Vendors/Products - Page 40 - Results from #780

Discover Vendors/Products News

Network Security Converges With Ubuntu Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Ubuntu, the fastest-growing version of Linux, is starting to attract interest from the managed services industry. One prime example: Untangle, which develops security solutions for managed service providers, is preparing to add support for Ubuntu within the next few months, MSPmentor has learned. As you can tell by the rise of popularity in Linux distributions such as Ubuntu, managed service providers pay more attention due to the advantages of open source such as fair pricing and overall community. Untangle focuses on its network gateway - what other distros or MSPs have you heard about which leverages Linux?

LinuxSecurity.com Team
Apr 09, 2008

SecurityCompass Exploit-Me - Firefox Web Application Testing Tools

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection. Lightweight and portable is always a benefit for web application exploitation tools. Take a look at this open-source plugin for Firefox and see how it fares against today's web applications.

LinuxSecurity.com Team
Mar 25, 2008

Virtualization's Secret Security Threats

Interesting article over at InfoWorld on the security implications of virtualization: Almost any IT department worth its salt is deploying virtualization technology today to reduce power usage, make server and OS deployments more flexible, and better use storage and systems resources. But as virtualization technology gains in popularity, it may bring with it new risks, said Don Simard, the commercial solutions director at the U.S. National Security Agency, the electronic intelligence and cryptographic agency once so secret its very existence was a secret. At the same time, virtualization technology may bring new protections, he noted. There are a lot of people "drinking the Kool-Aid

LinuxSecurity.com Team
Mar 14, 2008

Open source code for driving security into web services

OpenLiberty-J is based on J2SE, and open source XML, SAML, and web services libraries from the Apache Software Foundation and Internet2, including OpenSAML, a product of the Internet2 Shibboleth project. The library implements the Liberty Advanced Client functionality of Liberty Web Services standards This company provides a development architecture explicitly focusing on the deployment of secure practices for Web 2.0 Applications and development. Is this the best way to leverage web service security?

LinuxSecurity.com Team
Mar 11, 2008

SSH Tectia 6.0; What is it?

SSH Communications is a focused provider for all types of, you guessed it, SSH corporate services. It's rare to see such a focus, but their new release of their Tectia product suite provides and interesting take on how companies could package this functionality: SSH Tectia Manager 6.0 can centrally deploy, configure, update and audit the SSH Tectia environment from a central location. Benefits of SSH Tectia version 6.0: Improved SSH Tectia Client for Windows - supports transparent TCP Tunneling and automatic tunneling, in addition to the traditional Secure Shell port forwarding, making the product the ideal choice for securing virtually any TCP/IP application without modifications to applications or existing network infrastructure, saving time and valuable IT resources. Ease-of-implementation - improved installation and self-configuration options, provide cost-saving fast and easy ways to replace FTP and other unsecure protocols with secure alternatives, and help meet regulatory compliance deadlines.

LinuxSecurity.com Team
Mar 10, 2008

Why Do We Need Specialist Security Distros?

This question is often asked - what do platforms that focus solely on security bring to the table? According to this interview with Guardian Digital by Packt Publishing, they bring quite a lot. The company develops EnGarde Secure Linux, and answers these questions and more on what makes all security platforms valuable and why is a great example Many popular distributions, community-oriented and otherwise, take security very seriously. They have dedicated security teams that go over individual packages before they're rolled into a final release. To make sure you don't have any loose ends, these distributions and many other individual Open Source projects also publish an endless stream of security advisories and updates. Add to this security mechanisms like SELinux, AppArmor, and the upcoming TOMOYO Linux, and SMACK, and you know they mean business. So what room does this leave for specialist security distros?

LinuxSecurity.com Team
Feb 26, 2008

Flaw in Firefox Add-On could lead to data leak

Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim's machine. The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday. Of course, the issue is affecting certain add-ons, and it's likely it can be dealt with soon, or averted. The add-ons that are affected include Download Statusbar or Greasemonkey, becuase they store scripts in such a way that they could be found on the hard drive.

LinuxSecurity.com Team
Jan 24, 2008

Do you use Apache? HTTP Server versions get Security Fixes

Announced today, the Apache HTTP Server Project has new versions for 1.3.41, 2.0.63 and 2.2.8. 9 updates have been included and show that the project fixed some big bugs for these specific projects. Among some of the major fixes included those to mod_status and mod_proxy.

LinuxSecurity.com Team
Jan 21, 2008

Sourcefire boasts strong IPS management toolset

Some positives, some negatives. So it goes with Sourcefire's most recent release of their 3D IPS System. This review covers the big changes with two aspects of their software: RNA (Realtime Network Awareness) and RUA (Realtime User Awareness). With this release they've upgraded RNA by including it into macro management. Two of the most important changes in 3D System Version 4.7 lie in the RNA and RUA components. When we looked at the RNA in its first releases, we found its ability to provide network visibility by passively discovering systems, applications and vulnerabilities useful. However, RNA was not integrated into IDS and IPS policy definition at that point. In this release, Sourcefire finally brings RNA into the big picture by letting the network manager easily use RNA-discovered information to refine IDS and IPS policy and build compliance policies.

LinuxSecurity.com Team
Jan 21, 2008

11 Open Source Projects cleared as Secure?

Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects. Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL. This list of projects may seem fair and equitable. And certainly, Perl, Postfix, Amanda and others can be very secure. But PHP? Granted, the project is done with a contract from DHS as well as association with Stanford University. And their certification boasts...

LinuxSecurity.com Team
Jan 08, 2008

Tips and Tricks for Linux Admins: Volatile Debian

Yes folks, it's time for another enticing batch of useful and amazing Linux tips and tricks! On today's menu we are serving up Debian going all volatile, the lowdown on cdrkit usurping cdrtools, and a simple way to use iptables rules to foil brute-force password attacks. Want to learn about Debian's security focused repositories? How about getting iptables to block Brute-Force Attacks? There's also information on the history of CD writing and more...

LinuxSecurity.com Team
Dec 11, 2007

Running SysReport in Production

Sysreport is a diagnostic utility. It collects information about the running system, which is used for Red Hat Support to analyze current problems with the system. While sysreport is generally considered non-invasive, diagnostic utilities should always be run with caution. As with all tools such as this, it requires caution. And its good to be aware of these issues, considering that this tool can allow you to make better security decisions.

LinuxSecurity.com Team
Dec 11, 2007

Fedora 8: Security

Mayank Sharma, the Linux and security blogger, gives a great quick overview of things to look forward to in regards to Fedora's emphasis on security: One security enhancements that users will run into is the all-new Firewall configuration tool (system-config-firewall). It's easier to use and has a polished interface compared to the old tool (system-config-securitylevel). You can also now securely manage your virtual machines from a remote host since the libvirt Xen and KVM management API in F8 use SSL/TLS encryption and x509 certificates for client authentication.

LinuxSecurity.com Team
Nov 26, 2007

Ubuntu Server: Good Concept, Flawed Execution

Is Ubuntu Security what is claims to be? Some say yes, some say no. Carla Schroeder from Enterprise Networking Planet chimes in on server versus desktop kernel issues, and gives Ubuntu Server a whirl. What are the differences between versions? How does it handle package management, LAMP Stack and Iptable set-up? What about AppArmor? AppArmor is supposed to be the "real world" alternative to SELinux. Unfortunately there is nothing included that explains the default AppArmor configuration, or how to modify it. Also: Some users might have an expectation that Ubuntu Server will be all shiny and easy like Ubuntu Desktop. It's not

LinuxSecurity.com Team
Nov 20, 2007

Red Hat working on JBoss security certification

In the world of security certifications, the Common Criteria is one of the strongest ways that a company can look to gain business from Government agencies. It acts as a great way to gain international business as well. And as of Thursday, the Red Hat announced that they will be seeking the same certification (but different level) for their Java software, JBOSS. What are you thoughts on the effectiveness of Common Criteria certifications on actual security, versus as a business and marketing tool?

LinuxSecurity.com Team
Nov 07, 2007

A Hacker's Holiday Shopping List

Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from. As we get closer to the holidays, I look forward to ogling / wishing / debating over the items listed in any "top holiday buys" catalogs. However, it looks like there are other people wishing to be on Santa's naughty list AND get gifts - check out the article for a look into a recent trend with organized cyber crime. When do you think they'll have their own Home Shopping Network time slot?

LinuxSecurity.com Team
Oct 23, 2007

Review : EnGarde Secure Linux

Linuxhelp.blogspot.com decides to take EnGarde Secure Linux: Community Edition for a spin in this thorough distro review. He describes the installation, displays screen shots from various aspects of the platform, and goes into some detail regarding managing services, backing up files, checking logs, setting up firewalls, and more. He had this to say about WebTool: In short the web tool is a one stop shop for troubleshooting and managing your server from a remote location. A very powerful interface indeed.

LinuxSecurity.com Team
Oct 15, 2007

Blended Threats Targeted By Avinti

In the perpetual battle against spam, Avinti has thrown its hat into the game with its email gateway plugin. Reading through the article presented a very generic description of the tool: Called NEWT, for Neutralize E-mail-Web Threats, the software is designed to block URLs and IP addresses embedded in inbound spam messages that link to known malware sites, according to company officials. How does a tool like this stack up to the likes of SpamAssassin or Spamhaus's DROP list? Does Avinti's database of known malware links scale to today's amount of incoming spam?

LinuxSecurity.com Team
Oct 03, 2007

Creating Packet Traces of Nessus Scans

There's a lot of magic that goes on behind the scenes when you do a full Nessus vulernability scan. However, how are you exactly trust that report about your OpenSSH server being vulnerable? Is it just relying on version numbers and not considering patches? The Nessue 3 Unix scanners allow you to save packet dumps of your scans in libpcap compatible files, allowing you to view them under TCPDUMP or Wireshark for your convenience. Now you can go into greater analysis of what exactly was used to scan your server rather than a text message of "scanned". Read on for even more benefits to saving the packet data of your scans!

LinuxSecurity.com Team
Sep 11, 2007

Financially Motivated Malware Thrives

There are now people who create programs that make it easier for other people to create programs that make money. Don't worry, you read that right. This article reports on the business of making commercial malware / spamming software. For just around $200, you yourself can have programs that exploit Firefox, Internet Explorer, and Quicktime in an effort to spread your spam as quickly and easily as possible. There are now concentrated efforts in coding these shiny, plug and play spam generators. Have we gotten to the point of "if you can't beat 'em, join 'em"?

LinuxSecurity.com Team
Sep 07, 2007

Vendors/Products - Page 40

From Wayland Fixes to Security Boosts: Examining Qt 6.8.1's Impact on Linux Administration

SUSE’s Strategic Shift: New AI-Powered Data Protection and Comprehensive Rebranding

OpenShift 4.17: Revolutionizing Kubernetes for AI, Edge, and Security