Linux Network Security - Page 44

Discover Network Security News

SSH2, Part 1: Securing Your Telnet Session

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most of the utilities we use to log into servers these days like Telnet, FTP, and Email, send the login and password text unencrypted. Anyone who can intercept your network traffic will learn your logins. And if you login as root, your system will be owned. Its bad enough if youre on a wired network, as anyone who has worked next to Kevin Rose will attest, but the risk is multiplied 1000 fold on a wireless network. And idiot can capture Wi-Fi traffic, even if WEP encryption is turned on. The only truly secure way to use Wi-Fi is to encrypt the traffic end to end using a good scheme like VPN or SSH! . . .

Anthony Pell
Jul 14, 2004

Online Crime, Compliance Issues, Worker Mobility, SOA, and Open Source Are Mega-Trends for IT Securi

Burton Group forecasts the most influential IT enterprise security trends in a recently published report: "VantagePoint 2004-2005 Information Security and Identity Management Trends." In the report, senior vice president and research director, Dan Blum reviews a number of mega-trends -- including an increase in online crime, compliance issues, worker mobility, service-oriented architecture (SOA) and open source technologies. . . .

Anthony Pell
Jul 13, 2004

Securing the Mobile Real-Time Enterprise

Mobile technologies have ushered in sweeping productivity gains at enterprises across the globe. In many cases, they have been central to the creation of the so-called "real-time enterprise." These same technologies, however, have also increased enterprises' exposure to security risks that are frequently underestimated or misunderstood. How significant is the problem? According to the U.S. Census Bureau, within three years, 40 per cent of all workers will perform a significant part of their job outside of the office. . . .

Anthony Pell
Jul 08, 2004

5 Steps to Setting Up a Wireless Network

If you're interested in setting up a wireless network at your company, this guide will walk you through the steps needed to evaluate the role wireless networking technologies might play in your company's overall networking solution, and help you understand the steps you need to take to implement the solution. . . .

Anthony Pell
Jul 08, 2004

Are You Prepared For Disaster? Is Your Data Really Protected?

Whether it be hurricane, flood, fire or simply a member of staff accidentally hitting the delete key, your company's data is constantly at risk from being permanently wiped out. Companies need to ask themselves, `Do we have the strategy in place to cope with a disaster?' . . .

Anthony Pell
Jul 07, 2004

Surviving Distributed Denial of Service Attacks

Distributed denial of service (DDoS) attacks aim to disrupt the service of information systems by overwhelming the processing capacity of systems or by flooding the network bandwidth of the targeted business. Recently, these attacks have been used to deny service to commercial web sites that rely on a constant Internet presence for their business. . . .

Anthony Pell
Jul 06, 2004

It's Getting More Dangerous Out There

The Internet became significantly more dangerous for business in the past week, as criminals spread not one, but two attacks that used the web as a platform, making web-spread attacks into a mainstream threat. . . .

Anthony Pell
Jul 05, 2004

Seven habits of highly secure companies

"If you can't afford the security, you can't afford the project," says Rosaleen Citron, CEO of Toronto-based security firm WhiteHat Inc., citing a well-known axiom in the information security industry. On the other hand, "most businesses, big or small, can't afford to defend everything," says Mary Kirwan, an independent security expert in Toronto. Indeed, they would impede their productive business activity if they tried. . . .

Anthony Pell
Jun 30, 2004

Wireless endpoint security: Tie up the loose ends

There's no doubt that wireless networks can increase productivity and produce a significant return on investment for organizations with large, mobile workforces. Unfortunately, the repercussions from an unprotected wireless network can be just as significant, if not worse. . . .

Anthony Pell
Jun 28, 2004

HNS Audio Learning Session: The Benefits of SSL VPNs

In this 6:30 minutes long audio learning session, Rob Lane, AEP Systems VP of Product Management, discusses SSL VPNs in general, shares his point of view on the benefits of using SSL VPNs for secure remote access and talks about the difference between SSL and IPSec VPNs. . . .

Anthony Pell
Jun 23, 2004

City firms still failing to guard WLans

Businesses in Europe's leading financial centres are failing to secure their wireless access points despite the risk of "drive-by" hacking. More than 33% of businesses surveyed in London, Milan, Paris and Frankfurt are still making fundamental security mistakes, research by RSA Security revealed. . . .

Anthony Pell
Jun 22, 2004

Akamai Attack Reveals Increased Sophistication

An attack last week against Akamai Technologies Inc. demonstrated the disruption of key Web site activity that a well-placed assault on the Internet's Domain Name System can cause. The incident also revealed a troubling capability on the part of hackers to target core Internet infrastructure technologies, security experts said. . . .

Anthony Pell
Jun 22, 2004

Wireless Infidelity

While the past of Wi-Fi has been plagued with security problems the economics are such that many players in the IT market want to see the insecure WEP replaced with something more robust. While nothing in the future is certain, it seem a given that Wi-Fi will overcome its adolescent growing pains and mature into a reasonably secure and easy to deploy method of networking. . . .

Anthony Pell
Jun 21, 2004

Application Denial of Service (DoS) Attacks

Denial of Services attacks aimed at disrupting network services range from simple bandwidth exhaustion attacks and those targeted at flaws in commercial software to complex distributed attacks exploiting specific COTS software flaws. These types of attack are not new and have been used to devastating effect to prevent normal operation of the victim sites. Historically, these attacks by hacktivists and extortionists alike have targeted companies as diverse as eBay and Microsoft, the RIAA and SCO, and a plethora of online gambling companies. . . .

Anthony Pell
Jun 18, 2004

HNS Audio Learning Session: Alternatives to Passwords

In this 8 minutes long audio learning session, John Stuart, Signify CEO, discusses what are the alternatives to passwords. There are three fundamental technologies which users could take into consideration: one time passcodes (token based systems), digital certificates and biometrics. . . .

Anthony Pell
Jun 17, 2004

Evaluating the ROSI: Where's the problem?

Many believe that demonstrating a ROSI in the enterprise is nigh impossible because there are no metrics that measure the ROSI unless a company is attacked or security is outsourced to a managed security provider. However, I've always been astounded by this attitude, as to me it appears that the most obvious point has been completely missed; organisations must begin with information risk assessments in order to evaluate the true effectiveness of their ROSI. . . .

Anthony Pell
Jun 17, 2004

First mobile phone virus discovered

The first ever computer virus that can infect mobile phones has been discovered, anti-virus software developers said today, adding that up until now it has had no harmful effect. The French unit of the Russian security software developer Kaspersky Labs said that that virus - called Cabir - appears to have been developed by an international group specialising in creating viruses which try to show "that no technology is reliable and safe from their attacks". . . .

Anthony Pell
Jun 16, 2004

Ease the security burden with a central logging server

My advice: Don't go another day without setting up a centralized logging server with syslog. Nearly all routers and switches can send log traffic on UDP port 514 in a syslog format. It's just a matter of providing a secure platform to collect that information. I recommend setting up a Linux box to handle this syslog task. It's simple and inexpensive, and it provides data security to some of the most valuable information about your network. . . .

Anthony Pell
Jun 16, 2004

Managing the security of data flow

Customer Relationship Management (CRM) systems are cited as one of the major technology successes of the last decade. These 'super databases' enable the real-time sharing of information across global organisations, increasing the visibility of the sales pipeline and providing a central control of the customer experience. A far cry from the early databases which were supported in the locally networked environment, CRM systems have pushed database capabilities into the enterprise arena, providing accurate monitoring of customer information and enabling corporations to sell and market to customers through a centrally managed delivery mechanism. . . .

Anthony Pell
Jun 14, 2004

Using Jabber as a log monitor

Jabber, the streaming XML technology mainly used for instant messaging, is well-suited to its most common task. However, Jabber is a far more generic tool. It's not a chat server per se, but rather a complete XML routing framework. This has some pretty far-reaching implications. . . .

Anthony Pell
Jun 14, 2004

Linux Network Security - Page 44

Harnessing Proxies for Enhanced Threat Intelligence: A Guide with Open Source Tools

Understanding HTTP Proxy Servers: A Vital Linux Network Security Tool

Exploring Vulnerability Scanners: Tools & Strategies for a Secure Network