Server Security - Page 11 - Results from #200

Discover Server Security News

An Introduction to Virtualization Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Virtualization platforms are software. All software has flaws. Therefore, virtualization platforms have flaws. Simple logic,right? The major virtualization platform vendors, VMware, Xen (now Citrix), and Microsoft, have all had several vulnerabilities over the last few years. However, the major components of a virtualization infrastructure and the IT strategy related to deployment and maintenance of virtualization technologies can be planned and secured fairly well. The following sections will explore the major areas of concern for security professionals.

LinuxSecurity.com Team
Mar 16, 2010

How To Harden PHP5 With Suhosin On CentOS 5.4

This tutorial shows how to harden PHP5 with Suhosin on a CentOS 5.4 server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.

LinuxSecurity.com Team
Mar 15, 2010

Apache bug prompts update advice

IT security company Sense of Security has discovered a serious bug in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. Discovered by the company's security consultant Brett Gervasoni, the vulnerability exists in Apache's core "mod_isapi" module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security.

LinuxSecurity.com Team
Mar 12, 2010

Virtualization Security Is Taking Longer Than Expected

A few years ago I wrote a paper for SANS titled

LinuxSecurity.com Team
Mar 12, 2010

Multiple Apache Web Server Flaws Patched

The Apache HTTP Web Server is the most widely deployed Web server on the Internet today, which means that vulnerabilities in the open source server can have a devastating impact. That also makes security updates like the new 2.2.15 release critical, since it addresses several security vulnerabilities in Apache's flagship HTTP Web server.

LinuxSecurity.com Team
Mar 09, 2010

F5, Infoblox team on DNS security

F5 Networks and Infoblox announced on Monday what they claim is the first integrated solution that combines DNS Security Extensions key management and signing capabilities with global server load balancing to boost performance.

LinuxSecurity.com Team
Mar 02, 2010

Five Tools for Measuring and Improving Linux System Performance

Out of the box, Linux runs just fine for many uses. But if you find yourself needing to ferret out performance problems or tune the kernel for better performance, Linux has more than enough tools to measure and tweak system performance. In this guide, we'll take a look at five of the best utilities to measure system performance and tweak the Linux kernel.

LinuxSecurity.com Team
Mar 02, 2010

Stack Smashing Protection for Debian

Here's an older article on programming security, but still very useful. Is this something you ever considered to be a concern for your systems in the past? Since we last covered the use of Stack Smashing Protection (SSP) the default compiler for Debian Sid has been upgraded to include it, with no need for custom patching. Read on for a brief demonstration of how it can be used to prevent attacks.

LinuxSecurity.com Team
Mar 01, 2010

Chuck Norris is not a Linux virus

Get a grip people. A recent story about the so-called Chuck Norris botnet implies that it breaks Linux's security. Wrong. Windows malware, whether it comes in the form of a Trojan, virus, or worm, works by exploiting security holes in either the operating system itself or an application like Adobe Reader or Internet Explorer.

LinuxSecurity.com Team
Feb 24, 2010

NetBSD 5.0.2 released

The NetBSD development team have announced the release of the second "critical/security" update of the 5.0 release branch, NetBSD 5.0.2. The latest maintenance release includes a number of important security and stability fixes for the BSD based operating system.

LinuxSecurity.com Team
Feb 16, 2010

Tech Insight: Securing The Virtualized Server Environment

Server virtualization is becoming all the rage in many data centers as enterprises seek greater efficiency and cost savings by consolidating their hardware. Unfortunately, some of these enterprises have overlooked the security implications of virtualizing their environments -- but hackers and security researchers haven't.

LinuxSecurity.com Team
Feb 15, 2010

Install software updates and security patches without rebooting

There's a real irony to my article this week. Just as I began to write, I got an e-mail from one of my hosted service providers. To paraphrase the message, it says: "Dear Customer, we will be performing maintenance on your application server for a few hours this weekend. We plan to install critical software updates and security patches. During this window you may experience brief interruptions in service. Sorry for the inconvenience."

LinuxSecurity.com Team
Feb 12, 2010

When is a 0day not a 0day? Fake OpenSSh exploit, again

When is a 0day in OpenSSH not a 0day? When it's local exploit code. Not the kind that exploits a vulnerability in the system you are logged into, to escalate privilege for example. The kind that takes advantage of potential vulnerabilities in the gray matter between your ears to make a mess of your local system. A reader wrote in to advise us of a potential 0day in the current version of OpenSSH 5.3/5.3p1 released Oct 1, 2009.

LinuxSecurity.com Team
Feb 08, 2010

Squid update fixes DoS vulnerability

Specially crafted DNS packets can compromise the popular Squid web proxy/cache in such a way that it briefly fails to respond. The problem is caused by insufficiently checked DNS responses which Squid initially places in a queue. By sending packets that only contain a header, a queue overflow can be triggered which can apparently be exploited for Denial-of-Service (DoS) attacks.

LinuxSecurity.com Team
Feb 02, 2010

Mitigate the Security Risks of PHP System Command Execution

As the Web continues its march towards becoming the de facto interface for the world's software applications, developers must find effective ways to not only communicate with server processes such as MySQL, but also other operating system tools such as a shell or Ruby script. In this tutorial, I'll show you how to securely execute a variety of system-based commands via a PHP script, demonstrating how to build web applications that can tightly integrate with both the operating system and third-party software.

LinuxSecurity.com Team
Jan 29, 2010

Set up rsyslog to store syslog messages in MySQL

The de facto system logger on Linux systems is sysklogd, which provides the syslog and klog services that allow system events and application events to be logged and written to standard log files such as /var/log/messages.

LinuxSecurity.com Team
Jan 28, 2010

Security update for BIND name server

The Internet Systems Consortium (ISC), the company behind the open source DNS BIND, software, has released security updates to resolve a DNSSEC-related vulnerability that could lead to Denial-of-Service (DoS) attacks. According to the relevant advisory, the server's domain validation code contains a flaw that can cause an NXDomain to be regarded as validated although it isn't. With the usual protective measures (random transaction IDs and random source ports) in place, however, the cache is not said to be open to manipulation. However, the prevention of DoS attacks is apparently, compromised. No further details were given by ISC.

LinuxSecurity.com Team
Jan 22, 2010

How to steal a virtual machine and its data in 3 easy steps

Remember the email server or payroll system that you virtualized? Someone with administrator access to your virtual environment could easily swipe it and all the data without anybody knowing. Stealing a physical server out of a data center is very difficult and is sure to be noticed, stealing a virtual machine (VM), however, can be done from anywhere on your network, and someone could easily walk out with it on a flash drive in their pocket.

LinuxSecurity.com Team
Jan 11, 2010

Security fixes for Sendmail - Update

Version 8.14.4 of Sendmail, the open source mail transfer agent (MTA), includes fixes for several security vulnerabilities including some integer overflows, memory leaks and for the SSL NUL character problem disclosed in mid 2009. The release also corrects a resolution error where an apparently valid host name lookup contained a NULL pointer; this problem caused crashes on some Linux versions of the software. The update also includes a number of corrections for several non-security issues.

LinuxSecurity.com Team
Jan 06, 2010

Google Chrome OS May Be Security Hotspot in 2010

Google's Chrome OS will be "poked" by hackers in 2010, in large part because it will be the "new kid on the block," a security researcher predicted Wednesday. Google's (GOOG) Chrome OS will be "poked" by hackers in 2010, in large part because it will be the "new kid on the block," a security researcher predicted today.

LinuxSecurity.com Team
Jan 04, 2010

Server Security - Page 11

Securing Your Linux Server: Understanding and Mitigating Modern Threats

Essential Server Security Security Strategies for Administrators

Ensuring Linux Server Security: A Comprehensive Guide