Stay Ahead With Linux Security HOWTOs
How to Secure My Network
security advisory remote access
security advisory remote access Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
Jun 03, 2026
How to Secure My Networkintrusion detection application security
intrusion detection application security The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
Jun 01, 2026
How to Secure My Networkunauthorized access security techniques
unauthorized access security techniques Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
May 28, 2026
How to Secure My Networksecurity advisory incident response
security advisory incident response The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
May 28, 2026
How to Secure My Networknetwork monitoring Linux server
network monitoring Linux server When a Linux server initiates an unauthorized outbound connection to an unknown IP address, it rarely triggers an immediate system failure. Instead, the server continues running normally, and the connection is usually only discovered during a routine firewall log review, a DNS audit, or a post-incident investigation. Because there are no obvious system crashes or performance drops, these quiet outbound sessions can easily be overlooked. . However, treating these anomalies lightly is a...
May 27, 2026
Refine HOWTOs
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security HOWTOs
We found -1 articles for you...
166
buffer overflowsoftware securitycoding practicesEffective Techniques for Preventing Buffer Overflows During Development
This article discusses techniques one can use to prevent software Buffer Overflows.. The link for this article located at Avoiding Buffer Overflows is no longer available. . Buffer overflows present vulnerabilities that can lead to exploitation or data corruption. To prevent and improve coding quality, implement these techniques.. Buffer Overflow Prevention, Coding Techniques, Software Development. . Anthony Pell
Nov 29, 2004
•
How to Learn Tips and Tricks
166
buffer overflowexploit mitigationdetection techniqueComprehending Buffer Overflows and Their Detection Techniques
This tutorial will let you know what a buffer overflow is and how you can detect if some program is vulnerable to buffer overflow exploits. This tutorial has C source code, so if you don't know C you can have some problems in this tutorial, you also. . This tutorial will let you know what a buffer overflow is and how you can detect if some program is . tutorial, buffer, overflow, detect, program. . Anthony Pell
Nov 23, 2004
•
How to Learn Tips and Tricks
166
denial of servicebuffer overflowintrusion preventionEffective Techniques To Minimize Linux Intrusions And Protect Systems
Reducing the risk of intrusion can be achieved by eliminating many of the known common problems. . The vast majority of attacks on done by script kiddies who scan massive IP blocks looking for a vulnerable computer, then run a program which they don't understand, to exploit the vulnerability they've just discovered. To block these script kiddies just fix the common vulnerabilities that the programs they use rely on. Buffer Overflow A buffer overflow attack is when the attacker sends malformed packets to a service that causes the memory buffer to overflow. The cracker hopes this will cause the program to crash and defaulting into a root prompt. Buffer overflows happen because of programming errors where input was not checked to be valid. To prevent buffer overflows, all code must be meticulously hand checked multiple times by multiple people. Since this is not often possible, to limit the chances of being successfully cracked by a buffer overflow attack, make sure you keep your systems up to date and get rid of all excess services. Reducing the number of total services your server is offering, the less amount of code that could have a potential buffer overflow. Also, there are kernel patches that prevent some forms of buffer overflow. Denial of Service A Denial of Service, DoS, attack can come in many shapes and forms. The Blue Screen of Death from Windows can be one if it is caused by someone and not just poor programming. Also, the infamous DDoS attacks from earlier this year are an example where multiple 'zombie' computers coordinate together to attack a host all at the same time. A DoS attack is anything that maliciously prevents the computer from doing what was intended. This is usually accomplished by errors in code that will cause the program to eat up all the system resources. Preventing DoS attacks in like preventing buffer overflows, but a firewall will also help with this, unlike buffer overflows. Another page with firewall information can be found here Trojan Horse A Trojan Horseis a program that purports to do something useful when in fact it really does something malicious such as send off the password file to a remote system. It must first be explicitly placed there by a malicious user. This is typically done to ensure that once a cracker has exploited a weakness in your system he has a way back into the system at a later date, even after the initial vulnerability has been fixed. If a trojan is on the system, chances are the system has been cracked and needed to be wiped and reinstalled. The only way to prevent trojans is with a good firewall. A firewall works for blocking trojans only if the firewall is set to default deny and only essensial services are allow through the firewall. If a Linux system is cracked with mal-intent, and not just to see if the cracker could, then there will most likely be a root kit on the system. A very common trojan port is 31337; it should probably be blocked on all systems, with email notification if anyone tried to connect to it. IP Session Hi-Jacking IP Session Hi-Jacking, also known as a man in the middle attack, is a sophisticated attack which can now be done using tools circulating in the script kiddie community. With an IP Session Hi-Jacking, an user connects to a system using a service like telnet, then a cracker intercepts the packets and tricks the system into thinking that the cracker's machine is actually the user's machine. The user will think her connect got dropped, when in actuality, it is still going, but it has been taken over by the cracker. With this form of attack, there is no way to block it, but there are checks that can be done to prevent it. Telnet is the type of service that crackers want to hi-jack; it has shell access, is unencrypted, and doesn't perform many checks to make sure the person really is who they say they are. SSH, on the other hand, would be very hard to hi-jack; it has strong encryption, multiple checks of an identity, and can have its shell access limited. Most services can't really be hi-jacked, butthe ones that can, like telnet, usually have a secure replacement, like SSH, that can be used instead. IP Spoofing IP Spoofing attacks involves the attacker falsifying the sender IP address so that other computers think the packet came from a different system. This type of attack can be useful in two different ways. First, if an service uses only IP-based authentication, then with IP spoofing, an attacker could use a service that isn't designated for him to use. The second way this type of attack could be used is similar to the first, but is different because it is used in conjunction with another form of attack. For example, a script kiddie knows there is a FTP server running that has a DoS vulnerability in it, but only the company's president's home computer's IP is allowed past the firewall to access the FTP server. With IP spoofing, the script kiddie could trick the firewall into thinking the packets are from the president's home computer and activate the DoS vulnerability. Conclusion While fixing these problems can be time consuming, great programs like Bastille Linux are around to make it much easier. This overview of Bastille Linux and also a walkthrough to installing it. But even with Bastille Linux and programs like it, security will always be a process not a program, and it will always take time to properly secure a system. Resources CERT IP Spoofing Attacks and Hijacked Terminal Connections -- This document summarizes both the IP spoofing technique that can lead to root access on a system and the tool that intruders are using to take over open terminal and login connections after they get root access. CERT smurf IP Denial of Service Attacks -- This document provides some background on ICMP and describes the two main components to the smurf denial-of-service attack, the use of forged ICMP echo request packets and the direction of packets to IP broadcast addresses. CERT TCP SYN Flooding and IP Spoofing Attacks -- This document provides a brief outline of the problem and apartial solution. daemon9, Project Neptune -- A comprehensive analysis of TCP SYN flooding. daemon9, IP-spoofing Demystified -- explain IP-spoofing to the masses. It assumes little more than a working knowledge of Unix and TCP/IP. Oh, and that yur not a moron... Ten Security Measures Against DDoS Bennet Todd's Distributed Denial of Service Attacks document. . Enhance security and minimize intrusion risks by adopting a multi-faceted approach that targets common vulnerabilities with effective strategies.. Intrusion Prevention Strategies, Cyber Threat Mitigation, System Security Tips. . Anthony Pell
Sep 20, 2000
•
How to Learn Tips and Tricks
166
buffer overflowsecurity practicessecure codingSecure Coding Techniques and Best Practices for Linux Systems
The best way to be protected from buffer overflows is to not have them in the code that is run. While active code auditing is the best way to ensure a program's security, following proper coding techniques will help prevent common security flaws in the code. Coding in C - A Summary of Popular Mistakes This paper is about the most common security related bugs and vulnerabilities, and how to spot and prevent them. Secure Programming for Linux and Unix-HOWTO This paper provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. Specific guidelines for C, C++, Java, Perl, Python, TCL, and Ada95 are included. Security Code Review Guidelines Before programs may be placed in the firewall system, the source code is reviewed for deficiencies in the areas of security, reliability and operations. This document is dual purposed; first it is a guideline and checklist for security groups performing the code review; second, it is an attempt to provide development teams with information about what we look for in a review. Secure Unix Programming This FAQ answers questions about secure programming in the UNIX environment. It is a guide for programmers and not administrators. The Unix Secure Programming FAQ Peter Galvin has put together a quick guide of must-do secure programming techniques along with advice on methods to avoid. He also includes a number of valuable online resources. How to find security holes This document discusses the different types of security holes and how to find them. It also offers ideas on common problems with using insecure programs and what to look for when auditing code. Finally, this document provides other resources on the Internet about similar subjects. On the Internet, there is a wealth of information about secure programming and auditing code to findsecurity vulnerabilities. With all this information, sloppy coding shouldn't happen and more code auditing should happen. . Adopting robust coding standards is crucial to avert vulnerabilities and bolster software integrity via thorough inspections.. Secure Programming, Code Auditing, Application Security, Programming Guidelines. . Anthony Pell
Aug 16, 2000
•
How to Learn Tips and Tricks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More