Linux Network Security - Page 46

Discover Network Security News

Voice Over IP Can Be Vulnerable To Hackers, Too

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As voice over IP sweeps across the high-tech landscape, many IT managers are being lulled into a dangerous complacency because they look upon Internet phoning as a relatively secure technology--not as an IP service susceptible to the same worms, viruses, and other pestilence that threatens all networked systems. . . .

Anthony Pell
May 14, 2004

Spec in Works to Secure Wireless Networks

The Trusted Computing Group said Monday that it is working on a specification to ensure that wireless clients connecting to a network won't serve as a back door to worms and crackers. Officials within the TCG, based in Portland, Ore., said the industry standards body is developing a "Trusted Network Connect" specification, designed to audit wireless-enabled PCs when they first make contact with an enterprise's wireless network. . . .

Anthony Pell
May 13, 2004

Web worm tests network security

Using vulnerabilities revealed at the same time as those exploited by the web worm, security firm IRM has demonstrated how they can be used to gain control of a Windows web server. . . .

Anthony Pell
May 12, 2004

Understanding TCP Reset Attacks, Part I

To better understand the reality of this threat, KernelTrap spoke with Theo de Raadt [interview], the creator of OpenBSD, an operating system which among other goals proactively focuses on security. In this article, we aim to provide some background into the workings of TCP, and then to build upon this foundation to understand how resets attacks work. . . .

Anthony Pell
May 11, 2004

Network Security Basics

Routers and switches are the keys to a strong network foundation. Together they enable the intelligent, end-to-end movement of converged data, voice, and video information within or outside the business. . . .

Anthony Pell
May 11, 2004

The Internet's Wilder Side

I.R.C. perhaps most closely resembles the cantina scene in "Star Wars'': a louche hangout of digital smugglers, pirates, curiosity seekers and the people who love them (or hunt them). There seem to be I.R.C. channels dedicated to every sexual fetish, and I.R.C. users speculate that terrorists also use the networks to communicate in relative obscurity. Yet I.R.C. has its advocates, who point to its legitimate uses. . . .

Anthony Pell
May 06, 2004

Scanning the Horizon

Protecting today's dynamic networks against ever-changing security threats requires vigilance as well as action. A vulnerability assessment scanner, frequently updated to reflect the latest attacks, can be an essential weapon in your information security arsenal. The recent Blaster worm was just the latest reminder that corporations need to move swiftly to prevent attack. It won't be the last. . . .

Anthony Pell
May 05, 2004

HNS Learning Session: DDoS Threats

In this ten minute audio, Mr. Woo introduces the listeners to the enormous threat of Distributed Denial of Service attacks in the Internet era and gives his opinion on what should organizations do to stop them. . . .

Anthony Pell
May 04, 2004

DNS Troubleshooting – Everything Depends on It

The Domain Name System (DNS) service is required to access e-mail, browse Web sites and use hostnames in general. DNS resolves hostnames to IP addresses and back (e.g. http://www.cyberguard.com/ translates to 64.94.50.88). This article details how DNS works under normal circumstances and provides troubleshooting tips. . . .

Anthony Pell
May 04, 2004

Mobile flaws expose executives to bugging

Executives at some of Britain's biggest companies are using mobile phones that can be secretly tracked and bugged, despite a series of Times investigations demonstrating gaping holes in handset security. During tests at the offices of Shell, BP, HSBC and Goldman Sachs, The Times identified 95 phones potentially vulnerable to a new form of hacking known as "bluesnarfing". . . .

Anthony Pell
Apr 30, 2004

Protecting Road Warriors: Managing Security for Mobile Users (Part One)

Imagine what it would be like if every user's system was located on your network perimeter and had none of the safeguards your multi-layered security systems provide. Unfortunately, you most likely have such systems: your mobile users. Whether it's your sales force, world-traveling executives or just a user "working from home," these people are separated from all of your inner defenses and are at the mercy of their surroundings. You need a strategy to ensure their systems and their data is as safe on the road as they are in your own borders. . . .

Anthony Pell
Apr 29, 2004

Common Security Vulnerabilities in e-commerce systems

The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. The different types of vulnerabilities discussed here are SQL injection, cross-site scripting, information disclosure, path disclosure, price manipulation, and buffer overflows. . . .

Anthony Pell
Apr 28, 2004

TCP Net threat overstated, says security researcher

VANCOUVER, British Columbia--Widespread reports about a flawed communications protocol making the Internet vulnerable to collapse were overblown, according to the researcher credited with uncovering the security problem. A flaw in the most widely used protocol for sending data over the Net--TCP, or the Transmission Control Protocol--was addressed by most large Internet service providers during the last two weeks and presents little danger to major networks, said Paul Watson, a security specialist for industry automation company Rockwell Automation. If left unfixed, the weakness could have allowed a knowledgeable attacker to shut down connections between certain hardware devices that route data over the Net. . . .

Anthony Pell
Apr 22, 2004

HNS Learning Session: Session Hijacking Explained

For the first learning session on Help Net Security, we've got Caleb Sima, SPI Dynamics CTO and co-founder, discussing session hijacking attacks. While session hijacking can be applied to a lot of areas, this learning session is concentrated to the attacks on web applications. . . .

Anthony Pell
Apr 22, 2004

Securing The IP Telephony Perimeter

Networking battles never die; they just move to another layer in the OSI stack. That networking adage is as true with IP telephony security devices today as it was years ago with bridges and routers. . . .

Anthony Pell
Apr 22, 2004

Flaw Leaves Internet Open to Attacks

A security researcher has developed a new attack for a well-known flaw in the TCP protocol that allows an attacker to effectively shut down targeted routers and terminate existing TCP sessions at will. The scenario has many security experts worried, given the ubiquity of TCP and the fact that there's an attack tool already circulating on the Internet. . . .

Anthony Pell
Apr 21, 2004

Vulnerability Issues in TCP

The vulnerability described in this advisory affects implementations of the Transmission Control Protocol (TCP) that comply with the Internet Engineering Task Force's (IETF's) Requests For Comments (RFCs) for TCP, including RFC 793, the original specification, and RFC 1323, TCP Extensions for High Performance. TCP is a core network protocol used in the majority of networked computer systems today. Many vendors include support for this protocol in their products and may be impacted to varying degrees. Furthermore any network service or application that relies on a TCP connection will also be impacted, the severity depending primarily on the duration of the TCP session. . . .

Anthony Pell
Apr 20, 2004

Will Trade Passwords For Chocolate

Almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar. . . .

Anthony Pell
Apr 20, 2004

How secure is your handheld?

The No. 1 threat to the sensitive data stored on your handheld device or smart phone remains physically losing the device, but other threats are looming on the handheld horizon. "When you send a defective PDA to the manufacturer for tech support, they usually give you a new one and then resell the old one," said John Girard, vice president and research director at Gartner Inc. "Buying dead machines is an ideal method of pursuing identity theft." What's more, 90% of mobile devices lack the protection necessary to ward off hackers, according to a recent strategic planning assumption conducted by Stamford, Conn.-based Gartner. . . .

Anthony Pell
Apr 19, 2004

CARP your way to high availability

You're putting out system management fires, with five SSH sessions open on your desktop. The mail server needs a restart after that kernel patch, so you su to root and type reboot. Just as the connection closes, your brain catches up with your fingertips. The mail server's still up -- the system you rebooted was the firewall at the site 200 miles away. The firewall on which 50 users rely. The firewall that refuses to reboot without a cold reset. What do you do? . . .

Anthony Pell
Apr 16, 2004

Linux Network Security - Page 46

Harnessing Proxies for Enhanced Threat Intelligence: A Guide with Open Source Tools

Understanding HTTP Proxy Servers: A Vital Linux Network Security Tool

Exploring Vulnerability Scanners: Tools & Strategies for a Secure Network