Linux Network Security - Page 19

Discover Network Security News

Fight Phishing From The Unix Or Linux Command Line

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This weekend, we're going to look at a little something (actually a HUGE something) that we all seem to have to deal with now (through email, IM, etc). It's called phishing and, for lack of a better explanation, it's a fraudulent way for a malicious individual, or group, to get username and password information from you using deceptive practices (was that redundant? ;) It's most commonly used to get information regarding a person's online bank accounts, credit card/mortgage management information, etc. In other words, stuff that could really screw up their lives if someone else had it. Phishing attacks are all too common, this article looks at tips to help combat this type of attack.

Bill Keys
Jun 30, 2008

Intrusion Detection For PHP Applications With PHPIDS

This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user

Bill Keys
Jun 26, 2008

Pinging And Checking Port Status With Perl CGI On Linux And Unix

This script closely echoes previous scripts we put out to check on web server status and check on network server port-health insofar as the end result is concerned. It should run fairly simply, too (you'll probably just need to change the target host, target port and, possibly, the location of the ping command, and its arguments, to suit your taste - or have those all fed to the script from the command line using the @ARGV array): Knowing the status of open ports on your computer is a good basic secure habit all Linux users should do. I use Nmap for all my port scanning needs but I found this simple port scanning script to be something to learn from. Have you wrote any good simple scripts to help your machines security?

Bill Keys
Jun 18, 2008

A Comprehensive Guide to Nmap with Screenshots

Nmap (

Bill Keys
Jun 10, 2008

Distributing New SSH Keys Using Rsh On Linux And Unix

Today we're going to grind through our "Lazy Sunday" post with a quick script to update SSH keys network-wide, by using rsh (the less secure of the two protocols). Once you've accomplished this (or have already accomplished this) and are happy with your network's SSH setup, I'd suggest disabling rsh altogether. Then you can move on to quickly setting up your SSH keys all over the network, focus on maintaining the integrity of your sessions, if you have issues with that, and even setting simple SCP routines to help keep your network easy to manage. This article looks at how you can update your SSH Keys on your network with a simple script.

Bill Keys
Jun 09, 2008

Web Input - Securing Data, Second Level of Defense

My implicit presumption in this series is that break ins are unplanned, opportunistic occurrences. Break in attempts are triggered by encountering an input form. As I mentioned previously, do not give information away needlessly. Moreover, I strongly suggest you consider becoming passively aggressive by making your presentation of the form and its expected input somewhat unpredictable. Moreover, I advise turning your data input into a simple waste of time and effort for those not trained to use the entry way. The intent is to encourage those seeking easy break in opportunities to turn their sights on other targets. This article looks at the problem of how Web Application should validate the data they receive from the end-user. Do you validate your data from the Internet?

Bill Keys
Jun 05, 2008

Quick Tips for Web Application Security

A traditional firewall is commonly employed to restrict Web site access to Ports 80 and 443, used for HTTP and Secure Sockets Layer communications, respectively. However, such a device does very little to deter attacks that come over these connections. URL query string manipulations including SQL injection, modification of cookie values, tampering of form field data, malformed requests and a variety of other nasty tricks are often given free passage on allowed, legitimate traffic. Making your Web Application secure is a important feature to implement. This article looks at some quick but important things you can do to improve your application security.

Bill Keys
Jun 05, 2008

Strong passwords no panacea as SSH Brute-Force Attacks Rise

Thanks to the end-of-term for many colleges and some K12 schools, brute-force attacks against SSH servers surged sharply this past weekend, according to the SANS Internet Storm Center. The sudden jump in SSH attacks merits a re-examination of how such servers should be properly secured. Jim Owens and Jeanna Matthews of the Department of Computer Science at Clarkson University have published a paper on the methods that such attacks frequently employ and on the best ways to defeat them. Brute-force attacks gets a lot of attention in the press but do we really need to study it? Yes, with botnet and more powerful computers it makes brute-force attacks more affective. However, if users use strong passwords then the likely hood that they will be hacked by this type of attack goes down drastically.

Bill Keys
May 16, 2008

FBI Issues Warning About Vulnerability of Wi-Fi Hotspots

The FBI issued an alert this week warning that wireless Internet networks, often called Wi-Fi hotspots, are more vulnerable to hackers than most users probably realize. In South Florida, Wi-Fi hotspots are at airports, fast food restaurants, bookstores, coffee shops, sports bars, school campuses, malls, supermarkets -- just about everywhere. Several cities and neighborhoods in the region plan to eventually install networks for residents, too. How secure do you think is your local hotspot? Do you trust it to do your finances or other personal tasks via a coffee shop Wi-Fi access point?

Bill Keys
May 13, 2008

sshpass - Non-Interactive SSH Password Authentication

Bill Keys
May 08, 2008

A Guide to Cryptography in PHP

In an ideal world, words like cryptography and security wouldn't even exist, but the real world is far from perfect, so software developers have to spend a good deal of time building security into applications. Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages. Building security into your web applications is an important skill to have. Have you thought about adding cryptography to your php programs? If so this article looks at ways of doing so.

Bill Keys
May 08, 2008

Samba Security and Troubleshooting

Configuring Samba for your office or home can provide many advantages. By encouraging users to store files on a central file server, you can simplify data backup and in some cases, software installation and maintenance. Unfortunately, the initial configuration of Samba can be tricky. Many simple steps need to be executed in the correct order, and one small slip up can have big repercussions. This chapter explores the ways in which you can recover from those mistakes that you couldn't avoid. Do you thing about how can I make my share secure? When setting up Samba it alway important to make it secure. This article will show you how to setup a secure Samba share.

Bill Keys
May 06, 2008

Virtual Server Sprawl Highlights Security Concerns

Think server sprawl is bad now? Just wait till you experience virtual server sprawl. When users can clone a virtual machine with the click of a mouse, or save versions of applications and operating systems for later use, you're asking for trouble if IT doesn't maintain tight control, virtualization management vendor Embotics warned in a session at Interop Las Vegas Tuesday. (Look through our slideshow at other products shown at Interop.) The ease of creating and deploying virtual machines can lead to a nightmare of confusion when it comes to IT maintenance. How do you keep track of hundreds of VMs scattered about your network, all with varying operating systems and applications installed? How do you know which ones are securely patched and what other servers they can access? Read on for an overview of this growing problem and let us know what solutions you may have for virtual server sprawl.

Brittany Day
May 01, 2008

CDPSnarf - CDP Packet Sniffer

CDPSnarf is a network sniffer exclusively written to extract information from CDP packets. It provides all the information a

Brittany Day
Apr 30, 2008

Creating a VPN with Tinc

With tinc you can create a virtual private network (VPN) that lets you communicate between two machines over an insecure network such as the Internet with all of your traffic encrypted between the hosts on your virtual network. Another interesting application for tinc is connecting your laptop to a Wi-Fi router at home. You might already be using WPA2 to ensure that only valid hosts can connect and communicate with your Wi-Fi router, but you might not be able to assign a fixed address to the laptop when it is connected over Wi-Fi. So if you want to connect to an SSH daemon on the laptop itself or access an NFS share on the laptop, you have to play guessing games as to which IP address the Wi-Fi router has given the laptop this time. Running tinc on the laptop and a server at home removes the guessing game -- just connect to the laptop's VPN IP address. This is an interesting article for anyone who is thinking about setting up an VPN. It talks about using a tool called tinc.

Bill Keys
Apr 14, 2008

Performance Tradeoffs of TCP Selective Acknowledgment

Selective acknowledgment (SACK) is an optional feature of TCP that is necessary to effectively use all of the available bandwidth of some networks. While SACK is good for throughput, processing this type of acknowledgment has proven to be CPU intensive for the TCP sender. This weakness can be exploited by a malicious peer even under commodity network conditions. This article presents experimental measurements that characterize the extent of the problem within the Linux

Brittany Day
Apr 10, 2008

Symark's Security Access Tool Bridges Linux, Active Directory

There's a downside to adding Linux or Unix servers to a Windows shop: These orphan machines lie outside the protective umbrella of the centralized user authentication and authorization controls of Microsoft Active Directory. The result? Multiple user identifications and logins, higher risk of errors and security loopholes, and of course, more work for system administrators. Adding security in a Linux and Window environment is an important step in the health of a users network. This article looks some ways to increase the security of an Linux Windows shared environment.

Bill Keys
Apr 09, 2008

OpenPacket.org 1.0 Is Live

Nearly three years after the initial post describing the idea , I am happy to report that OpenPacket.org 1.0 is ready for public use, free of charge. The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and other members of the digital security community. One of the most difficult problems facing researchers, analysts, and others is understanding traffic carried by networks. At present there is no central repository of traces from which a student of network traffic could draw samples. OpenPacket.org will provide one possible solution to this problem. For all the Snort, Wireshark, and TcpDump enthusiasts out there, OpenPacket.org provides fresh packets for research and analyzing purposes. Looking for a particular traffic pattern? Check out OpenPacket.org!

Brittany Day
Apr 07, 2008

Installing a Secure Instant Messaging Server on Linux

Now that IM servers are ready for the enterprise data center, isn't it time to learn how to install, configure and manage one? This walkthrough will show how to install the Open Source version of Openfire Chat Server 3.4.4 on Ubuntu Linux 7.10 Gusty Gibbon amd64, and guide readers along the steps necessary to initially configure Openfire. The article will also show IT administrators how to successfully connect a chat client to their new enterprise Openfire chat server. Read on for a HowTo on setting up a secure instant messaging server that utilizes TLS for encryption methods and user authentication based off of LDAP. How does this implementation match up to the security settings required for your company?

Brittany Day
Mar 24, 2008

Network Device Configuration Security Auditing Tool

Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page. Have you heard about the networking security tool called Nipper? If not test it out, there are links to where you can download it and learn more about all the configuration options it has.

Bill Keys
Mar 14, 2008

Linux Network Security - Page 19

Linux Pentesting Distros: An Essential Tool for Strengthening Network Security

Enhancing Network Security with Linux Proxy Servers

OPNsense 24.7 'Thriving Tiger': Elevating Open-Source Network Security and Performance