One of the most prevalent discussions on Opensource.com in 2021 was about the security and privacy of your own data. A noticeable theme was that your data is yours and that passwords were key to security. This year's security authors provided helpful tips and open source tools for keeping your data and hardware secure.
Here is my top-five countdown of this year's security journey.
Sahana Sreeram provides six fundamental server security tips, starting with updates and ending with malware scanning. This article provides a head start with your Linux servers either at home or work. Pay extra attention to the password strength section and the tools to create risk-reducing requirements on password policies for your server, as this is the most critical practice on any operating system you are using. This article is a practical guide to working on security in your day-to-day work on Linux servers. As Sahana points out, the security landscape is undoubtedly expanding, and this article gives everyone the chance to start working on prevention.
This next article is excellent for people like myself who write a ton of documentation on everything from articles to personal research notes. Author Ksenia Fedoruk starts with a list of open source cloud storage services to save your documents. Next, she covers the importance of encryption and the ways to use encryption with our docs. She also covers digital signature and watermarking of documents in clear detail and what open source tools to use. Finally, the article covers the use of password protection of the docs we've made and worked with. The reminder in the ending follows a common theme this year in security: Your data is yours.
In this article, Don Watkins covers the responsibility and caretaking of hardware. It leads off with a series of tools to wipe hard drives so that your data can't be taken from the next person to use the equipment. In several small walk-throughs, Don covers using GNU shred, ShredOS, the
dd command, and finally
nvme-cli. Each of these can remove all the data from your hardware and sanitize the hard drives you were working on and no longer need. Don's concluding thoughts provide a gentle reminder that if you are selling your hardware, that doesn't mean the next person should have your data. Your data is yours.
As I pointed out earlier in this countdown, passwords are essential to this year's security round-up. In this article, our writer Sumantro Mukherjee starts by covering how many websites can have (and should have) strict rules when it comes to passwords. This step-by-step article covers how to use
pwgen, starting by installing it and then generating passwords. This was a useful tool to cover, and Sumantro details how to use some flags to generate a password tailored to any website's or application's requirements and policies. At the end of this read, the final thoughts include a link to a handy list of open source password managers written earlier this year by another of our authors, Jason Baker. This is an important read to start making better passwords for your everyday use on websites to prevent hacking or any data loss in your accounts.
Finally, in this year's security countdown, is an article about encryption and encrypting your files. Seth Kenlon covers an open source cross-platform encryption tool called VeraCrypt. Seth's walk-through explains in-depth how to install and use VeraCrypt and shows the ease of use of this cool bit of software. But not before giving a brief history on VeraCrypts predecessor, TrueCrypt, and how VeraCrypt is backward compatible with previously encrypted volumes by TrueCrypt. With this easy-to-use open source software encryption, Seth has proven that you can own your data locally and encrypt it the way you want.
While these five were my favorite this year, here are two additional honorable mentions that are also worth the read.
- Seth Kenlon's Understanding Linus's Law for open source security
- Mike Calizo's How to adopt DevSecOps successfully
Each of these gives a structured read on security policies and adoption.
Final thoughts on security
I highly recommend reading each of these articles and several others this year. These will prepare you for what's to come in the world of security in 2022. You could be the new year's security champion.
Have some tools you want to suggest? Leave a comment or pitch your article idea.