Server Security - Page 19 - Results from #360

Discover Server Security News

System Administration: One Step toward the BIND

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

DNS is mostly a directory service. Millions of people and computers use one or more directories every day. Currently, so many directories exist in our world that they have become almost transparent to casual observers. You could say it's a directory kind of world out there and DNS remains a big part of it for people who use the Internet regardless of the device. In the old days, people often referred to directories as databases and technically they were right. Directories and databases share many characteristics such as the storing of information and the ability to rapidly search through that data. Think of how many times you use your cell phone as a database for personal contacts. In fact, your cell uses its address book as a directory to rapidly find and dial people's telephone numbers.

LinuxSecurity.com Team
Jun 28, 2006

E-commerce security a myth?

LinuxSecurity.com Team
Jun 27, 2006

Striking the Balance Between Storage Security and Availability

Every business owner knows that information is much more than one of an organization

LinuxSecurity.com Team
Jun 26, 2006

The dangers of shared web hosts

A reader alerted us today about yet another web server compromise, affecting a large number of domains. In this particular case, the server was hosted with iPowerWeb, a provider of low cost web space on shared servers. Space on a shared server is ok for personal use. But you should think twice before using it for commercial, in particular business critical use. Your web sites security will depend on a few hundred other users on the same system doing the right thing. A bad php script on one virtual server could lead to a compromisse of all web sites hosted on the same system.

LinuxSecurity.com Team
Jun 20, 2006

How-To: Back-up your blog (Linux)

Bad things happen. If you've ever worried that the over caffeinated tech might spill his latte down your web server, then today's How-To will help you out. Forgetting to back up your blog (or your website) is something that isn't a big deal until you need it -- like backing up anything, really. But your blog's files and databased aren't really so simply accessible as the files on your PC, so today we're showing you how to automatically back up your blog (or website) with some freely available tools that will use a minimum amount of your precious bandwidth.

LinuxSecurity.com Team
Jun 07, 2006

How To Analyze HijackThis Logs

HijackThis is a free tool developed by Merijn Bellekom, a student in The Netherlands. Spyware removal software such as Adaware or Spybot S&D do a good job of detecting and removing most spyware programs, but some spyware and browser hijackers are too insidious for even these great anti-spyware utilities. HijackThis is written specifically to detect and remove browser hijacks, or software that takes over your web browser, alters your defaut home page and search engine and other malicious things.

LinuxSecurity.com Team
Jun 05, 2006

13 Ways To Get Your Developers On Board With Software Security

It's easy to understand that software security starts with writing secure code. Keep the flaws out from the beginning and you've bought yourself several pounds of prevention. Baking security in up front is logical and makes good technical and business sense; however, getting your developers on board with security training is not necessarily going to be an easy task. At first glance, it might seem that selling software security to developers would require the same approach as getting buy-in from executive management and the average user. It's not quite that simple.

LinuxSecurity.com Team
Jun 02, 2006

Small Security Risk Still Big Selling Point for Linux

When the Indiana Department of Education rolled out PCs running Linux to schools last year, it installed open source Latest News about open source antivirus software on the servers connected to the desktop systems to scan incoming e-mail. However, it didn't bother to put antivirus tools on the PCs themselves. "I hate to admit this, but I wasn't worried," said Forrest Gaston, a consultant who is managing the project for the Indianapolis-based agency. And despite heavy Internet usage by students, Gaston's optimism has been borne out thus far. Desktop security "hasn't been an issue," he said.

LinuxSecurity.com Team
May 27, 2006

Five Ways to Screw Up SSL

SSL is a wonderful protocol, but it is frequently used badly. This note is intended to point out some of the more common errors made by applications using SSL. This checklist should be useful for application developers, system administrators, and the occasional penetration tester. This note assumes you have at least a casual knowledge of SSL, but is not a paper about cryptography. If you know enough to write an SSL library, you will know every single one of the mistakes I mention below, plus a few more. Still, I hope that those of you who are writing SSL toolkits will consider why these mistakes are made. Perhaps it will help you design your toolkits so that novices use them correctly.

LinuxSecurity.com Team
May 22, 2006

Wield the Shield: How Trustworthy Is Your OS?

Trusted operating systems have been used for some time to lock down the most sensitive of information in the most sensitive of organizations. But with security concerns rising and changing by the hour, it's now a matter of trust for any organization looking to tighten its computing ship. Several vendors, including Red Hat, Sun Microsystems and Novell, are responding by adding and/or improving trusted elements in their operating system offerings.

LinuxSecurity.com Team
May 15, 2006

Sendmail and secure design

As far as software goes, Sendmail is ancient, dating all the way back to 1981. Sendmail 8 itself is well over 10 years-old. To put it nicely, its security track record is less than stellar. However, the last big show stoppers in Sendmail were found about three years ago – Zalewski's prescan() bugs reported in September and March of 2003, and crackaddr(), also in March of 2003. The crackaddr() bug was also discovered by Mark Dowd.

LinuxSecurity.com Team
May 11, 2006

Credit Unions Attacked by Hackers More Than Banks

In a recent study spanning from February 2005 to March 2006, SecureWorks saw 67% more Internet attacks attempted against its credit union clients than its banking clients. SecureWorks' credit union clients range from large ($500 million to billions in assets) to smaller organizations (under $500 million in assets). On average, SecureWorks blocks 767 attacks per day per credit union client. SecureWorks CTO Jon Ramsey theorizes that their credit union clients are experiencing more Internet attacks than their banking clients because hackers assume that credit unions' networks are less protected than banks.

LinuxSecurity.com Team
May 10, 2006

Deja vu for Wells Fargo: Bank loses computer with confidential data

For the fourth time in the past 30 months, Wells Fargo & Co. has begun notifying customers about the potential compromise of confidential information following the theft of a company computer containing data on mortgage customers and prospective clients. The San Francisco-based bank on Friday posted a statement on its Web site saying that a computer belonging to its mortgage group had been reported as missing while being transported between Wells Fargo facilities by a global express shipping company.

LinuxSecurity.com Team
May 09, 2006

The Current State of Web Application Worms

Remeber the most recent Yahoo! Mail's XSS vulnerabilities, or the MySpace worm? I just read through a well written summary on Web Application Worms by Jeremiah Grossman, from WhiteHat Security, "Cross-Site Scripting Worms and Viruses - The Impending Threat and the Best Defense", an excerpt:

LinuxSecurity.com Team
May 04, 2006

Biggest X Window security hole since 2000

The vulnerability was found in versions X11R6.9.0 and X11R7.0.0 during a security analysis of 31 major open source projects. This pair of X Window System versions marked a major milestone when released in December of 2005, as they were the first major updates to the X Window System in more than a decade.

LinuxSecurity.com Team
May 04, 2006

Five Common Web Application Vulnerabilities

This article looks at five common Web application attacks, primarily for PHP applications, and then presents a case study of a vulnerable Website that was found through Google and easily exploited. Each of the attacks we'll cover are part of a wide field of study, and readers are advised to follow the references listed in each section for further reading. It is important for Web developers and administrators to have a thorough knowledge of these attacks. It should also be noted that that Web applications can be subjected to many more attacks than just those listed here.

LinuxSecurity.com Team
Apr 28, 2006

Apache Now the Leader in SSL Servers

Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft. As the original developers of the SSL protocol, Netscape started out with a lead in the SSL server market. But they were soon overtaken by Microsoft's Internet Information Server, which within a few years held a steady 40-50% of the SSL server market.

LinuxSecurity.com Team
Apr 27, 2006

Researcher warns that banking sites are insecure

Online bank customers may want to pay a little more attention to their browsers the next time they log in. Johannes Ullrich, chief research officer of the prestigious SANS institute said that many of the most popular banking sites may be needlessly placing their customers at risk. At issue are the user login areas that can be found on banking sites such as Chase.com and Americanexpress.com, which ask users to submit their user ID and password information. Although these forms may be encrypted, they do not use authentication technology to prove they are genuine, according to Ullrich.

LinuxSecurity.com Team
Apr 24, 2006

Attack code out for Oracle database

Attack code that takes advantage of a flaw in Oracle's database software has been released on the Web, raising the urgency to patch. The exploit code was published Wednesday, only a day after Oracle released its quarterly Critical Patch Update, security provider Symantec said in an alert to users of its DeepSight intelligence service.

LinuxSecurity.com Team
Apr 21, 2006

Oracle Database Security

It is important to understand the concepts of a database before one can grasp database security. A generic database definition is "a usually large collection of data organized especially for rapid search and retrieval (as by a computer)" (Database). This is not much different than Oracle's database definition, "An Oracle database is a collection of data treated as a unit. The purpose of a database is to store and retrieve related information." (Oracle Corporation) Databases can range from simplistic to complex. An example of a simple database is an address book. An address book provides great functionality but limits itself to specific information. For example, what if you need to include information about the model car the contact drives, or what their favorite food is? Chances are you would need another database. In a business environment it does not make sense to maintain multiple hard copy databases. Businesses must maintain large amounts of data. Examples of data are inventory, finances, payroll, employee information, and sales history.

LinuxSecurity.com Team
Apr 20, 2006

Server Security - Page 19

Securing Your Linux Server: Understanding and Mitigating Modern Threats

Essential Server Security Security Strategies for Administrators

Ensuring Linux Server Security: A Comprehensive Guide