Advice | Игорь Олемской - практические заметки по системному администрированию Linux CentOS

Игорь Олемской — практические заметки по системному администрированию Linux CentOS

Архив тега ‘advice’

Do professional certifications belong in your e-mail signature? (перепечатка)

After a discussion amongst coworkers about professional certifications in e-mail signatures yesterday, I decided to throw the question out to href="http://twitter.com/rackerhacker/">Twitter to gather some feedback:

href="http://twitter.com/rackerhacker">rackerhacker: Quick Twitter poll for the nerds: How many certification abbreviations do you put in your e-mail signature? [ href="http://twitter.com/RackerHacker/status/27448088177">Permalink]

The question must have struck a nerve with folks as I had over 50 replies in less than 10-15 minutes. I expected to hear a lot of people say «zero», and there were quite a few responses that didn't surprise me:

href="http://twitter.com/minter">minter: @RackerHacker Zero /> href="http://twitter.com/stwange">stwange: @RackerHacker none it's pretentious /> href="http://twitter.com/nickboldt">nickboldt: @RackerHacker Zero. My cert-fu is weak. /> href="http://twitter.com/scassiba/status/27448504377">scassiba: @RackerHacker none, I don't feel it's necessary to fluff up an email signature with certifications /> href="http://twitter.com/errr_">errr_: @RackerHacker 0 /> href="http://twitter.com/chrstphrbrwn">chrstphrbrwn: @RackerHacker Zero. I don't use an email signature. /> href="http://twitter.com/DamianZaremba">DamianZaremba: @RackerHacker none, makes you look a bit stuck up imo /> href="http://twitter.com/saiweb">saiweb: @RackerHacker 0 /> href="http://twitter.com/jirahcox">jirahcox: @RackerHacker 0. Job title only if absolutely necessary. /> href="http://twitter.com/jtimberman">jtimberman: @RackerHacker None mine are almost all expired anyway src='http://cdn.rackerhacker.com/wp-includes/images/smilies/icon_smile.gif' alt=':)' class='wp-smiley' /> /> href="http://twitter.com/ckeck">ckeck: @RackerHacker zero /> href="http://twitter.com/billblum">billblum: @RackerHacker None. /> href="http://twitter.com/puppetmasterd">puppetmasterd: @RackerHacker zero, or preferably fewer /> href="http://twitter.com/ripienaar">ripienaar: @RackerHacker zero, they dont add value. Much rather link me to your github account so I can make up my own mind src='http://cdn.rackerhacker.com/wp-includes/images/smilies/icon_smile.gif' alt=':)' class='wp-smiley' /> /> href="http://twitter.com/redbluemagenta">redbluemagenta: @RackerHacker None. People can see for themselves through other avenues (blog, github, references) if you're any good. /> href="http://twitter.com/ubuntusoren">ubuntusoren: @RackerHacker none

There were a few people who disagreed:

href="http://twitter.com/bwwhite">bwwhite: @RackerHacker Just one because that's all I have src='http://cdn.rackerhacker.com/wp-includes/images/smilies/icon_smile.gif' alt=':)' class='wp-smiley' /> But I think 2 should be the limit. Pick the 2 most relevant to your current role /> href="http://twitter.com/jwgoerlich">jwgoerlich: Generally 2. Depends on the email topic. /> href="http://twitter.com/whitenheimer">whitenheimer: @RackerHacker just one, some of them aren't worth putting /> href="http://twitter.com/russjohnson">russjohnson: @RackerHacker Currently none but have done upto 4 /> href="http://twitter.com/rbp1987">rbp1987: @RackerHacker I only put the most relevant or the highest level of cert that i have. Why what do you do at the moment? /> href="http://twitter.com/hotshotsphoto">hotshotsphoto: @RackerHacker MCP, MCP+I, CNA MCSE ITIL Practitioner...but only when I'm working in the IT field

There were quite a few that were strongly worded or humorous:

href="http://twitter.com/rjamestaylor">rjamestaylor: @RackerHacker I hate them — R Taylor, SCJP, MCP, RHCP, BSci, SAG /> href="http://twitter.com/mshuler">mshuler: .@RackerHacker I regard email signatures similar to SUVs — the size is relevant to the compensation factor /> href="http://twitter.com/iota">iota: @RackerHacker zero; as number of reported certifications increase, respect for sender decreases — my law #1514 /> href="http://twitter.com/raykrueger">raykrueger: @RackerHacker href="http://theoatmeal.com/comics/email">http://theoatmeal.com/comics/email /> href="http://twitter.com/hjv">hjv: @RackerHacker I'm Ebay A+++ Certified. /> href="http://twitter.com/unixdaemon">unixdaemon: @puppetmasterd @RackerHacker I'd love to see «Failed my MCP due to realising 10 minutes in that it would taint my soul. Forever.» on a CV. /> href="http://twitter.com/swimsaftereatin">swimsaftereatin: @mshuler @RackerHacker And ASCII art is to the signature as a huge purple spoiler is to a pickup truck. /> href="http://twitter.com/anoopbhat">anoopbhat: @RackerHacker none. unless there is a cert whose acronym is BADASS. /> href="http://twitter.com/sarahvdv">sarahvdv: @RackerHacker None because I only have one and it's almost embarrassing to put «CompTIA Network+ Certified» in my signature. /> href="http://twitter.com/0x44">0×44: @RackerHacker Zero. Certifications are nerd short-hand for «Don't hire me.»

I'm certainly not against certifications — they're a good way for vendors to ensure that there are trained professionals that meet a certain set of minimum knowledge levels about their product. When you hire someone with a particular certification, you should be able to assume that they have this minimum knowledge level (for most certifications).

However, a certification says absolutely nothing about how a job candidate has actually applied these skills to their previous work. For example, consider a systems administrator with a CCNA. If you ask the job applicant something like «So, how much experience do you have working with Cisco» for a Cisco-heavy job position and they reply that they've set up a Cisco PIX a few times, but they mainly focus on Linux administration, then what is that certification worth to your company?

As for e-mail signatures, I'd leave out the certifications. If you're sending e-mails to coworkers that you already know, there shouldn't any reason for you to «fluff» your signature with those abbreviations. They should already be familiar with your abilities and the addition of certifications to the e-mail doesn't add anything valuable to the e-mail itself. If you're sending e-mails to people you don't know (especially for a job), it makes your e-mail look pretentious.

href="http://rackerhacker.com/2010/10/16/do-professional-certifications-belong-in-your-e-mail-signature/">Do professional certifications belong in your e-mail signature? is a post from: Major Hayden's href="http://rackerhacker.com">Racker Hacker blog. style="display: none; visibility: hidden;">c0b6ad7e-f251-11df-b20b-4040336e00ef

16.10.2010

Рубрики: Интересные RSS-выборки (новости)

Теги: advice, Blog Posts, certifications, sysadmin, twitter

Оригинал: http://rackerhacker.com/2010/10/16/do-professional-certifications-belong-in-your-e-mail-signature/

Источник: Racker Hacker

Securing your ssh server (перепечатка)

Комментариев нет

One of the most common questions that I see in href="irc://irc.freenode.net/slicehost">my favorite IRC channel is: «How can I secure sshd on my server?» There's no single right answer, but most systems administrators combine multiple techniques to provide as much security as possible with the least inconvenience to the end user.

Here are my favorite techniques listed from most effective to least effective:

SSH key pairs /> By disabling password-based authentication and requiring ssh key pairs, you reduce the chances of compromise via a brute force attack. This can also help you protect against weak account passwords since a valid private key is required to gain access to the server. However, a weak account password is still a big problem if you allow your users to use sudo.

If you're new to using ssh keys, there are href="http://sial.org/howto/openssh/publickey-auth/">many href="http://www.debian-administration.org/articles/530">great href="http://www.linuxquestions.org/linux/answers/Networking/Public_key_authentication_with_ssh">guides that can walk you through the process.

Firewall /> Limiting the source IP addresses that can access your server on port 22 is simple and effective. However, if you travel on vacation often or your home IP address changes frequently, this may not be a convenient way to limit access. Acquiring a server with trusted access through your firewall would make this method easier to use, but you'd need to href="http://en.wikipedia.org/wiki/Recursion">consider the security of that server as well.

The iptables rules would look something like this:

class="wp_syntax"> class="code">

iptables -A INPUT -j ACCEPT -p tcp --dport 22 -s 10.0.0.20
iptables -A INPUT -j ACCEPT -p tcp --dport 22 -s 10.0.0.25
iptables -A INPUT -j DROP -p tcp --dport 22

Use a non-standard port /> I'm not a big fan of href="http://en.wikipedia.org/wiki/Security_through_obscurity">security through obscurity and it doesn't work well for ssh. If someone is simply scanning a subnet to find ssh daemons, you might not be seen the first time. However, if someone is targeting you specifically, changing the ssh port doesn't help at all. They'll find your ssh banner quickly and begin their attack.

If you prefer this method, simply adjust the Port configuration parameter in your sshd_config file.

Limit users and groups /> If you have only certain users and groups who need ssh access to your server, setting user or group limits can help increase security. Consider a server which needs ssh access for developers and a manager. Adding this to to your sshd_config would allow only those users and groups to access your ssh daemon:

class="wp_syntax"> class="code">

AllowGroups developers
AllowUsers jsmith pjohnson asamuels

A nerd's perspective on cloud hosting (перепечатка)

Let's go ahead and get this out of the way: The following post contains only my personal opinions. These are not the opinions of my employer and should not be considered as such.

The term «cloud hosting» has become more popular over the past few years and it seems like everyone is talking about it. I'm often asked by customers and coworkers about what cloud hosting really is. Where does traditional dedicated hosting end and cloud begin? Do they overlap? Who needs cloud and who doesn't?

You can't talk about cloud hosting without defining it first. When I think of «cloud», these are the things that come to mind:

quickly add/remove resources with little or no lead time
hosting platforms that allow for quick provisioning of highly available systems
self-service adjustment of tangible and intangible resources that normally require human intervention

That list may seem a bit vague at first, but try to let it sink in just a bit. Hosting applications in a «cloud» shouldn't mean that you must have a virtual instance running on Xen, KVM or VMWare, and it shouldn't mean that you must have an account with Rackspace Cloud, Amazon EC2, or Microsoft Azure. It means that your hosting operations are highly automated and you can rapidly allocate and deallocate resources for the requirements of your current projects.

Consider this: a customer of a traditional dedicated hosting provider decides to take their applications and host them on one VPS at a leading commercial provider. That provider allows the customer to spin up new VM's in a matter of minutes and re-image the VM's whenever they like. Is that cloud hosting? I'd say yes — even if it's one single virtual instance. That customer has moved from a hosting system with manual interventions and extended lead times to a system where they have instant control over their resources.

It's not possible to talk about what cloud is without talking about what it isn't.

Cloud is not infinitely scalable. If any provider ever claims that their solution is «infinitely scalable», you should be skeptical. Regardless of the provider, everyone eventually runs out of datacenter space, servers, network bandwidth, or power. (If you know of a provider that is infinitely scalable, please let me know as I'd love to see their facilities and review their supply chain.)
Cloud isn't right for everybody. Some applications have demands that cloud hosting might not be able to meet (yet). If an application depends on proprietary hardware that is difficult to virtualize or rapidly allocate, cloud hosting is probably not the answer for that particular application.
Cloud doesn't mean VPS. VPS doesn't mean cloud. As I said before, having a virtual private server environment is not a pre-requisite for cloud hosting. Also, not all VPS solutions fit my definition of cloud as they don't allow for rapid deployments and resource adjustments.

It's important to remember that cloud hosting is a marketing term. As for the technology of cloud, it's what you make of it. You should be looking to reduce costs, solidify availability and increase performance every day. If the ideals of cloud hosting help you do that, it might be the right option for you.

A nerd's perspective on cloud hosting is a post from: Major Hayden's Racker Hacker blog.

Игорь Олемской — практические заметки по системному администрированию Linux CentOS

Архив тега ‘advice’

Do professional certifications belong in your e-mail signature? (перепечатка)

Securing your ssh server (перепечатка)

A nerd's perspective on cloud hosting (перепечатка)

Страницы

Рубрики

Свежие записи

Метки