Server Security - Page 16

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Securing Your Linux Server: Understanding and Mitigating Modern Threats

In this digital age, Linux servers face unprecedented challenges posed by cyber threats. These, in turn, introduce new vulnerabilities that system administrators must address. Traditionally considered a more secure environment compared to other opera...
Oct 25, 2024
  0

Essential Server Security Security Strategies for Administrators

In the current threat landscape, Linux servers have eme...
Oct 03, 2024
  0
13.Lock StylizedMotherboard Esm H115

Ensuring Linux Server Security: A Comprehensive Guide

Linux servers form a vital backbone of today's Internet...
Oct 02, 2024
  0
22.Lock ScreenEffect Esm H115

Discover Server Security News

Not Much Resistance at the Door

Not Much Resistance at the Door

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Websites are as vulnerable as ever, according to a survey of Web application security professionals who test sites for security holes. The survey, conducted by researcher Jeremiah Grossman on his blogsite, polled more than 60 security pros, 63 percent who work for vendors or consultants, 23 percent for enterprises, 5 percent for government, and 10 percent for other types of organizations. These are the guys in the trenches who hammer on Websites regularly -- 53 percent said all or almost all of their job is dedicated to Web app security (versus development, general security, and incident response); 28 percent said about half; and 20 percent said "some."

Making a distribution secure

Making a distribution secure

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There's no dearth of Linux distributions to choose from. With so many to choose from, one might think it's as easy as picking up the Linux kernel, throwing in a few applications, setting up respositories, making ISOs and you've got a shiny new Linux distro. Well, there's more to a Linux distro than assembling applications and making sure everything works. A lot of time and effort, at least for major distros, is spent on making the distribution secure and getting updates out in a timely fashion. To start with, all major distributions have security teams that collaborate with the main release team to ensure no vulnerable packages make their way into the final release. For example, Chris Gianelloni, release engineering strategic lead of Gentoo says that the release engineering team works with Gentoo's security team and individual architecture teams to make sure Gentoo doesn't have security vulnerabilities when Gentoo is released.

Snake Bytes: XSS Rx

Snake Bytes: XSS Rx

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There are two philosophies in which to protect against cross-site scripting (XSS) attacks: input encoding and output encoding. Input encoding means that the application takes whatever the user gives it and then encodes it so that when the information is outputted it has already been sanitized. Output encoding means that the application takes whatever data is given to it in whatever form it takes and stores it. Once it is ready for output it is sanitized before being shown to the user. I've heard people say that output encoding is the right way to deal with HTML injection and XSS attacks as well. There's one concept I haven't bought off on personally. Let's take an example where you have a single input, which is your name.

Locking Down Ubuntu

Locking Down Ubuntu

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security is an important issue in computing. Unfortunately, many computers allow a cracker to gain access to them and retrieve sensitive information, or just make life hard. This article will review the basics in general security and explain how to apply it to two Linux distributions--Ubuntu and Kubuntu. This article assumes that you know how to install programs on either Ubuntu or Kubuntu. It also assumes that you have some knowledge of basic computer networking principles. If you do not know how to install programs on Ubuntu, go tohttps://help.ubuntu.com/community/InstallingSoftware. If you do not know much about networking, go to http://www.faqs.org/docs/linux_network/x-087-2-intro.html. This article also assumes that you are using Ubuntu or Kubuntu 6.06(Dapper Drake), but the Firewall section can be adapted for any recent Linux distribution.

DNS Security and Threat Mitigation: An Overview of Domain Name System Threats and Strategies for Sec

DNS Security and Threat Mitigation: An Overview of Domain Name System Threats and Strategies for Sec

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Internet is a seemingly limitless source of information. It provides the power of collective knowledge and information to a vast array of users who access innumerable resources for countless reasons. These resources are typically accessed by using a human readable name designed to be easily remembered, thus increasing the usability of the resource. These human readable names, as the very term implies, are for the sake of the human users. Network devices, however, find each other by using a number, referred to as IP (Internet Protocol) addresses. The Domain Name System is the service that maps the human readable names to device specific IP addresses creating the user friendly nature of networked systems.

Establish more effective security capabilities with OpenSSH

Establish more effective security capabilities with OpenSSH

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Longtime Linux admins know that SSH, the "Secure Shell" protocol, is one of the most handy and potentially critical utilities in their software toolbox. Using multiple terminal emulators in an X Windows environment on a workstation, or via the Screen utility, a sysadmin for Linux or other Unix-based OS servers can manage several systems simultaneously with ease. Network administration shell or Perl scripts can make use of SSH to perform automated tasks on multiple servers at once simply and securely. Network shell utilities like RSH have been around longer than SSH, of course. But SSH adds strong encryption and data compression to its functionality and most modern SSH implementations also provide SFTP and SCP in the same convenient package, for secure file transfers over the network.

BT to make DDoS mitigation affordable

BT to make DDoS mitigation affordable

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

SPs could provide the answer to combatting DDoS attacks according to BT, providing customers with DDoS mitigation at a price far cheaper than buying it in directly. According to Mick Creane, Head of Managed Security Strategy at BT, ISPs are in a unique position to be able to make DDoS mitigation affordable for its customers, and it's something BT is already considering. 'We're looking at technology in the core of our network that would direct traffic through a "scrubbing centre". This terminates requests, checks if they are valid and if they are not, drops them. Where they are valid, they are forwarded to the original destination,' said Creane. 'It's expensive, but with BT you have economies of scale. So we would divert traffic as necessary [rather than route everything through the "scrubbing centre"].'

Vulnerability Scanning Web 2.0 Client-Side Components

Vulnerability Scanning Web 2.0 Client-Side Components

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Web 2.0 applications are a combination of several technologies such as Asynchronous JavaScript and XML (AJAX), Flash, JavaScript Object Notation (JSON), Simple Object Access Protocol (SOAP), Representational State Transfer (REST). All these technologies, along with cross-domain information access, contribute to the complexity of the application. We are seeing a shift towards empowerment of an end-user's browser by loading libraries. All these changes mean new scanning challenges for tools and professionals.

Beginners Guide To .htaccess Files With Examples

Beginners Guide To .htaccess Files With Examples

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

.htaccess files provides us with ways to make configuration changes on a per-directory basis. This file works well in Apache Web Server and on Linux/Unix. Also, it works on Windows based system with Apache Web server. There are several things that developers, site owners and webmasters can do by using .htaccess file. Let

Storing and Protecting Data

Storing and Protecting Data

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Given massive data growth across all industries, Information Lifecycle Management or ILM has become accepted as a critical business goal many organisations hope to achieve over time. Most organisations recognise that they cannot simply continue to store and then blindly manage data of all types on primary storage. That data which has immediate relevance to active business processes merits a place on high-performance/high-availability primary storage. It also warrants special attention with frequent or continuous data protection and business continuance processes.

Look At Even More Passwords!

Look At Even More Passwords!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

You might remember my previous posting on websites that insist on sending your username and password credentials over the internet in plain text (in other words, anyone in between you and the destination web server can 'sniff' these credentials if they know what they are doing). This article created a substantial amount of feedback from both users and website owners. Some agreed to modify their authentication methods, some accused me working for their competition. No, I'm not making that up.

Keep a Lid on Linux Logins

Keep a Lid on Linux Logins

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When asked about security on a multi-user Linux system, a wise man once said "everyone is root if you allow them to login as a user." There is plenty of truth in that, but embracing imminent compromise isn't always acceptable. Let's take a look at how you can limit your exposure while letting unknown and untrusted users login with a shell. There are two groups of people who typically want to heavily restrict login users. First, the collaborators: possibly two separate organizations that have been forced to work together. Second, people who wish to allow some shady characters access to a shell but believe they may attempt to compromise security. If at all possible, the best policy is to simply not give access out, and if you do, make sure patches are applied daily.

Web Content Filtering in the Corporate Network Perimeter

Web Content Filtering in the Corporate Network Perimeter

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Internet provides a wide range of content related to all topics. A large part of it is necessary to develop business activity. For this reason, companies in the twenty first century need the information available on the Internet to guarantee good results. However, the universal nature of this content allows employees with Internet access to make personal use of company resources, accessing content that is not related to their work, and thereby degrading the company

Checklist for Securing PHP Configuration

Checklist for Securing PHP Configuration

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Apache/PHP/MySQL stack is immensely popular for web application development, its components are powerful, versatile and Free. Unfortunately however, PHP comes with a default configuration that is not suitable for production mode, and may cause developers to use insecure techniques during the development phase. Inside is a check list of settings that are intended to harden the default PHP installation.

Application Error Handling: How to Avoid Death by a Thousand Cuts

Application Error Handling: How to Avoid Death by a Thousand Cuts

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Ajax programming is one of the most exciting new technologies in recent history. Ajax (Asynchronous Javascript and XML) allows a web page to refresh a small portion of its data from a web server, rather than being forced to reload and redraw the entire page as in traditional web programming. Since they can make frequent, small updates, web applications written with Ajax programming can present user interfaces that are more like desktop applications, which are more natural and intuitive interfaces for most users. However, just like Uncle Ben said to Peter Parker (aka Spider-Man

Managing Security in Mixed Windows/Linux Networks

Managing Security in Mixed Windows/Linux Networks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Directory services play a critical role in ensuring computer networks are properly secured and efficiently managed. While Linux machines running in Microsoft Windows networks can interoperate with Active Directory, configuration is complicated - especially for administrators lacking Linux expertise. Managing authentication between Windows and Linux systems just got easier.Linux systems, as shipped, include support for Kerberos, LDAP and other security/authentication protocols, but don't typically come ready to perform single-sign on Linux by buying specialized, proprietary software. It is possible to partially implement Active Directory-based single sign-on on Linux systems without any additional software.

You know about XSS. How about XSRF/CSRF?

You know about XSS. How about XSRF/CSRF?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

You know about cross-site scripting (XSS). It's an attack that injects malicious code into a vulnerable application such that the code executes in the victim's application viewer and, therefore, with the victim's session privileges. In most cases, the viewer is a web browser and the malicious code is written in JavaScript. (XSS won over the arguably more correct abbreviation "CSS" because of confusions with an unrelated term Cascading Style Sheets.) In theory, the victim's viewer could be another application, rather than a web browser. Imagine a vulnerable website that accepts code as input from the attacker and, without properly filtering on input or output, incorporates the code into a spreadsheet that the victim views in Excel. If the attacker could find a way to supply code that Excel will execute, then we have an instance where an XSS attack targeted a non-web browser.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved