Maintaining robust network defenses requires a proactive approach to keep pace with today's rapidly evolving network security threats. One crucial element of an effective network security strategy is penetration testing, or staged attacks in network ...
"ModSecurity is an Apache module that provides intrusion detection and prevention for web applications." It's not just for Debian and any Apache server can use this apache module. The goals of this module is to help protect web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. It's a very useful tool because web server are very visible to the outside world. Why not take a look at this module? It's easy to install with the help of this article.
Have you heard about IPfirewall? One service that should be protected by a firewall is a web server. "You do not need to compile IPFW into the FreeBSD kernel unless you want NAT function enabled. " So it's not very hard to set up a FreeBSD firewall and with this articles user's should have a more secure operating system.
"Selenium tests run directly in a browser, just as real users do.". How well does software do at auditing Web application for security vulnerabilities? Most times the only way to check for some security flaws is to look at the source code. I wonder if these types of software report back with lots of false-negatives for the developers to sort through.
"SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC." Thanks to WIFI networks it take a little more to secure your VPN. Mutual authentication can help by validating a user to a site and the site is validated to the user. Why do this? Because this will protect against the man-in-the-middle attack. Is is the only way or is there other ways like using a LDAP server to preform the same thing.
"Malware is used for a harmful purpose. " Spreading malware via email is a very common practice by attackers. On the Internet there are free Malware blacklist available. How can we make sure that these free blacklist will not block our personal emails? I feel the risk of getting malware is greater then the risk of having a few of my personal emails getting blocked.
Firefox has been hit hard with security vulnerabilities in the past few months. "I would also point out that there is a fairly sizable security concern that may be addressed, as effectively as some security experts might like. It's called the Firefox extension. ". Should we all just stop using any extensions? Or should we just check any extension updates before we install them. After reading this article the next time I download a update on Firefox I will think twice before preceding to install it.
If you think that Snort is not worth the time to learn and setup; this article will change your mind. "Snort is, by far, the gold standard among open source NIDS systems, with over 100,000 users and 3 million downloads to date." With the help of the Snort's website which, contains a wealth of documentation any Linux user should be able to setup Snort quickly.
I run a Postfix-based mail server that services a few hundred users with an average load of a couple of thousand legitimate messages a day -- but thanks to spam, the actual load on the server is much higher. I use Realtime Blackhole Lists (RBL) and Distributed Checksum Clearinghouse (DCC) clients on Postfix and SpamAssassin to reduce the impact of spam.
A few years ago, when we spoke of network intrusion security systems, we spoke of IDS (Intrusion Detection System) appliances. Recently, as the emphasis has shifted from detection to prevention, IDS has become IPS (Intrusion Prevention Systems).
The compelling force behind this change is the same one that has thrust an open source software company named SourceFire to the front of the Network Intrusion Prevention System Appliances market sector; that is, a fast changing threat environment.
The Mozilla Foundation said last week it has patched several serious security flaws in the popular Firefox browser, bugs that also affect the SeaMonkey browser and the Thunderbird e-mail application.
The bugs could allow an attacker to take over a system, as well as less serious exploits such as spoofing or security bypass, Mozilla said.
This is a short run down of the two popular security protocols of the Internet. Some familiarity with the basics is assumed. In short, SSL requires applications to be modified as it operates above the TCP layer and this happens in user space in linux and other OSes. Whereas IPsec works seamlessly no matter what application and what protocol the application uses. ICMP traffic, UDP traffic and TCP all are protected by IPsec without the user or application developer worrying about it.
OpenSSH is a good stout application; it's battle-tested and reliable. You can lock it down even further with a few simple tweaks. Best of all, these cause little or no inconvenience after they are set up. The first thing you should do is create some access controls that allow only authorized users to login.
File Transfer Protocol (FTP) was once the most widely used protocol for transferring files between computers. However, because FTP sends authentication information and file contents over the wire unencrypted, it's not a secure way to communicate. Secure Copy (SCP) and the more robust SSH File Transfer Protocol (SFTP) address this security concern by providing data transfer over a fully encrypted channel. You can use these alternatives for transferring files securely over the Internet or any other untrusted network.
Well first off this will only stop http or connect floods if you are having a real ddos problem you should be on a protected network otherwise there isnt much you can do server level if the attacks are pretty big. Using this method in combination with a protected network is the best way to go if you are having dos problems or host sites that do.
After setting up your kid's college PC, your home network, or your
company's email server, it's customary to breathe a sigh of relief.
'Done!', you may think. However, we must be reminded that security is an
ongoing process. This is your friendly reminder.
Linux has come a long way in recent years and because of that increasing
exposure, we are in the spotlight of not only the public's eye but also
the crosshairs of anonymous attackers scouring the internet. Take a little
time out of the day to go over your logs, check your firewalls, and run a
packet sniffer once in a while to get a feel of whats going in and out of
your network. Once you're done with that, breathe a sigh of relief - and
then do it all over again.
A flaw in the design of a popular peer-to-peer network software has given attackers the ability to create massive denial-of-service attacks that can easily overwhelm corporate Web sites, a security firm warned last week. Over the past three months, more than 40 companies have endured attacks emanating from hundreds of thousands of Internet protocol addresses (IPs), with many of the attacks producing more than a gigabit of junk data every second, according to security solutions provider Prolexic Technologies. The sheer number of Internet addresses has caused problems for routers and firewalls, burying solutions that rely on some form of blacklisting, said Paul Sop, chief technology officer for the firm.
Practically all UNIX-based servers run a SSH server to allow remote administration across the Internet. From time to time, you might notice a large number of failed login attempts. Often, these are brute-force attacks against your SSH server
In this hack, we
Over the 5 year lifetime of the IrishHoneynet, we have witnessed hundreds of thousands of scans, probes and attacks against the servers that comprise the network. Our estimation is that given an average of 3,000 attack attempts a week, each server has seen more than 700,000 compromise attempts over the 5 years. Taken at face value, this is a remarkable figure.
Snort creator Sourcefire and Insecure.Org, the creator of the Nmap Security Scanner will jointly develop open source vulnerability scanning technology based on the general purpose Nmap Scripting Engine embedded within the popular Nmap network discovery tool. Under the agreement, Insecure.Org will develop the engine while the Sourcefire Vulnerability Research Team will develop and contribute plug-ins for discovering specific vulnerabilities.
If you haven't already, you can download a copy of the WiKID open-source token client. The first time you launch the token client, you need to create a passphrase. Once started, select Actions and Create New Domain