Linux Network Security - Page 17

Discover Network Security News

Be Aware of SOA Application Security Issues

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"Extensible Markup Language (XML), Web services, and service-oriented architecture (SOA) are the latest craze in the software development world. These buzzwords burn particularly bright in large enterprises with hundreds or thousands of systems that were developed independently. If these disparate systems can be made to work together using open standards, a tremendous amount of time, money, and frustration can be saved. Whether or not we are on the verge of a new era in software, the goal alone is enough to make security people cringe. It might be easy to glue System A and System B together, but will the combination be secure? Have you ever used or developed a SOA application? If so, you might be interested in this article that talks about some security concerns with it.

Bill Keys
Nov 03, 2008

Parallel SSH Execution and a Single Shell to Control Them All

Many people use SSH to log in to remote machines, copy files around, and perform general system administration. If you want to increase your productivity with SSH, you can try a tool that lets you run commands on more than one remote machine at the same time. Parallel ssh, Cluster SSH, and ClusterIt let you specify commands in a single terminal window and send them to a collection of remote machines where they can be executed. Do you want to increase your productivity with SSH? Check out this article on 3 parallel SSH tools which let you run commands on multiple machines at the same time.

Brittany Day
Oct 31, 2008

Preventing MySQL Injection Attacks With GreenSQL On Debian Etch

GreenSQL (or greensql-fw) is a firewall for MySQL databases that filters SQL injection attacks. It works as a reverse proxy, i.e., it takes the SQL queries, checks them, passes them on to the MySQL database and delivers back the result from the MySQL database. It comes with a web interface (called greensql-console) so that you can manage GreenSQL through a web browser. This guide shows how you can install GreenSQL and its web interface on a Debian Etch server. Are you concern with the threat of SQL injection attacks? This article looks at GreenSQL which acts as a firewall for your MySQL database.

Bill Keys
Oct 29, 2008

Ultimate Security Proxy With Tor

Nowadays, within the growing web 2.0 environment you may want to have some anonymity, and use other IP addresses than your own IP. Or, for some special purposes - a few IPs or more, frequently changed. So no one will be able to track you. A solution exists, and it is called Tor Project, or simply tor. There are a lot of articles and howtos giving you the idea of how it works, I'm not going to describe here onion routing and its principles, I'll rather tell you how practically pull out the maximum out of it. Did you ever wanted to increase your security and privacy on the Internet? This article will teach you how to use the proxy software called Tor. Have you every used it before?

Bill Keys
Oct 27, 2008

MITM attacks - Do They Really Happen?

The man-in-the-middle (MITM) attack is the attempt by an attacker to implant himself between the client (browser, mail client, IM client) and a server serving some web page or other content. The attacker receives all requests and responses to and from the server, reads the content and passes it along to either side. Do you think we need to educate the users about Digital Certificates of web browsers? This article reviews the MITM attacks and how it should be prevented if it really happen. Read on for more information.

Brittany Day
Oct 20, 2008

Perspectives Extension Improves HTTPS Security

Ah, cryptographic security: a boon to those who understand the algorithms, but all too often a lost cause to those who don't. The secure HTTPS protocol for Web surfing is widely accepted, but has one fatal flaw: users ignore certificate error warnings. A Firefox extension called Perspectives aims to close that security hole. What do you think about the Firefox extension called Perpsectives? I find it to report to many fail negatives.

Bill Keys
Oct 20, 2008

Security Scans with OpenVAS

As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. You need a way to both automate tests and make sure you're running the most appropriate and up-to-date tests. Open Vulnerability Assessment System (OpenVAS) is a network security scanner that includes a central server and a graphical front end. Do you want to run network vulnerability tests (NVTs) to identify vulnerabilities in your network? Check out this open source client/server application which provides a graphical front-end for running automated NVTs written in Nessus Attack Scripting Language (NASL).

Brittany Day
Oct 13, 2008

Billy Hoffman On AJAX Security and Browser Attacks

As more and more computing moves to the Web, Web application security has become a high priority -- at least for users. In this interview, Executive Editor Dennis Fisher talks to Billy Hoffman, manager of Hewlett-Packard Co.'s Web Security Research Group, about the security features in Google Chrome, the lack of security training for Web developers and how JavaScript has become the favored tool of attackers. This article is an interview with Billy Hoffman, manager of Hewlett-Packard Co.'s Web Security Research Group. Which he talks about how JavaScript has become the favored tool of attackers.

Bill Keys
Oct 10, 2008

Firefox Extension Blocks Dangerous Web attack

A popular free security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security problems facing the Web today. NoScript is a small application that integrates into Firefox. It blocks scripts in programming languages such as JavaScript and Java from executing on untrusted Web pages. The scripts could be used to launch an attack on a PC. There are tons of security extensions for Firefox, this article looks at one that helps block dangerous web pages. What is your favorite Firefox security plug-in?

Bill Keys
Oct 09, 2008

Monitor Your Network With GroundWork Monitor Community Edition

GroundWork Monitor Community Edition is a free edition of GroundWork Monitor Enterprise, a commercial open source network monitoring solution geared toward large enterprise customers. Free editions often have some limited functionality, but GroundWork Monitor Community Edition offers the visibility a small- to medium-sized network needs by harnessing the power of popular tools such as Nagios, MRTG, NeDi, Ganglia, Nmap, MySQL, and RRDtool. Have you ever used an open source network monitoring tool to keep tabs on your network devices? Check out this free open source application which allows you to integrate popular network tools into a comprehensive network monitoring system.

Brittany Day
Oct 08, 2008

Protect Your Network With pfSense Firewall/Router

pfSense is a free, powerful firewall and routing application that allows you to expand your network without compromising its security. Started in 2004 as a child project of m0n0wall -- a security project that focuses on embedded systems -- pfSense has had more than 1 million downloads and is used to protect networks of all sizes, from home offices to large enterprises. pfSense has an active development community, and more features are being added in each release to further improve its flexibility, scalability, and, of course, security. Have you considered using an open source firewall/router solution for securing your network traffic? Check out the features and performance of a free open source firewall/router solution in this informative article.

Brittany Day
Oct 03, 2008

Setting Up Your Own Certificate Authority with GnoMint

gnoMint is a desktop application that lets you easily manage your own certificate authority (CA). Many secure communications technologies use digital certificates to ensure that the party or service they are connecting with is not an impostor. For many people, the main exposure to digital certificates comes when they visit an HTTPS Web site and see a certificate to validate that they have contacted the right Web server. Have you ever used gnMint? This program tries to help make managing your own certificates easier. Test it out and let use know what you think.

Bill Keys
Sep 30, 2008

Securing Your Network With PacketFence

Network access control (NAC) aims to unify endpoint security, system authentication, and security enforcement in a more intelligent network access solution than simple firewalls. NAC ensures that every workstation accessing the network conforms to a security policy and can take remedial actions on workstations if necessary. For example, NACs can check if a workstation has antivirus software installed and, if not, NAC will limit the workstation's access to the network. Have you been using network access control (NAC) to secure the workstations on your network? Find out about the capabilities and performance of a free open source NAC application called PacketFence in this informative article.

Brittany Day
Sep 25, 2008

Mozilla Patches 11 Bugs in Firefox

Mozilla late Tuesday patched 11 vulnerabilities in Firefox 3.0, more than half of them labeled "critical," and fixed 14 flaws in the older Firefox 2.0. Firefox 3.0.2 quashes six critical bugs, four marked "high," and one pegged as "low" in Mozilla's four-step threat ranking system. Among the most serious were four stability bugs in the browser's graphics rendering, layout and JavaScript engines that can crash the program and might be exploitable with malicious code. I find 11 vulnerabilities fixes in an mirror release to be pretty high. However, I am glad they are still releasing security fixes to Firefox 2.0. What do you think?

Bill Keys
Sep 25, 2008

Umit, The Graphical Network Scanner

Umit is a user-friendly graphical interface to Nmap that lets you perform network port scanning. The utility's most useful features are its stored scan profiles and the ability to search and compare saved network scans. A profile lets you configure how a network scan is performed, change the source information for the scan, and explicitly nominate hosts to include or exclude from the scan, as well as various more advanced options. Have you ever used a graphical interface to Nmap to do your network port scanning? Check out this GUI to Nmap which has many useful features, including the ability to save and compare scans.

Brittany Day
Sep 23, 2008

Securing Your Network Premises With Endian

Unified Threat Management (UTM) devices unify all network security elements into a single device. They often include a combination of routing, firewall, intrusion detection, content filtering, URL filtering, spam filtering, VPN, and antivirus functionalities. These devices usually cost thousands of dollars and require subscriptions. However, you can secure your network and save money at the same time with Endian Firewall Community, a free, open source alternative to costly UTM devices Do you want to secure your network with a free open-source UTM system based on Red Hat? Check out its functionality and performance in this informative article.

Brittany Day
Sep 17, 2008

Adding a Signing Key to RPM

A common (and commonly ignored) step when rebuilding Source RPMs from a remote archive is that of verification of the authenticity of the content. An archive maintainer may choose to sign, or to not sign RPM (and thus SRPM) content it releases. Implicitly, an archive which does sign its content provides a way for a consumer of that content, remote in time or at another site, to verify the authenticity, integrity, and provenance of that package. An earlier post discussed using GPG to verify signed content generally. Have you ever wondered what the importance of using a signing key with RPM? This article discuses how to use them to make your RPM packages more secure.

Bill Keys
Sep 17, 2008

PorkBind v1.3 - Nameserver (DNS) Security Scanner

This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each. Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread. With the threat on DNS increasing and it's importance to the internet as a whole it's something that system administrator's need to take seriously. This article looks at the security tool for bind called PorkBind.

Bill Keys
Sep 15, 2008

Controlling Internet Access With SafeSquid

Content-filtering proxies restrict Internet access privileges for users or groups across an entire network. They must be able to block unwanted content through keyword, URL, DNS, MIME, and image filtering. They need to authenticate and log a user's Internet activity by monitoring and generating detailed reports of URLs accessed, and they must integrate antivirus or malware protection by accessing a reliable antivirus server. Fulfilling all these functions may be a lot to ask, but SafeSquid delivers on all counts. Do you want to use an open source content-filtering proxy that has the capabilities of Squid with content filtering and content security? Check out its features in this informative article.

Brittany Day
Sep 09, 2008

Google Chrome Flaws Come Soon After Browser Release

Less than a day after Google arrived on the browser scene with the launch of Chrome, two security researchers have disclosed separate vulnerabilities that could be exploited to compromise the software. Researcher Aviv Raff told SCMagazineUS.com on Wednesday that Chrome suffers from the same

Brittany Day
Sep 04, 2008

Linux Network Security - Page 17

Linux Pentesting Distros: An Essential Tool for Strengthening Network Security

Enhancing Network Security with Linux Proxy Servers

OPNsense 24.7 'Thriving Tiger': Elevating Open-Source Network Security and Performance