by selling Ewing’s distribution on floppy disks and CDs. The popularity of Linux grew and sales were high, so their cooperation turned into a company named Red Hat which now provides open-source software products to companies.


Kali Linux is Debian-based Linux distribution which was Developed by Offensive security. It was released in March 2013, it is much later than RHEL because it was developed in the 90-s and released in 2000. Kali Linux is also free and is promised by developers to be kept free. RHEL on the other side is free only for developer communities, others have to pay for the product by choosing a subscription with different options like server, virtual datacenters, workstations or other additional support. Kali Linux has a graphical interface and in RHEL it is provided by GNOME. 


The purposes of two distros are completely different. Kali Linux is used mostly for the development of security solutions and computer forensics. It has a great number of tools for solving different cybersecurity problems, which makes this Linux distribution suitable for developers to do reverse engineering, penetration tests or security auditing. Latest Kali also consists of the Xfce desktop environment by default. 


RHEL on the other hand is mainly used for server environments and designed for enterprises. It is also one of the most used distros in its field because of the features it proposes. The main one is the availability of commercial support for 10 years and more if needed. RHEL may guarantee stability and regular security patches with long-term support for enterprise users and Fedora as the community distribution.


Because of the different purposes of those operating systems, they have different target groups: one is oriented toward enterprises and the other toward security solution developers. By some resources, Kali Linux is not recommended for beginners, but for users with an intermediate knowledge of Linux.


Communities of those distributions are also different. In the case of RHEL, it does not have an explicit existence as it is a paid enterprise-oriented operating system. Kali Linux on the other hand has an active and supportive community that resides on forums. Digital forensics specialists often need to develop or explore something new so the forum for asking and discussion is vital for them. In addition to that developers may more often hear from the users about issues making the operating system better everyday.

 

Sources:

https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux


https://www.techotopia.com/index.php/A_Brief_History_of_Red_Hat_Linux

 

https://www.kali.org/features/ 





 

on No comments:

Monday, April 18, 2022

Week 12. Short opinion about the practical applicability of ideals from the text


 

 

Hackers can be referred to as a subculture of people who have a vast majority of knowledge in IT and programming that they can go far beyond the tasks of ordinary IT specialists. Hackers should have lots of different qualities, but what really unites them are their aims, ideals and ethics. Those ideals have been changing through time and yet not everyone may say clearly what are the real hacker’s principles or goals. After reading the text I have found some qualities about hackers applicable to the reality of the third decade of 21-st century nevertheless, some of them may barely be taken into account.


First of all, considering the hacker ethic of the early days, I can point out that hackers have always been promoting mistrust of authorities for a very long time. Decentralisation is one of the most important ideas for hackers which has not changed for a long time and is still applicable to modern hackers. For example, a well known Anonymous group does not have a leader who decides the actions of the group or manages them nevertheless, the members follow ideas that they all know. 

But there is a point in hacker ethics of early days with which I cannot agree. It was said that computers can change your life for the better however, I do not think that reliance only on computers may lead to something good even for the hackers that know much about computers. I think that if there is an invention then there are always people who will misuse it. Misusing can also be understood as inventing something new. After all, someone has come up with an idea to use something the new way, although it is not oriented for good purposes. So the same works for hackers: if a hacker had misused something then there is a big possibility that another guy will come up with a newer idea on how to fix this issue or reveal the hacker's identity. Adding this to the utterly digital world that we are living in right now, we can say that there are so many issues for hackers to worry about. I do not think that abundance of technologies will help hackers to keep acting unnoticed or keep following their ideas. Sometimes restraint may be a good thing to have as an option. 

Considering the values of hacker ethics in the new century I can mostly agree with the statements. Those are the general qualities that describe the ideal of a modern hacker. Hackers indeed must have a passion to keep on doing their job. A real hacker must always know more about something than others know, so there must be a motivation for a hacker to keep on studying the subject, analyzing, finding issues and vulnerabilities. 

I also agree with the quality that hackers promote freedom of word and thought and resist censorship in all its forms. Since most of society browses the internet on a daily basis, governments are trying to gain more control of their people by setting more rules and censorship. Throughout history, such restrictions have not led to something good if they were not resisted by someone. Luckily we have got hackers that became the opposition to the censorship. I am sure that both sides know that they will never win completely but their opposition balances the situation preventing one side from taking over the Internet.

on No comments:

Monday, April 11, 2022

Week 11. Interesting cases about online censorship and privacy

 Censorship and privacy can be hardly maintained reasonable for everyone in the field of internet communication. Some people, especially the ones who provide security may find censorship necessary while others like the ones for whom the censorship was made may find it unnecessary. Both censorship and privacy leave an effect on each other: if you have more privacy then there will be less censorship and if you have more censorship then there will be less privacy. Such divergence often leads to cases of violation of censorship or privacy which I will describe below in two interesting cases.


Anti-censorship organization GreatFire was attacked by Chinese censorship authorities

 


GreatFire is a non-profit organization that makes people of the Western civilization aware of the hard censorship cases in China that keep its citizens away from many information sources on the Internet. The combination of Chinese government actions to filter and censor Internet materials has become known as the Great Firewall. This is the case of bad censorship when people are restricted not from carefully selected materials but from a wider range of things. Such limitations are not made in social favor but to fulfill the needs and ideology of the government which gives this censorship mostly a negative appearance. GreatFire non-profit has been often targeted with DDoS attacks that were made presumably by Chinese hacker groups. In 2015 DDoS attacks coming from China on the websites that were against Chinese policies have become known as the Great Cannon.


Privacy rules were broken when Zoom was displaying data from people’s LinkedIn profiles

 


During a coronavirus, pandemic Zoom took advantage of massive usage of its service by having a secret service called LinkedIn Sales Navigator that was allowing some people to access LinkedIn profile data about other users. This feature was accessible during the meeting to any Zoom user who was subscribed to LinkedIn Sales Navigator. It allowed getting LinkedIn information about users such as location, real name, role on the job and other data. Some findings say that even when a person was joining Zoom meetings under a pseudonym the platform still was able to match this person to his LinkedIn profile. When this security breach was reported, Zoom disabled the LinkedIn Sales Navigator service completely and said that from now on it will take users’ privacy extremely seriously.





Sources:

https://www.techinasia.com/top-10-censorship-china-2015

https://www.bbc.com/news/technology-31967100

https://www.seattletimes.com/business/a-feature-on-zoom-secretly-displayed-data-from-peoples-linkedin-profiles/
on No comments:

Monday, April 4, 2022

Week 10. The security situation in Estonia according to Mitnick formula

 


 

Estonia is famous for its IT development and expansion of digital technologies in its territories, but t present times it cannot be taken seriously without additional cybersecurity measures and precautions. Estonian cybersecurity improvement had been growing drastically for more than 10 years and now it is at a very good level, that our country can even give help and advice to other countries about computer security related questions. According to Kevin Mitnick's three criteria, I can analyze the overall situation with cybersecurity in our country.


Technology 


The need for security in the governmental IT environment had emerged at the beginning of 21 century and become clear after the 2007 cyberattacks on Estonia. As a reaction to that, in 2008 the government has founded Cooperative Cyber Defence Centre which became part of NATO Centres of Excellence. The main goals of this organisation are to improve the cybersecurity technologies within NATO countries, enhance information security and develop new ways of cyber defence. In addition, the Estonian Defence League’s Cyber Unit has emerged in 2010. It is a unit with mostly volunteer IT specialists whose main goal is to protect private telecommunications infrastructure from outside-derived cyberattacks. The goals of those two organisations are crucial especially when it comes to different forms of communication. For example, during 2007 cyberattacks one of the main problems was the inability of the government and other structures to communicate with each other. Email services didn’t work because of spam, flooding and other network disruptions made by hackers. News sites were not able to post fresh news and thus were not able to communicate with the audience. Right now it would not be so easy to misuse any Estonian governmental site or communication system. Encryption, firewalls, digital signatures, two-factor authentication and other technologies are used for secure communication in our country.



Training


Training of Estonian government and IT companies to be ready to withstand a cyberattack had been increased since 2007. CERT-EE is an organisation that deals with cybersecurity incidents and manages the response to them in the country. Their main task is to regularly monitor the cybersecurity situation in our country and help governmental organisations and companies to stay secure in the network. They give advice on different types of security incidents and help to implement the best security solution. In addition to that, they understand that security does not end there. Citizens are also given advice and control in our country to stay secure in cyberspace. 


Policy

Estonian government understands that any cyberattack may be oriented on absolutely any citizen of our country no matter what office or position it occupies. For example, the 2007 cyber-attacks on Estonia have shown that some cyber-attacks may be sophisticated and oriented on banking systems to suspend accounts or cause major disruptions in the whole banking system but some are simple stupid phishing that may affect thousands of people who were not aware of the attack. Because of that our government security requirements are the same for any citizen. One of the tasks of NATO Cooperative Cyber Defence Centre of Excellence is to create new standards and security requirements. Any service providers on Estonian territory whose resources are vital for society are required by the government to manage their ICT risks. All government authorities must have a mandatory security baseline.  By such measures, Estonian government controls and keeps the country secured from cyberattacks. 



Analyzing the Estonian cybersecurity situation I can say that our country is indeed a well-secured state, which keeps developing in this field and it is reasonable. Regularly over 300 cyber incidents are recorded by Estonia’s national computer emergency response team which means that the cybersecurity in Estonia should not stop improving.





Sources:

https://e-estonia.com/how-estonia-became-a-global-heavyweight-in-cyber-security/

https://www.bbc.com/news/39655415

on No comments:
Subscribe to: Posts (Atom)