Linux Network Security - Page 31

Linux Pentesting Distros: An Essential Tool for Strengthening Network Security

Maintaining robust network defenses requires a proactive approach to keep pace with today's rapidly evolving network security threats. One crucial element of an effective network security strategy is penetration testing, or staged attacks in network ...
Oct 10, 2024
  0

Enhancing Network Security with Linux Proxy Servers

Network security is of utmost importance for organizati...
Sep 30, 2024
  0
4.Lock AbstractDigital Esm H115

OPNsense 24.7 'Thriving Tiger': Elevating Open-Source Network Security and Performance

OPNsense 24.7 'Thriving Tiger" marks an impressive...
Jul 29, 2024
  0
18.WifiCutout Landscape Esm H115

Discover Network Security News

Password Hell (Part 1): The IT Chiefs Nightmare

Password Hell (Part 1): The IT Chief's Nightmare

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The perennial problem of password management is still proving a major headache for end users and the problems are only getting more complex - especially as companies start to weigh up the pros and cons of updating systems to work with newer forms of authentication. Phil Young, head of IT operations, Amtrak Express Parcels, told silicon.com password management remains a "nightmare" issue for many businesses. And he said it's "a very big issue and becoming bigger by the year", branding human-error activities such as writing down passwords as "a recipe for disaster".

Highly Critical RealVNC Flaw Fixed

Highly Critical RealVNC Flaw Fixed

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A "highly critical" flaw in RealVNC's virtual network computing software could allow malicious hackers to access a remote system without a password, according to a published advisory. RealVNC, the Cambridge, U.K.-based company that invented the open-source software, has acknowledged the flaw and posted patches for all affected versions.

Webroot Uncovers Thousands of Stolen Identities

Webroot Uncovers Thousands of Stolen Identities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Spyware researchers at Webroot Software. have uncovered a stash of tens of thousands of stolen identities from 125 countries that they believe were collected by a new variant of a Trojan horse program the company is calling Trojan-Phisher-Rebery. The FBI is investigating the stolen information, which was discovered on a password-protected FTP (File Transfer Protocol) server in the U.S. and is believed to be connected to a Trojan horse that is installed from the Web site teens7(dot)com. The information, organized by country, includes names, phone numbers, social security numbers, and user log-ins and passwords for tens of thousands of Web sites, according to information provided to InfoWorld by Webroot.

Bot Software Looks To Improve Peerage

Bot Software Looks To Improve Peerage

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The worm, dubbed Nugache and classified also as bot software, attempts to infect systems through e-mail, America Online's instant messaging network, and network shares on vulnerable computers. Once it compromises a computer, the program uses a seed list of 22 different Internet addresses to establish connections to other victims' computers in a peer-to-peer network. The program appears to encrypt--or at least obfuscate--the data it sends to other servers, possibly making it harder for intrusion detection systems (IDSs) to detect the program, according to an analysis posted to a security mailing list by university network administrator Brian Eckman. "The 'bot'--for lack of a better term--does not use DNS (the domain name system) to find any (command and control network); it also does not use any human readable string in its communication," Eckman, a security analyst at the University of Minnesota, wrote in his analysis. "Therefore, many IDS measures will not help you detect infected hosts on your network."

An Overview of Remote Access Technologies

An Overview of Remote Access Technologies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Remote Authentication Dial-In User Service (RADIUS) provides authentication to clients that connect to a remote access server by using a SLIP or PPP dialup connection and an authentication protocol such as PAP, CHAP, or EAP. It allows a Network Access Server (NAS), which can be a remote access server, router, or wireless access point for example, to delegate the task of authenticating clients to a centralized RADIUS server. When a user dials in to a remote access server, the remote access server acts as a RADIUS client and forwards the access request to the RADIUS server.

Vulnerability Issues in Implementations of the DNS Protocol

Vulnerability Issues in Implementations of the DNS Protocol

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The vulnerabilities described in this advisory affect implementations of the Domain Name System (DNS) protocol. Many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all. If exploited, these vulnerabilities could cause a variety of outcomes including, for example, a Denial-of-Service (DoS) condition. In most cases, they can expose memory corruption, stack corruption or other types of fatal error conditions. Some of these conditions may expose the protocol to typical buffer overflow exploits, allowing arbitrary code to execute or the system to be modified.

DNS cache poisoning again!

DNS cache poisoning again!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For background you may wish to review this report and this issue about BIND 4 or 8 not being suitable as forwarders. Next, a request. PLEASE review your dns servers logs and cache for 65.23.154.2 If you find it listed as authoritative for .com please send us an email with a dump of the dns cache. Directions for dumping, cleaning and protecting your cache are available in the write-up above.

Can You Spoof IP Packets?

Can You Spoof IP Packets?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Spoofed IP packets are still believed to be a significant problem for the Internet. But are they? The Spoofer Project is attempting to measure the problem. Apparently, 80% of the IP addresses measured no longer support spoofing! Their methodology is simple: have users download a client which attempts to spoof packets to the monitor. Using these packets, they can determine the filter rules.

As the Bot Turns

As the Bot Turns

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The below was sent to us as well as some of the ISACs around the net tonight. As there is quite a bit of information being conveyed by the author, I am going to leave the majority of the advisory as originally written. I will note that this started with a click happy user on AIM to the best of our knowledge. A bot was seen spreading via AOL Instant Messenger (AIM) earlier today that appears to be using "encrypted"[1] peer-to-peer (P2P - possibly Waste?) as the Command and Control (C&C) mechanism. The bots communicate with each other via port 8/TCP.

A Survey of DNS Security: Most Vulnerable and Valuable Assets

A Survey of DNS Security: Most Vulnerable and Valuable Assets

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

We collected 593160 unique webserver names from the Yahoo! and DMOZ.org web directories. Since the names were extracted from web directories instead of being generated automatically, they have been filtered through a preliminary level of human scrutiny. Though it is clear that the level of scrutiny is not extremely high (i.e. there are some spam hostnames in the survey), we believe that these names are representative of the sites people actually care about. We then queried the legacy DNS for these names and recorded the chain of nameservers that are involved in their resolution. We thus obtained a snapshot of the dependencies in the DNS system. A total of 166771 nameservers were discovered in this process. The survey was performed on July 22, 2004.

DNS Amplification Attacks

DNS Amplification Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This paper outlines a Distributed Denial of Service (DDoS) attack which abuses open recursive Domain Name System (DNS) name servers using spoofed UDP packets. Our study is based on packet captures and logs from attacks reported to have a volume of 2.8Gbps. We study this data in order to further understand the basics of the reported recursive name server amplification attacks which are also known as DNS amplification or DNS reflector attacks. One of the networks under attack, Sharktech, indicated some attacks have reached as high as 10Gbps and used as many as 140,000 exploited name servers. In addition to the increase in the response packet size, the large UDP packets create IP protocol fragments. Several other responses also contribute to the overall effectiveness of these attacks.

Top 15 Security/Hacking Tools & Utilities

Top 15 Security/Hacking Tools & Utilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

IM me a strike order

"IM me" a strike order

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Flexible military communications have always been of great importance, and flexibility here stands for securely communicating over insecure channels -- IP based communications. While you might have not heard of Bantu before, to me their real-time network for interagency communication sounds more like a security through obscurity approach -- temporary gain and possible long term disaster.

Disturbing developments in DDoS attacks

Disturbing developments in DDoS attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Traditional DDoS of course is when an attacker uses thousands of centrally controlled zombie machines to direct millions of packets at a single destination. Most web servers shrivel up and die when subjected to that much attention. According to Barrett even the upstream infrastructure cannot withstand some of these attacks. The firewalls, routers, sometimes even the ISP go off line. A recent new technique is for the zombies to all perform DNS look-ups causing a failure of the DNS server for the target to die, effectively taking down a site without even hitting it directly.

Build Effective Security Awareness Program

Build Effective Security Awareness Program

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

You've developed a world class security program. Your technology-based defenses are cutting edge. Your security team is well trained and ready to handle anything that comes its way. So you’re done, right? Not quite. One of the most important pieces of an effective information asset defense is missing – employee awareness.

The Enemy Inside

The Enemy Inside

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For many years external security threats received more attention than internal security threats, but the focus has changed. While viruses, worms, Trojans and DoS are serious, attacks perpetrated by people with trusted insider status—employees, ex-employees, contractors and business partners—pose a far greater threat to organizations in terms of potential cost per occurrence and total potential cost than attacks mounted from outside. The reason insider attacks "hurt" disproportionately is that insiders can and will take advantage of two important rights: trust and physical access.

Hacking Network Printers

Hacking Network Printers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Hack a printer you say, what kind of toner have you been smoking, Irongeek? Well, I'm here to tell you, there’s more that can be done with a printer to compromise network security than one might realize. In the olden days a printer may not have been much of a concern other than the threat from folks dumpster diving for hard copies of the documents that were printed from it, but many modern printers come network aware with embedded Operating Systems, storage and full IP stacks. This article will attempt to point out some of the more interesting things that can be done with a network based printer to make it reveal information about its users, owners and the network it's part of.

DNS Cache Poisoning - The Next Generation

DNS Cache Poisoning - The Next Generation

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The old problem of DNS cache poisoning has again reared its ugly head. While some would argue that the domain name system protocol is inherently vulnerable to this style of attack due to the weakness of 16-bit transaction IDs, we cannot ignore the immediate threat while waiting for something better to come along. There are new attacks, which make DNS cache poisoning trivial to execute against a large number of nameservers running today. The purpose of this article is to shed light on these new attacks and recommend ways to defend against them.

Security problems in Cisco devices

Security problems in Cisco devices

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Cisco has published two security advisories to warn of problems in several of its devices. Products affected are Cisco ONS 15000 Series Common Control Cards, Cisco Transport Controller (CTC) and Cisco 11500 Content Services Switch.

Intro Build your own gateway firewall

Intro Build your own gateway firewall

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Learn how to build your own gateway firewall using FreeBSD and old PC parts. The firewall will consist of the PF firewall, Snort IDS, various IPS applications, Squid proxy, and some intuitive web interfaces for auditing. The cost of this project should be between free and $200 depending on your resourcefulness. I built mine for free using spare parts that were stockpiled in personal storage and parts that the USMC was throwing away, but you can build one from used and/or new parts for dirt cheap.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved