Linux Network Security - Page 23

Discover Network Security News

ModSecurity2 On Debian Etch

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"ModSecurity is an Apache module that provides intrusion detection and prevention for web applications." It's not just for Debian and any Apache server can use this apache module. The goals of this module is to help protect web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. It's a very useful tool because web server are very visible to the outside world. Why not take a look at this module? It's easy to install with the help of this article.

Bill Keys
Jul 09, 2007

FreeBSD Setting up Firewall using IPFW

Have you heard about IPfirewall? One service that should be protected by a firewall is a web server. "You do not need to compile IPFW into the FreeBSD kernel unless you want NAT function enabled. " So it's not very hard to set up a FreeBSD firewall and with this articles user's should have a more secure operating system.

Bill Keys
Jul 05, 2007

JavaScript Web Application Security Testing Tool

"Selenium tests run directly in a browser, just as real users do.". How well does software do at auditing Web application for security vulnerabilities? Most times the only way to check for some security flaws is to look at the source code. I wonder if these types of software report back with lots of false-negatives for the developers to sort through.

Bill Keys
Jul 03, 2007

Securing an SSL VPN with one-time Passcodes and Mutual Authentication

"SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC." Thanks to WIFI networks it take a little more to secure your VPN. Mutual authentication can help by validating a user to a site and the site is validated to the user. Why do this? Because this will protect against the man-in-the-middle attack. Is is the only way or is there other ways like using a LDAP server to preform the same thing.

Bill Keys
Jul 02, 2007

Postfix Mail Server Block Malware With Blacklist

"Malware is used for a harmful purpose. " Spreading malware via email is a very common practice by attackers. On the Internet there are free Malware blacklist available. How can we make sure that these free blacklist will not block our personal emails? I feel the risk of getting malware is greater then the risk of having a few of my personal emails getting blocked.

Bill Keys
Jun 28, 2007

Firefox Extensions Waiting to Be Exploited

Firefox has been hit hard with security vulnerabilities in the past few months. "I would also point out that there is a fairly sizable security concern that may be addressed, as effectively as some security experts might like. It's called the Firefox extension. ". Should we all just stop using any extensions? Or should we just check any extension updates before we install them. After reading this article the next time I download a update on Firefox I will think twice before preceding to install it.

Bill Keys
Jun 21, 2007

Take a Look at Snort; Your Computer Will Thank You

If you think that Snort is not worth the time to learn and setup; this article will change your mind. "Snort is, by far, the gold standard among open source NIDS systems, with over 100,000 users and 3 million downloads to date." With the help of the Snort's website which, contains a wealth of documentation any Linux user should be able to setup Snort quickly.

Bill Keys
Jun 20, 2007

Using RBL and DCC for Spam Protection

I run a Postfix-based mail server that services a few hundred users with an average load of a couple of thousand legitimate messages a day -- but thanks to spam, the actual load on the server is much higher. I use Realtime Blackhole Lists (RBL) and Distributed Checksum Clearinghouse (DCC) clients on Postfix and SpamAssassin to reduce the impact of spam.

Bill Keys
Jun 16, 2007

Snort: Open Source Network Intrusion Prevention

A few years ago, when we spoke of network intrusion security systems, we spoke of IDS (Intrusion Detection System) appliances. Recently, as the emphasis has shifted from detection to prevention, IDS has become IPS (Intrusion Prevention Systems). The compelling force behind this change is the same one that has thrust an open source software company named SourceFire to the front of the Network Intrusion Prevention System Appliances market sector; that is, a fast changing threat environment.

Bill Keys
Jun 13, 2007

Firefox Flaws Raise Mozilla Security Doubts

The Mozilla Foundation said last week it has patched several serious security flaws in the popular Firefox browser, bugs that also affect the SeaMonkey browser and the Thunderbird e-mail application. The bugs could allow an attacker to take over a system, as well as less serious exploits such as spoofing or security bypass, Mozilla said.

Bill Keys
Jun 12, 2007

SSL and IPsec - An Overview

This is a short run down of the two popular security protocols of the Internet. Some familiarity with the basics is assumed. In short, SSL requires applications to be modified as it operates above the TCP layer and this happens in user space in linux and other OSes. Whereas IPsec works seamlessly no matter what application and what protocol the application uses. ICMP traffic, UDP traffic and TCP all are protected by IPsec without the user or application developer worrying about it.

Bill Keys
Jun 08, 2007

Armor SSH and Block Brute Force Attacks

OpenSSH is a good stout application; it's battle-tested and reliable. You can lock it down even further with a few simple tweaks. Best of all, these cause little or no inconvenience after they are set up. The first thing you should do is create some access controls that allow only authorized users to login.

Bill Keys
Jun 05, 2007

Transfer Files Securely With SFTP

File Transfer Protocol (FTP) was once the most widely used protocol for transferring files between computers. However, because FTP sends authentication information and file contents over the wire unencrypted, it's not a secure way to communicate. Secure Copy (SCP) and the more robust SSH File Transfer Protocol (SFTP) address this security concern by providing data transfer over a fully encrypted channel. You can use these alternatives for transferring files securely over the Internet or any other untrusted network.

Bill Keys
Jun 04, 2007

Quick way to stop apache and connect floods with csf

Well first off this will only stop http or connect floods if you are having a real ddos problem you should be on a protected network otherwise there isnt much you can do server level if the attacks are pretty big. Using this method in combination with a protected network is the best way to go if you are having dos problems or host sites that do.

Benjamin D. Thomas
May 31, 2007

Symantec warns of "parasitic storage"

After setting up your kid's college PC, your home network, or your company's email server, it's customary to breathe a sigh of relief. 'Done!', you may think. However, we must be reminded that security is an ongoing process. This is your friendly reminder. Linux has come a long way in recent years and because of that increasing exposure, we are in the spotlight of not only the public's eye but also the crosshairs of anonymous attackers scouring the internet. Take a little time out of the day to go over your logs, check your firewalls, and run a packet sniffer once in a while to get a feel of whats going in and out of your network. Once you're done with that, breathe a sigh of relief - and then do it all over again.

Brittany Day
May 30, 2007

Peer-to-peer networks co-opted for DOS attacks

A flaw in the design of a popular peer-to-peer network software has given attackers the ability to create massive denial-of-service attacks that can easily overwhelm corporate Web sites, a security firm warned last week. Over the past three months, more than 40 companies have endured attacks emanating from hundreds of thousands of Internet protocol addresses (IPs), with many of the attacks producing more than a gigabit of junk data every second, according to security solutions provider Prolexic Technologies. The sheer number of Internet addresses has caused problems for routers and firewalls, burying solutions that rely on some form of blacklisting, said Paul Sop, chief technology officer for the firm.

Benjamin D. Thomas
May 29, 2007

Protecting Against SSH Brute-Force Attacks

Practically all UNIX-based servers run a SSH server to allow remote administration across the Internet. From time to time, you might notice a large number of failed login attempts. Often, these are brute-force attacks against your SSH server In this hack, we

Bill Keys
May 27, 2007

Lessons From a Honeynet That Attracted 700,000 Attacks

Over the 5 year lifetime of the IrishHoneynet, we have witnessed hundreds of thousands of scans, probes and attacks against the servers that comprise the network. Our estimation is that given an average of 3,000 attack attempts a week, each server has seen more than 700,000 compromise attempts over the 5 years. Taken at face value, this is a remarkable figure.

Bill Keys
May 25, 2007

Nmap based open source vulnerability detection

Snort creator Sourcefire and Insecure.Org, the creator of the Nmap Security Scanner will jointly develop open source vulnerability scanning technology based on the general purpose Nmap Scripting Engine embedded within the popular Nmap network discovery tool. Under the agreement, Insecure.Org will develop the engine while the Sourcefire Vulnerability Research Team will develop and contribute plug-ins for discovering specific vulnerabilities.

Anthony Pell
May 23, 2007

How to secure VNC remote access with two-factor authentication

If you haven't already, you can download a copy of the WiKID open-source token client. The first time you launch the token client, you need to create a passphrase. Once started, select Actions and Create New Domain

Benjamin D. Thomas
May 22, 2007

Linux Network Security - Page 23

Linux Pentesting Distros: An Essential Tool for Strengthening Network Security

Enhancing Network Security with Linux Proxy Servers

OPNsense 24.7 'Thriving Tiger': Elevating Open-Source Network Security and Performance