Server Security - Page 18

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Securing Your Linux Server: Understanding and Mitigating Modern Threats

In this digital age, Linux servers face unprecedented challenges posed by cyber threats. These, in turn, introduce new vulnerabilities that system administrators must address. Traditionally considered a more secure environment compared to other opera...
Oct 25, 2024
  0

Essential Server Security Security Strategies for Administrators

In the current threat landscape, Linux servers have eme...
Oct 03, 2024
  0
13.Lock StylizedMotherboard Esm H115

Ensuring Linux Server Security: A Comprehensive Guide

Linux servers form a vital backbone of today's Internet...
Oct 02, 2024
  0
22.Lock ScreenEffect Esm H115

Discover Server Security News

Precious Cargo

Precious Cargo

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As recent lapses have shown, sending critical backup data to a storage facility isn't as simple as placing a package on a truck. Here are four points to consider when you're securing the chain of custody for your backup data. When Bank of America disclosed in February that its courier service had lost backup tapes containing data on about 1.2 million federal employees

LinuxWorld Experts: Securing Web-based Applications On Linux

LinuxWorld Experts: Securing Web-based Applications On Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is the first in a series of newsletters, where we talk with Linux experts who will be speaking at the LinuxWorld Conference and Expo, which runs Aug. 14-17 at the Moscone Convention Center in San Francisco. PHP, PERL and other languages are useful and easy to learn tools that can be used to build some pretty functional Web-based applications. They can also be the bane of a system administrator's existence, especially when slapped together and used to publish Web apps accessible to the outside world.

Six steps to secure sensitive data in MySQL

Six steps to secure sensitive data in MySQL

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

If you're using MySQL, there are some easy things you can do to secure your systems and significantly reduce the risk of unauthorised access to your sensitive data. The most valuable asset for technology-based organisations is usually the customer or product information in their databases. And so, a critical part of database administration in such organisations consists of securing these databases against outside attack and hardware/software failures. In most cases, hardware and software failures are handled through a data backup regimen. Most databases come with built-in tools to automate the entire process, making this aspect of the job relatively painless and error-free. What's not so simple, however, is the second half of the puzzle: making sure that outside hackers can't get into the system and either steal or damage the information contained therein. And unfortunately, there usually isn't an automated way to solve this problem; rather, it requires you, the administrator, to manually put in place roadblocks and obstacles to trip up would-be hackers and to ensure that your company's data stays secure.

Feed Injection in Web 2.0

Feed Injection in Web 2.0

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One new feature of "Web 2.0", the movement to build a more responsive Web, is the utilization of XML content feeds which use the RSS and Atom standards. These feeds allow both users and Web sites to obtain content headlines and body text without needing to visit the site in question, basically providing users with a summary of that sites content. Unfortunately, many of the applications that receive this data do not consider the security implications of using content from third parties and unknowingly make themselves and their attached systems susceptible to various forms of attack.

Implementation of a File Integrity Check System

Implementation of a File Integrity Check System

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The current state of Intrusion Detection Systems(IDS) would have to be considered fairly mature. The market for IDS and Intrusion Prevention Systems (IPS) is a large percentage of the $14 billion security software[1] industry with dozens of vendors and service providers worldwide.

Linux 101: Best practice techniques for security integrity auditing and recovery

Linux 101: Best practice techniques for security integrity auditing and recovery

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two critical security considerations that are closely related to one another are ignored all too often: integrity auditing and recovery. This document is an overview of good security integrity auditing and recovery practices using a Linux operating system. Too often, a system administrator will get all the basic security measures in place, set up a well-secured system, and figure his job is done unless something goes horribly and obviously wrong. It is important, though, to regularly check the systems in your area of responsibility to make sure they haven't been compromised, and to know what to do if they have. Two critical security considerations that are closely related to one another are ignored: integrity auditing and recovery. This download gives you an overview of good security integrity auditing and recovery practices using a Linux operating system.

The Security Risk In Web 2.0

The Security Risk In Web 2.0

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Web 2.0 is causing a splash as it stretches the boundaries of what Web sites can do. But in the rush to add features, security has become an afterthought, experts say. The buzz around the new technology echoes the '90s Internet boom--complete with pricey conferences, plenty of start-ups, and innovative companies like MySpace.com and Writely being snapped up for big bucks. And the sense of deja vu goes even further for some experts. Just as in the early days of desktop software, they say, the development momentum is all about features--and protections are being neglected.

Removable storage: the new breed

Removable storage: the new breed

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Storage formats such as tape have enjoyed year upon year of being in pole position as the format of choice for secondary backup, though in recent years hard disk technologies have caught up with the aging medium. One fundamental challenge for hard disk technology is to prove its ability to provide cost effective off-site security, something of a hardship for a fixed disk technology. Unlike tape, disk technologies are traditionally not as removable and have to be handled carefully due to the drive mechanics being transported with the media. Off-site security, therefore can be a difficult, cumbersome job.

Linux patch problems: Your distro may vary

Linux patch problems: Your distro may vary

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

With all the different distributions of Linux available -- many for free -- what distinguishes one over another? Most have the same set of standard bells and whistles. A few have support options that might be appealing for enterprise-level deployments. Nevertheless, underneath the surface, they all share pretty much the same code base. After all, that's what makes Linux so intriguing: busy open source developers all over the planet are always adding features or fixing bugs, and anybody can take advantage of their work.

Continuous Data Protection

Continuous Data Protection

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Backup and recovery operations are the focus of business continuity and data protection plans and often the main source of anxiety for IT departments. Few businesses are fully satisfied with their backup and recovery solutions. Not only must data be protected from complete site failures, such as those resulting from natural disasters, data must also be protected from corruption or data loss, such as that resulting from a computer virus or human error.

How to restore a hacked Linux server

How to restore a hacked Linux server

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Every sysadmin will try its best to secure the system/s he is managing. Hopefully you never had to restore your own system from a compromise and you will not have to do this in the future. Working on several projects to restore a compromised Linux system for various clients, I have developed a set of rules that others might find useful in similar situations. The type of hacks encountered can be very variate and you might see very different ones than the one I will present, or I have seen live, but even so, this rules might be used as a starting point to develop your own recovery plan.

Secure Your Apache With mod_security

Secure Your Apache With mod_security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. In the first chapter I will show how to install mod_security on Debian Sarge, Ubuntu 6.06 LTS (Dapper Drake), and on Fedora Core 5, and in the second chapter I will describe how to configure Apache for mod_security which is independent from the distribution you're using.

Secure Linux - security kit review

Secure Linux - security kit review

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Linux systems are fairly resistant to intrusion attempts. However, for certain applications requiring very high security levels, the features found in standard distributions may prove insufficient. This article examines several of the most popular ways to increase Linux system security at kernel level.The notions of a secure and insecure operating system are deceptive. The actual security level depends primarily on system configuration and system administrator skills, covering technological and non-technological means of protection, choice of software solution and the administrator

Successful Backups Are Not Enough

Successful Backups Are Not Enough

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Data protection requirements have moved on from the purely technical question of "Did the backup work?" to the much more complex question of "Is my business protected?". The view of the backup application of success or failure is no longer relevant unless considered in the context of business policies.

The Holdup On DNSSEC

The Holdup On DNSSEC

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When you type in a hostname like https://www.example.com/, your computer's resolver looks in its local cache and uses the information found there, then it sends the query to a name server that it has defined. That DNS server is then responsible for resolving the name and sending the response to your computer. If the DNS server doesn't have the name in the local cache, then it starts at one of the root servers and works its way down to a so-called authoritative name server for that host name. Pretty straightforward -- and, as a distributed database, the DNS (I use "the DNS" to mean "the distributed name service" in general, not a specific DNS server) is pretty effective. But as security wonks, we care about the veracity of the data, and as DNS is deployed today, we can't even begin to verify DNS data.

Tip of the Trade: Pyramid Linux

Tip of the Trade: Pyramid Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When you need a new network border appliance you owe it to yourself to give serious consideration to the do-it-yourself option. You'll save a lot of money and have complete control, which are always good things when it comes to your network security. There are no shortage of DIY choices in the Free/Open Source software world; today we'll take a look at Pyramid Linux on small form-factor hardware. Pyramid Linux is designed for embedded wireless devices, but it lends itself quite nicely to ordinary wired networking as well. Based on Ubuntu Breezy, it weighs in under 64 MB. It installs read-only, making it perfect for Compact Flash devices because you don't want unnecessary writes on CF cards.

Backup, backup and more backup

Backup, backup and more backup

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I've noticed recently that more and more of my clients and friends are having drive failures. Now I don't know if it's the recent heat waves, global warming, or the fact that most of the drives that are in play right now were purchased quite some time ago and have just run their spindles out, but at least once a week for the past two months I've heard about a full on drive failure or seen a drive showing the signs of impending doom. Since we're at the halfway mark for the year I'm suggesting that we all take a look at our backup solution and make sure that the whole end to end backup process is working.

Real World Computing

Real World Computing

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Ian Wrigley and Simon Brock discuss how to keep your systems safe and secure from attacks Hackers are a fact of life these days. Anyone who's managed a server will know that the box will inevitably be probed, and logins attempted, on a daily basis. For example, on just one server we manage - which sits behind a firewall with only a very limited number of ports open - we've seen dozens of different login attempts from unauthorised sources over the last couple of days alone, including one sustained attempt to log in via SSH more than 2,500 times, and this is absolutely typical. So much so that these days we don't even bother notifying the system administrator of the machine from which the logins were attempted. Gone are those days when we'd email administrators to warn them that their own machines may be compromised.

Web Application Security: Unvalidated Input

Web Application Security: Unvalidated Input

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

According to the OWASP Guide, unvalidated input is the most common weakness found in web applications. Tainted input leads to almost all other vulnerabilities in these environments (OWASP, 2005). Before we look at how to prevent this weakness from spreading throughout your web solutions, let

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved