Linux Network Security - Page 24

Discover Network Security News

Is Penetration Testing Worth it?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There are security experts who insist penetration testing is essential for network security, and you have no hope of being secure unless you do it regularly. And there are contrarian security experts who tell you penetration testing is a waste of time; you might as well throw your money away. Both of these views are wrong. The reality of penetration testing is more complicated and nuanced.

Bill Keys
May 16, 2007

Battle of the Botnets

For the average user spam has always been an annoyance. For the average spammer it has always been about making money. For the criminal gangs that have muscled in on this lucrative industry during the last few years it is now about territory and control. Control, that is, of the botnets behind the malware distribution networks that they rent out to the spamming middle men to enable them to ply their trade in relative safety from the crippled arm of the law.

Bill Keys
May 14, 2007

Fault-tolerant Web hosting on a shoestring

The words "fault-tolerant Web hosting" bring to mind hosting centers with multiple redundant power supplies, complex networking, and big bills. However, by taking advantage of the underlying fault-tolerance of the Internet, you can get a surprising level of reliability for little cost.

Anthony Pell
May 11, 2007

Experts Scramble to Quash IPv6 Flaw

This week, experts sent two drafts to the Internet Engineering Task Force (IETF)the technical standards-setting body for the Internet proposing different ways of fixing a problem in the way that Internet Protocol version 6 (IPv6) allows the source of network data to determine its path through the network. The drafts recommend that the IPv6 feature should either be eliminated or, at the very least, disabled by default.

Bill Keys
May 10, 2007

Five Security Flaws in IPv6

Ready or not, IPv6 is finally visible on the horizon... And researchers are already finding major security problems with it. IPv6, which is supported in some of the latest OSes and network devices, is all about end-to-end, or peer-to-peer communications. Aside from offering more address space than its IPv4 predecessor which has made it immediately popular in some parts of the world it offers a redesigned IP packet format that simplifies route processing, making it ideal for applications such as voice over IP or instant messaging.

Bill Keys
May 09, 2007

A Keyhole For Your System's Back Door

While a properly set up SSH service can give you secure remote access to a server, you might not like the idea of having an SSH server always running on your machine. Secure Back Door (SBD) can open an encrypted connection to your system, allowing you to remotely execute any operating system commands for example start your SSH or Web server or reboot the server.

Bill Keys
May 09, 2007

Response: Do We Really Need a Security Industry?

In Do We Really Need a Security Industry? Bruce Schneier writes: The primary reason the IT security industry exists is because IT products and services aren't naturally secure. If computers were already secure against viruses, there wouldn't be any need for antivirus products. If bad network traffic couldn't be used to attack computers, no one would bother buying a firewall. If there were no more buffer overflows, no one would have to buy products to protect against their effects. If the IT products we purchased were secure out of the box, we wouldn't have to spend billions every year making them secure.

Brittany Day
May 04, 2007

When Signature Based Antivirus Isn't Enough

Endpoint security is changing at a breathtaking pace. For more than a decade, signature-based antivirus was sufficient for most companies. A couple of years ago, spyware emerged as a business-level threat, and pure-play companies like Webfoot and PestPatrol (now CA) scrambled to bring centrally managed products to market, while traditional antivirus vendors played catch-up. That was just the start of the endpoint security revolution. While, spyware was initially considered more of a production and help desk issue than a security concern, the criminal world has turned the threat environment on its ear.

Bill Keys
May 03, 2007

Student evades Cisco NAC; gets suspended

A default setting in Cisco NAC gear allowed a University of Portland student to dodge a security scan by Cisco

Brittany Day
May 02, 2007

No pay off in extortion attacks?

Denial-of-service attacks against online service providers have declined, suggesting that extortion attacks don't pay, a security engineer at Symantec stated in the company's blog on Thursday.

Brittany Day
May 01, 2007

Taking Botnets Down

For many years, malware authors have been using the web to assemble infected computers into botnets (networks of malware compromised machines), and security professionals and law enforcement systematically work to take these botnets down. Malware authors have clear objectives: stealing personal information, sending spam, conducting distributed denial of service (DDoS) attacks and other such criminal activity for profit.

Bill Keys
May 01, 2007

Vendors Crank Up Email Security

As users look to lock down crucial email and messaging and avoid embarrassing snafus, security vendors are cranking up their efforts to please. Today, for instance, email security specialist Forensic Compliance Solutions (FCS) signed a deal with Canton, Mass.-based Network Engines to manufacture archiving devices for users scrambling to overhaul their email strategies. (See FCS, Network Engines Team.)

Bill Keys
Apr 25, 2007

Bug Hunter Targets Routers, Other Gadgets

Barnaby Jack, a Juniper Networks security researcher, gave a tutorial at the CanSecWest conference here on how bug hunters can find exploitable vulnerabilities in such devices and demonstrated an attack on a D-Link router using a yet-to-be-patched hole. "Security flaws are abundant on these devices," Jack said. "Security needs to reach further than a home PC. Insecure devices pose a threat to the entire network. Hardware vendors must take security into consideration."

Bill Keys
Apr 20, 2007

Botnets Battle Over Turf

Aside from the distributed denial-of-service (DDOS) attacks they launch against one another to disrupt their operations (like the recent DDOS battles between the Storm and Stration botnets), they also are constantly trying to hijack bots from one another. "Stealing is easier than building [out] one," says Danny McPherson, chief research officer for Arbor Networks, who tracks botnet activity.

Bill Keys
Apr 19, 2007

The Changing Security Threat of Email Attacks

Email threats have evolved from the basic mass-mailing viruses and worms of yesteryear into the advanced image-based phishing and rootkit attacks that are wreaking havoc in today's enterprise environment.

Bill Keys
Apr 18, 2007

Security Remains a Challenge for Browser Developers

Some of the leading names in the browser market took to the stage at the Web 2.0 conference here on April 16 to give an update on the state of that technology, and all agreed that security was one of the biggest challenges facing the industry. The panelists, who were tasked with addressing the topic titled "The Arrival of Web 2.0: The State of the Union on Browser Technology," hailed from the open-source community all the way to the most proprietary of companies, Microsoft, and those in between.

Bill Keys
Apr 18, 2007

The Rise of SSL VPNs

The growth of Secure Sockets Layer virtual private networks (SSL VPNs) has accelerated in the last 12 months due to greater awareness among users of the commercial advantages, better marketing which focuses on benefits rather than technology, and improved security features.

Bill Keys
Apr 09, 2007

Bad Web Habits Risk Our Security

Security experts have blamed the continued prevalance of older viruses such as the Netsky and Mytob worms on people's bad habits. Attackers are abandoning traditional methods of sending malware via email, as they are too easy for virus scanners to spot. Instead, they are opting to include links in emails that direct recipients to infected web pages.

Bill Keys
Apr 04, 2007

Risky E-mail Use: What Government and Corporate users need to know

Whether it's government officials or company employees, e-mail users who send messages outside their official networks could be putting their organizations at risk for legal action, regulatory compliance problems, intellectual property thefts and more.

Bill Keys
Apr 03, 2007

IAB Chair Mulls DNS Security

IAB chair Olaf Kolkman says DNSSEC isn

Bill Keys
Mar 29, 2007

Linux Network Security - Page 24

Linux Pentesting Distros: An Essential Tool for Strengthening Network Security

Enhancing Network Security with Linux Proxy Servers

OPNsense 24.7 'Thriving Tiger': Elevating Open-Source Network Security and Performance