Linux Network Security - Page 21

Discover Network Security News

Scalable Public Key Infrastructure for both OpenSWAN and OpenVPN

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

User management and the related cryptographic authentication infrastructure is a major hurdle in deploying scalable, manageable VPNs (Virtual Private Networks). After introducing VPNs and Public Key Infrastructure (PKI) and discussing some of the benefits and challenges of two popular VPN implementations, we'll document how to build a scalable PKI to simplify VPN authentication management. Read on for an interesting account on how to setup your secure VPN, including common pitfalls, gotchas, and example configurations. Let us know any tips you would give sysadmins in setting up OpenSWAN and OpenVPN!

Brittany Day
Nov 19, 2007

With Web 2.0, a New Breed of Malware Evolves

San Francisco - Web 2.0 technologies may be laying the groundwork for a new generation of hacker tools, a noted security researcher said Wednesday. Google Mashups, RSS feeds, search, all of these can be misused by hackers to distribute malware, attack Web surfers and communicate with botnets, said Petko Petkov, a security researcher speaking at the Open Web Application Security Project (OWASP) U.S. 2007 conference, held on eBay's campus We all know that Web 2.0 gives the security community a challenge but what can we do? Do the old security practices of strong firewall, validating input, etc continue to protect web servers in this age of web 2.0 or do we need to research new ways of protection?

Bill Keys
Nov 15, 2007

Firefox Security Flaw Affecting Gmail's Users

Last week, security companies around the world spotted a new vulnerability in Mozilla Firefox which could allow the attackers to use a malicious JAR file to harm users' computers. The security flaw is still there and moreover, it seems it affects most websites on the Internet including the super search giant Google. This article talks about a Firefox add-on called NoScript to help avoid this attack. Have you ever used this extension? Also which software do you think will be first to release a patch preventing this attack?

Bill Keys
Nov 12, 2007

Chrooted SSH/SFTP On Fedora 7

This document describes how to set up a chrooted SSH/SFTP environment on Fedora 7. The chrooted users will be jailed in a specific directory where they can't break out. They will be able to access their jail via SSH and SFTP. Do feel using a chroot environment helps in protecting your Linux box? It can protect your system by having chrooted users unable to effect anything thing else expect for their own environment. Have you used chroot for security, if so do you use it every time you add a new user?

Bill Keys
Nov 07, 2007

Secure DNS? Not Just Yet

In fact, there are a number of ways DNS can be subverted to provide bogus information. An attacker could gain access to the DNS server and change records or use one of the many publicly available tools to forge a response. He could insert bogus information into a DNS cache or add false information to your computer's host name table, as we've seen with numerous worms and Trojans. Many of these attacks are difficult to pull off, and they're often short-lived and relatively easy to detect and correct. Still, while they last, damage can be done. How can you make sure that the domain name you entered into your browser is leading you to the right place? There are some Firefox extensions that can make you aware of these fake sites. Do you use any of them?

Bill Keys
Oct 30, 2007

Analyse Linux Networks Through the Ethereal World of Wireshark

Previously, we

Bill Keys
Oct 29, 2007

IPSec vs. SSL VPNs

When IP VPNs came on the scene in the late 1990s IPSec quickly established itself as the standard to provide secure network-layer connectivity over insecure IP networks, typically the Internet. The article brings up an interesting point about the increased complexity that comes along with many IPSec connections - the more people who wish to establish these VPNs, the more cumbersome it gets due to maintenance and installation procedures. System administrators may be interested in finding out how SSL VPNs are on the rise and can provide an alternative to repeated setups.

Brittany Day
Oct 26, 2007

Mozilla rushes to fix regression bugs in Firefox

Mozilla Corp. will rush another version of Firefox to users as early as next week, the company's user interface designer said Tuesday, to fix five bugs it introduced in last Wednesday's security update. Firefox 2.0.0.8 patched ten vulnerabilities, including three critical flaws, but also shipped with five regression bugs -- problems unintentionally introduced when code was changed to plug other holes. What do you think about the amount of Firefox security flaws being found. One thing is true is that they are taking the time to fix them and release patches as fast as possible to the end users.

Bill Keys
Oct 25, 2007

Restricting Zone Transfers With IP Addresses in BIND DNS Server

One of the simplest ways to defend is limit zone transfers between nameservers by defining ACL. I see many admin allows BIND to transfer zones in bulk outside their network or organization. There is no need to do this. Remember you don

Brittany Day
Oct 16, 2007

NAC: Stand-Alone Appliances vs. Built Into the Infrastructure

The true question becomes, what kind of NAC should you invest in now that will provide sustaining value to your enterprise for years to come? In reality, the answer probably has more to do with the capabilities of the NAC system than its form factor. We'll first talk about which form makes sense in which deployments and then talk about the sustainable feature set. Read on for an interesting article on what to consider when applying NAC to your network infrastructure. Do you have any tips for helping someone implement a system that not only solves your NAC problems, but leaves it extensible enough in the future for any changes?

Brittany Day
Oct 15, 2007

Secure Remote Access to Your Desktop

Accessing your home server safely can be problematic, especially if you don't have a fixed IP address, but with Linux, DynDNS, PAM, and NX Free you can create a safe remote access path to your machine. Have you ever found your self needing to access your home computer while traveling? One thing you should think about is how can I do this securely? This article talks about some tips on how you can security have remote access to your home computer.

Bill Keys
Oct 08, 2007

Linux Phishing Botnet Statistics can be Deceptive

The Register reports today that eBay

Bill Keys
Oct 05, 2007

Top 14 VoIP Vulnerabilities

How are VoIP networks weak and vulnerable to attack and catastrophic failure? Securing VoIP Networks, the new book by Peter Thermos and Ari Takanen, looks at VoIP infrastructure and analyzes its vulnerabilities much as the Open Web Application Security Project did for Web-related vulnerabilities and Mitre did with its Common Weakness Enumeration dictionary for software. And it

Bill Keys
Oct 02, 2007

Preventing Brute Force Attacks With BlockHosts

In this article I will show how to install and configure BlockHosts on a Debian Etch system. BlockHosts is a Python tool that observes login attempts to various services, e.g. SSH, FTP, etc., and if it finds failed login attempts again and again from the same IP address or host, it stops further login attempts from that IP address/host. By default, BlockHosts supports services that use TCP_WRAPPERS, such as SSH, i.e. services, that use /etc/hosts.allow or /etc/hosts.deny, but it can also block other services using iproute or iptables. What do you think about software like BlockHosts? If users have strong passwords then software like BlockHosts will not be useful. Personal I don't like having my firewall change depending on if a script kiddie is trying a brute force attack on my network.

Bill Keys
Oct 01, 2007

Firefox 3.0 Alpha Blocks Malware, Secures Plug-in Updates

The malware blocker, which was first mocked up in June, will block Web sites thought to contain malicious downloads. The feature, a companion to the phishing site alert system in the current Firefox 2.0, will use information provided by Google Inc. to flag potentially-dangerous sites, warn anyone trying to reach those URLs with Firefox and automatically block access to the site. Have you tested out Firefox 3.0 Alpha 8? The ability to alert a users of a possible malware sites is an important security feature. I am interested in how this add-on works. Will there be any performance lose in using it extension?

Bill Keys
Sep 25, 2007

Virus Protection With F-PROT Antivirus On Ubuntu Feisty Fawn

This tutorial shows how you can install and use F-PROT Antivirus on an Ubuntu Feisty Fawn desktop. Although there aren't many Linux viruses out there, this can be useful if you often exchange files with Windows users - it can help you to not pass on any Windows viruses (that don't do any harm to Linux systems) to Windows users. F-PROT Antivirus for Linux is free for home use. This was the first time I have heard of F-PROT Antivirus. Personal I don't use any virus scanners on my Linux machines, but I happy to see that they are out there. Do you use any antivirus software on your Linux box?

Bill Keys
Sep 24, 2007

Firefox 3 Secures Extensions

Those same extensions that add power to Firefox, generally speaking, could arguably represent a security risk as well. It's a security gap that Mozilla is now plugging with its Alpha 8 development release of its next generation Firefox 3 browser. The new security extensions are designed to make getting updates more secure by using SSL. Firefox have been struggling to keep their browser secure as of late. Do you think Firefox 3 will be more secure then the current release? One thing is for sure, is the developers are taking security more seriously.

Bill Keys
Sep 21, 2007

10 tips for Securing Apache

Even with Apache's focus on producing a secure product, the Web server can still be vulnerable to any number of attacks if you fail to take some security precautions as you build your server. In this article, Scott Lowe provides you with 10 tips that will help you keep your Apache Web server protected from predators. Any tips on how to make Apache more secure I am always interested in reading. Even having the correct permissions to web files helps protects the web server. This article talks about many other tips but what do you do to secure Apache?

Bill Keys
Sep 19, 2007

Virus Protection With AVG Antivirus On Ubuntu

This tutorial shows how you can install and use AVG Antivirus on an Ubuntu Feisty Fawn desktop. Although there aren't many Linux viruses out there, this can be useful if you often exchange files with Windows users - it can help you to not pass on any Windows viruses (that don't do any harm to Linux systems) to Windows users. When I think about virus scanning for desktops I think about a windows machine not a Linux machine. But as Linux and particularly Ubunutu becomes increasingly more popular so too we will see more viruses targeting Linux. However it's good to know that we have opensource virus scanners that we can use. Do you use a virus scanner on your Linux machine?

Bill Keys
Sep 14, 2007

Nmap explained from an Ethical Hacker's View

Nmap (Network MAPper) is a network scanner written by Gordon Lyon. It is a free and open source tool and is available at insecure.org with versions for Windows and Linux and is ubiquitous in its use. Nmap can be (and is) used to for instance, scan for open ports on a remote server, to detect the OS run on the server, what all services are running on the remote server and so on. In the hands of a ethical hacker Nmap can be used for helping to audit a network but it's also used by attackers. So this brings up the question is software like Nmap ethical?

Bill Keys
Sep 04, 2007

Linux Network Security - Page 21

Harnessing Proxies for Enhanced Threat Intelligence: A Guide with Open Source Tools

Understanding HTTP Proxy Servers: A Vital Linux Network Security Tool

Exploring Vulnerability Scanners: Tools & Strategies for a Secure Network