Table of contents for November/December 2025 in ADMIN Network & Security

It’s difficult to believe that this year is the 15th anniversay of ADMIN. I’ve written for almost every issue and am pleased to be involved. I still remember in 2010 when Editor in Chief Joe Casad first contacted me about the new magazine that was to “focus on system administration,” which he knew was smack dab in the center of my wheelhouse. Joe knew me from writing for other publications under his editorial control and thought I’d be a great fit. He was right, and the rest is history – 15 years of history. Also of note is that Linux Magazine also reached its 25th anniversary this year. It’s been a great run of publications for Linux New Media, and I congratulate Joe and the rest of the team for…

In the corporate environment, telecommunications are now almost entirely based on VoIP, the key component being the Session Initiation Protocol (SIP), which provides both the underpinnings for calls and a potential attack vector for hackers. The most common pitfalls include insecure passwords, incorrectly configured servers, and blocked ports. In this article, I introduce open source tools such as SIPVicious, sngrep, and Wireshark, which you can use to test and secure your VoIP networks. Despite email, instant messaging, and other forms of communication, a large part of corporate communication is still reliant on phone calls. The VoIP technology begins with a call. A terminal device is then registered with the SIP server by the REGISTER message. The terminal device sends its SIP ID and access data to the server, which…

The integration of large language models (LLMs) into the software development lifecycle has become essential for boosting developer productivity. This shift presents a critical choice for technical leaders: achieving absolute data sovereignty with an on-premises, open source solution. In this article, we provide a comprehensive analysis of this philosophy, offering a deep technical guide to making a strategic decision. The on-premises, privacy-first stack combines Ollama [1] for local LLM serving with the Cursor [2] artificial intelligence (AI)-native integrated development environment (IDE). This approach is architected for maximum control, ensuring that proprietary code, developer prompts, and model outputs never leave the organization’s network perimeter. The system represents the pinnacle of data privacy, trading the operational overhead of managing physical infrastructure for unparalleled security and a significantly lower total cost of ownership…

Running applications in containers is popular for its efficiency and speed, but security remains a concern in multitenant or untrusted workloads. The Kata Containers technology addresses this weakness by running containers inside lightweight virtual machines (VMs) to provide an extra layer of isolation [1]. In essence, Kata Containers merges the speed and simplicity of containers with the strong isolation traditionally provided by VMs, giving each container its own stripped-down VM complete with a dedicated kernel and hardware-enforced isolation and significantly reducing the risk of container escapes affecting the host or other workloads. The result is a container runtime that feels like a standard container from a user perspective but that delivers enhanced security akin to a VM sandbox. This approach has been adopted in cloud environments and production systems where security…

IBM AIX is a robust enterprise-grade operating system used in missioncritical environments where security is paramount, like banking, healthcare, and government. Security breaches on AIX systems are relatively rare compared with other operating systems such as Windows or Linux, primarily because of AIX’s smaller attack surface, niche use in enterprise environments, and robust security architecture. However, breaches do occur, and their rarity doesn’t mean AIX is immune. Implementing two-factor authentication (2FA) or multifactor authentication (MFA) is a critical step in safeguarding AIX systems by helping to ensure that they remain secure against evolving threats and maintain compliance with regulatory demands. AIX administrators have a few options to consider when it comes to MFA. One option is the IBM PowerSC product [1], which is a security tool that adds, among other…

We deliver a production-grade machine learning operations (MLOps) [1] pipeline that accommodates the entire machine learning (ML) application lifecycle from ingestion of data to deployment in nearreal time in a Kubernetes context. The pipeline has three primary phases of operation: (1) A mature extract, transform, and load (ETL) process reads in semi-structured and structured data, cleanses and transforms it, and saves the output in a scalable MongoDB instance; (2) dynamic model training reads in fresh data from MongoDB and employs reproducible, modulated scripts to achieve on-demand, decoupled computation; and (3) all parts are dockerized and shipped to Minikube hosting in a local cluster of Kubernetes. Deployment and service configurations reveal near-real time inference by NodePort services. The system follows current DevOps techniques of modulated deployment, compositionality, and scaling and forms the…

Ubuntu 25.10 Server The “Questing Quokka” server image permanently installs Ubuntu on a computer minus a graphical user interface. The release “comes with compatibility enhancements at the silicon level, accessibility upgrades, and a robust security posture that sets the stage for the next LTS.” [https://canonical.com/blog/canonical-releases-ubuntu-25-10-questing-quokka] Version 25.10 comes with memory-safe implementations of coreutils and sudo-rs, improvements in trusted platform module (TPM)-backed full disk encryption, and support for nested virtualization on Arm. @adminmag ADMIN magazine @admin-magazine.com @adminmagazine@hachyderm.io Code and listings for ADMIN can be found here: https://linuxnewmedia.thegood.cloud/s/9nFQcFb2p8oRMEJ…

The world of work is characterized by increasing digitalization and remote working, which presupposes flexible and dynamic collaboration tools. Many organizations are already using proven Microsoft tools such as Teams, OneNote, or Planner, but they reach their limits when it comes to spontaneous, temporary workflows or the seamless integration of content. This domain is precisely where Microsoft Loop enters the scene. Key Idea Behind Loop Microsoft Loop was first introduced at the end of 2021 and complements the Microsoft 365 universe as a platform for dynamic collaboration. Unlike traditional tools, Loop enables a new type of integration and real-time collaboration. Content such as notes, tables, or task lists can be flexibly created, directly embedded into other applications, and collaboratively edited – without media breaks. Loop components are a key element…

Sigstore [1] is an open source solution for cryptographically signing software artifacts and verifying those signatures in a transparent, tamper-evident manner. Created to improve software supply chain security by making signatures easy to use and difficult to subvert, the Sigstore ecosystem comprises three core components: Cosign, Fulcio, and Rekor. Cosign [2] is the command-line tool that developers and CI/CD systems use to sign container images and other artifacts and to verify those signatures [3]. Fulcio is a lightweight certificate authority that issues shortl-ived signing certificates with the use of OpenID Connect (OIDC) identities. Rekor is a public transparency log that records metadata about each signing event in an immutable ledger. Together, these components let anyone verify who signed a piece of software and ensure that the signature is recorded on…

Microsoft unveiled its new Secure Future Initiative (SFI) for Windows at Microsoft Ignite. The focus is on Administrator Protection, which is set to replace the deprecated User Account Control. Current statistics from the Microsoft Digital Defense Report 2024 [1] show an alarming 39,000 incidents of admin rights abuse every day, making better protection for local accounts a top priority. Microsoft introduced User Account Control (UAC) in Windows Vista. Although it requires users to confirm actions with admin authorization, the protection turned out to be incomplete. Microsoft is now looking to improve protection for Windows 11 workstations and replace UAC with Administrator Protection [2]. In this article, I show you what this new feature is all about and present several arguments to explain why switching to a state-of-the-art protection setup makes…

Imagine it’s Friday afternoon: Five new workstations arrive with the urgent requirement that they be ready for orientation on Monday. You’re not planning to give up your weekend, and there’s no chance you’ll come in early Monday. However, each system still needs to be inventoried, labeled, booted, imaged, and configured with every department-required application. That’s hours of repetitive work made worse by the fact that the systems are running Linux, not Windows. How do you possibly finish in one afternoon, while tickets continue to stack up? The answer is automated enrollment. By combining Debian preseed installation with Puppet server configuration, you can turn the entire process into a hands-off workflow. All that’s required is a USB stick, a bit of preparation, and a reliable network connection (e.g., wired Ethernet). Puppet…

HPC administrators periodically look through the system logs in /var/log, searching for errors or other interesting information. Although it is very nice that the logs are centralized and that admins have tools that use these logs to provide notifications, they are not easy to process and understand. Wouldn’t it be nice to be able to put your own information into the system log (/var/log/ syslog) so you can parse it for your messages with common tools such as grep? Of course, Linux has a tool for that: logger. The system log is a central location for all system messages and would be a convenient location for storing your own messages. Any automatic log processing tool will catch these messages, but you can easily set up a simple grep to capture…

Routers Remain Top Target for IoT Attacks, Per Zscaler Report Routers reimain the most targeted IoT devices, accounting for more than 75 percent of all attacks, according to the Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report (https://www.zscaler.com/campaign/threatlabz-mobile-iot-ot-report). Attackers exploit various router vulnerabilities to execute commands, propagate malware, and expand botnets, the report states. Additionally, it notes that “Netgear routers are an especially popular target.” Common exploitation methods include command injection and directory traversal techniques that “often exploit unauthenticated remote code execution (RCE) vulnerabilities, such as CVE-2016-10174 (https://nvd.nist.gov/vuln/detail/cve-2016-10174) and CVE-2018-10561 (https://nvd.nist.gov/vuln/detail/cve-2018-10561) [which] allow threat actors to bypass authentication and execute scripts remotely.” Top IoT threat findings include: • The US is the top target for IoT attacks, with 54.1 percent of activity. • Routers account for more than…

Digitilization of the economy is leading to a rapidly increasing demand for powerful IT infrastructures in almost all industries. While some seek salvation in the cloud, others are assessing their needs and trying to ensure that their own infrastructure is sufficiently scalable to cope with sudden spikes in demand. Although basic network standards have hardly changed in recent decades, the increasing volume of traffic is posing significant challenges for organizations. To ensure reliability, it’s important for infrastructures to have a clear-cut design that offers scope for expansion. Network simulation helps admins with the demanding tasks this responsibility involves. In practice, this technology can be used in various contexts: ◼ Replacing physical networks: Physical networks are difficult to instantiate, although it makes sense to experiment with scenarios that are as concrete…

When the world was dominated by dinosaurs, a new beast arose from the depths: one that relied on the Earth’s community to grow and thrive. It was Beowulf. No, not the Scandinavian warrior, but an approach to high-performance computing (HPC) that uses common x86 processors, conventional Ethernet networking, the Message Passing Interface (MPI) or a parallel virtual machine (PVM), and Linux. With Beowulf, everything was new. Previous HPC systems all had proprietary tools to manage and monitor servers (nodes) in the cluster, so the tools for Beowulf clusters had to be developed, including those to monitor clusters. During the first few years of this Clusterian period of HPC, one of the key requirements was a simple tool to monitor nodes – something simple that would give the status of all nodes…

Attack scenarios are becoming increasingly complex, as are the infrastructures on which organizations root their IT. Kubernetes, with its many layers for storage and networking, along with the microarchitecture applications running on it, is a prime example of ever-increasing complexity. Unsurprisingly, security is one of the key issues for IT managers. Clearly, new tools are needed. In recent years, new solutions have emerged that let you detect threats and attacks more easily in scalable environments. A previous ADMIN article on Falco [1] [2] is one example, and Tetragon [3], which I discuss in this issue, is a direct competitor. Much like Falco, Tetragon promises proactive monitoring of containerized setups in Kubernetes, but that is not the only similarity: Like its competitor, Tetragon relies heavily on the extended Berkeley Packet Filter…

For years, CentOS was the distribution of choice for system administrators that needed to run a Red Hat Enterprise Linux (RHEL) compatible system, but could not afford a full support contract with Red Hat. CentOS, a fully compatible clone built from RHEL sources, functioned as a drop-in replacement for RHEL. CentOS promised an enterprise-grade Linux distribution that was available for anyone regardless of their budget. Red Hat eventually became a sponsor for CentOS in 2014 [1], in a movement the community found controversial at the time. The sponsorship agreement was, according to LWN.net [2], a de facto acquisition of CentOS by Red Hat, since Red Hat took ownership of the CentOS trademarks and the CentOS governing board consisted of a majority of Red Hat employees. In 2020, Red Hat unilaterally…

Hotpatching directly modifies the code of processes running in RAM, eliminating the need for a restart. The key advantage is reduction of downtime, as servers remain operational and security updates are made without delay. Not all updates support this technology, though, and hotpatching will probably be limited to regular patch day updates in the future. Because not all updates support hotpatching, rebooting is still necessary, which certainly puts the benefits into perspective. In this article, you’ll also learn about more limitations. Microsoft Azure Required On Windows Server 2022, you need the Datacenter: Azure Edition license, which must be running in Azure or Azure Stack hyperconverged infrastructure (HCI), to use hotpatching. Although hotpatching will also be available in local data centers in the Standard and Datacenter editions in the future, you…