Feature Articles - Page 16

Need an in-depth introduction to a new security topic? Our features articles will bring up up-to-date on everything from buffer overflows to SE Linux policy development.

Fortifying Email Security with Infosec Through the SDLC

Imagine releasing a software solution into the market only to realize the user cannot use the app properly. They have been reporting numerous bugs, which has lowered your reputation and reliability. ...
May 07, 2024
  0

Protect Your Linux Web Apps and Meet Compliance Standards

Security is vital for your Linux web apps, but keeping ...
May 05, 2024
  0
7.Locks HexConnections Esm H115

Strategies for Improving Linux Security Through Cross-Browser Compatibility Testing

In the dynamic landscape of web development, ensuring t...
May 05, 2024
  0
19.Laptop Bed Esm H115

Discover LinuxSecurity Features

LS Hmepg 337x500 34 Esm H200

IPTables HOWTO Updated Release

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The aim of the iptables-tutorial is to explain iptables in a complete and simple way. The iptables-tutorial is currently rather stable, and contains information on all the currently available matches and targets (in kernel), as well as a couple of complete example scripts and explanations. It contains a complete section on iptables syntax, as well as other interesting commands such as iptables-save and iptables-restore. The tutorial has recently been under heavy scrutiny and updating, as can be seen in this, the latest version of the tutorial. It is now also available in bookform from Lulu.com. If you feel like contributing or donating to the author of this tutorial, please do buy the book! Thank you!   Oskar Andreasson

191 Brittany Brittany Day
LS Hmepg 337x500 34 Esm H200

Shell Scripting, oooh...its easy

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Blessen Cherian, CTO and Executive Team Member of bobcares.com writes, "Shell scripting is nothing but a group of commands put together and executed one after another in a sequential way. Let's start by mentioning the steps to write and execute a shell script."  

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

Why EnGarde Secure Linux is "Secure By Design"

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux ABSTRACT What is EnGarde Secure Linux? EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet. EnGarde Secure Linux is the creation of Guardian Digital, Inc. a pioneer in open source security since 1999, and has been developed since then in collaboration with the worldwide community of open source security enthusiasts and professionals. Guardian Digital provides a secure and consistent environment for EnGarde Secure Linux through the Guardian Digital WebTool and the Guardian Digital Secure Network. A server-only system, EnGarde Secure Linux is administered securely and remotely using the WebTool, a custom interface that both simplifies server administration and guides the system user in maintaining a secure configurations for all of the services that comprise EnGarde. The Guardian Digital Secure Network maintains the consistency and security of EnGarde by providing system upgrades and security patches that have been constructed by Guardian Digital's engineering team to relieve the user of the burden of maintaining the system in a consistent and secure state. Defense In Depth In EnGarde Secure Linux Security is the primary consideration in designing every element of EnGarde Secure Linux. Guardian Digital applies basic security principles like "least privilege", "no unnecessary services" and "default-deny" rules to every level of EnGarde from access to kernel itself to defense of the network perimeter. Security begins with the selection of the best available open source packages, chosen and tailored for maximum security and following software security best-practices. The next level of protection comes from a complete re-engineering of the standard Linux security model using Security Enhanced Linux (SELinux). SELinux implements the principle of "Mandatory Access Control" which places each program and process under the control of its own SELinux policy, limiting its access to files and resources and effectively containing any intrusions or compromises. EnGarde Secure Linux builds on this secure foundation by placing all administration of EnGarde and its services under the control of the Guardian Digital WebTool. The Guardian Digital WebTool is a secure, remote graphical administration interface that is carefully tailored, not just to simplify administration, but to help maintain secure practices and configurations. For example, EnGarde, through the WebTool, limits user and IP access by default for most services like FTP file transfers and POP/IMAP mail retrieval. For services that must be publicly accessible like Web service and mail transport, the WebTool offers simple setup of SSL-enabled encrypted services. The WebTool also mandates secure practices like encrypted passwords and prevents hazardous configurations like open mail relays. EnGarde Secure Linux extends its secure environment through the use of a carefully integrated selection of the best open source security tools for detecting compromises and intrusions at all levels. EnGarde generates special security-focused system logs to help the administrator identify potential compromises, and adds to this host-based intrusion detection tools. EnGarde monitors the system for potential network compromises and intrusions using the open source Snort intrusion detection system, adding its own NetDiff port status monitoring software. Summary Linux and open source systems have long been renowned for their stability, versatility and scalability. EnGarde Secure Linux adds the feature crucial to providing services on the modern Internet -- security. Guardian Digital builds security into every element of EnGarde by selecting the best available open source tools and services available and configuring them with security as the top priority. Recognizing that security can only be maintained in a consistent and stable environment, Guardian Digital relieves the user of the burden of "hardening" the system and following secure practices by designing secure administration into its WebTool and by updating and securing the system through the Guardian Digital Secure Network. For an in-depth exploration of the EnGarde Secure Linux security environment, see the full version of this document at "Secure By Design" full text

191 Brittany Brittany Day

Contribute to LinuxSecurity

Don’t sit on the sidelines of history. Join the Linux Security community
and write real news & articles about Linux that matters the most.

Contribute Now
LS Hmepg 337x500 34 Esm H200

RFID with Bio-Smart Card in Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. The RF Smart Card and card reader/writer were developed to handle payment transaction for public transportation systems. These contact less cards have security features, such as encrypted RF transmission mutual authentication, and security keys. The RF smart card has up to 16 separate sectors, which can be configured as purses or for general data storage. The first sector is typically used as a directory for the rest of the card, leaving 15 segments available for data or purses. Each sector has two keys, called the A and B keys, allowing different access privileges to that sector. These key pairs can be designated as read and read/write, or decrement and increment/decrement .For example this would allow turnstile readers with the A key to only deduct value from a card sector, while smart card readers with the B keys could either add or subtract value .The card also has a 32-bit unique random number, which is permanently encoded into each chip by the chip manufacturer. Public key infrastructure (PKI) based systems are used to construct a secure system that can achieve secure access conditions. They are consequently being used to carry keys and store personal information in applications such student identification systems.

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

Packet Sniffing Overview

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A packet sniffer is a program which monitors network traffic which passes through your computer. A packet sniffer which runs on your PC connected to the internet using a modem, can tell you your current IP address as well as the IP addresses of the web servers whose sites you are visiting.

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

Preventing DDoS Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or NOC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn't have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack ,up to a certain extend .

Ls Default Copy 1 Blessen Cherian
LS Hmepg 337x500 34 Esm H200

Human Body and Server

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this article I would like to describe how care for a human body is similar to a server. It is a globally accepted fact that everything is interrelated to each other in this world in one way or the other. Let me try to prove it in the case of a human body and a human built server.

191 Brittany Brittany Day
LS Hmepg 337x500 34 Esm H200

Writing Behind a Buffer

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this paper we are going to describe a kind of vulnerability that is known in the literature but also poor documented. In fact, the problem that is going to be analyzed can be reduced to a memory adjacent overwriting attack but usually it is obtained exploiting the last null byte of a buffer, hence we are going to show that the same result is still possible writing behind a buffer, under certain conditions. To fully understand the subject of this article it's necessary to describe the memory organization1 of running processes, then the memory adjacent overwrite attack, concluding with our analysis. Read PDF

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

pgp Key Signing Observations: Overlooked Social and Technical Considerations

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

While there are several sources of technical information on using pgp in general, and key signing in particular, this article emphasizes social aspects of key signing that are too often ignored, misleading or incorrect in the technical literature. There are also technical issues pointed out where I believe other documentation to be lacking. It is important to acknowledge and address social aspects in a system such as pgp, because the weakest link in the system is the human that is using it. The algorithms, protocols and applications used as part of a pgp system are relatively difficult to compromise or 'break', but the human user can often be easily fooled. Since the human is the weak link in this chain, attention must be paid to actions and decisions of that human; users must be aware of the pitfalls and know how to avoid them.

Ls Default Copy 1 Duane Dunston
LS Hmepg 337x500 34 Esm H200

Hacks From Pax: A Linux Security Look To The Future

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Hi, and welcome back. Today in Hacks From Pax we're going to shift gears a little, step back for a higher level view and talk about the year in security from a Linux standpoint, both the good and the bad, and have a brief discussion of trends for the coming year.

191 Brittany Brittany Day
LS Hmepg 337x500 34 Esm H200

Malware - Future Trends

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Malware has truly evolved during the last couple of years. Its potential for financial and network based abuse was quickly realized, and thus, tactics changed, consolidation between different parties occurred, and the malware scene became overly monetized, with its services available on demand.

191 Brittany Brittany Day
LS Hmepg 337x500 34 Esm H200

Hacks From Pax: Using AIDE to Ensure System Integrity

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Today in Hacks From Pax we'll talk about AIDE, a host intrusion detection system. AIDE can provide another important layer of security for a system, specifically a layer designed not to keep intruders out per se, but to notify administrators of a possible compromise or intrusion. By itself it won't prevent a successful intrusion, but it can help prevent the only thing worse: a successful intrusion that you don't know about yet.

191 Brittany Brittany Day
LS Hmepg 337x500 34 Esm H200

EnGarde v3 Now Available!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Guardian Digital is pleased to announce the release of EnGarde Community v3.0. This release represents the most significant number of improvements since the first version released more than four years ago. If you haven't tried EnGarde recently, then I'm certain you'll be equally as excited about this release as we are. Completely redesigned web interface, firewall functionality, integrated Security-Enhanced Linux protection, and completely free updates are just a few of the outstanding new benefits.

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

Guide to IP Spoofing Protection

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A 1989 article titled "Security Problems in the TCP/IP Protocol Suite" by S. M. Bellovin explored IP Spoofing attacks. Bellovin described how Robert Morris, creator of the now infamous Internet Worm, figured out how Transmission Control Protocol (TCP) created sequence numbers, which is how he forged a packet sequence. This IP spoofing attack included the victim’s destination address and the ability to obtain root access to his targeted system without a User ID or password. In this article, we will discuss what IP spoofing is, its various types, how to detect or prevent attacks, and review some newer forms of IP spoofing that are being discussed in modern cybersecurity trends.

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

Hacks From Pax: PHP Web Application Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Today on Hacks From Pax we'll be discussing PHP web application security. PHP is a great language for rapidly developing web applications, and is very friendly to beginning programmers, but some of its design can make it difficult to write web apps that are properly secure. We'll discuss some of the main security "gotchas" when developing PHP web applications, from proper user input sanitization to avoiding SQL injection vulnerabilities.

191 Brittany Brittany Day
LS Hmepg 337x500 34 Esm H200

Pull the Plug Revisited: An Interview Five Years Later

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Five years after our original interview with Brian Gemberling, founder of PullthePlug.org, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug? Read more to find out...  

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

Hacks From Pax: Linux File & Directory Permissions Mistakes

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Greetings, gentle reader, and welcome to linuxsecurity.com and our new recurring series of articles on security related mistakes and how to avoid them. I'm your host, Pax Dickinson, and today we'll be reviewing basic Linux file and directory permissions and how to avoid some common pitfalls in their use, in this episode of Hacks From Pax.

Ls Default Copy 1 Anthony Pell
LS Hmepg 337x500 34 Esm H200

Are Your Servers Secure?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In a word, No. No machine connected to the internet is 100% secure. This doesn't mean that you are helpless. You can take measures to avoid hacks, but you cannot avoid them completely. This is like a house — when the windows and doors are open then the probability of a thief coming in is high, but if the doors and windows are closed and locked the probability of being robbed is less, but still not nil.

Ls Default Copy 1 Blessen Cherian
LS Hmepg 337x500 34 Esm H200

Getting to Know Linux Security: File Permissions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved. If you have ideas for future topics, please post them in the discussion forum below.  

Ls Default Copy 1 Benjamin D. Thomas
LS Hmepg 337x500 34 Esm H200

The Tao of Network Security Monitoring: Beyond Intrusion Detection

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Ls Default Copy 1 Benjamin D. Thomas
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved