Stay Ahead With Linux Security HOWTOs
How to Secure My Network
access control Linux administration
access control Linux administration Most SSH hardening advice ends at the same recommendation: Disable password authentication and use SSH keys. . That's good advice. It removes entire classes of attacks, including password spraying, credential stuffing, and brute-force attempts against exposed servers. The problem is what happens next. Many administrators treat SSH keys as the finish line when they are really the beginning of the hardening process. Attackers rarely care whether they obtained access with a password or a private...
Jun 05, 2026
How to Secure My Networksecurity advisory remote access
security advisory remote access Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
Jun 03, 2026
How to Secure My Networkintrusion detection application security
intrusion detection application security The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
Jun 01, 2026
How to Secure My Networkunauthorized access security techniques
unauthorized access security techniques Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
May 28, 2026
How to Secure My Networksecurity advisory incident response
security advisory incident response The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
May 28, 2026
Refine HOWTOs
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security HOWTOs
We found -1 articles for you...
167
network securityport scanninglinux commandsBoost Linux Network Security Through Comprehensive Open Ports Auditing
Know your network inside out by regularly checking for open ports with these Linux commands. . Open network ports are the easiest entry points to your network. Sometimes, there might be unwanted services running on ports that are externally visible from the internet. In case these services are vulnerable, your network would be at constant threat of an attack as every day the entire internet is being mass scanned for vulnerable services on open ports. Learn how you can scan and view open ports on your Linux systems, so you can defend your network from threats. Network ports are logical access points of your system that can be used as a channel to host multiple services. A port is represented by a 16-bit integer so, the highest port number is 65535. You can think of ports like windows and doors of a house—basically all the different entry points to a house or, a computer. Ports are of three types: system ports (1-1023), registered ports (1024-49151), and ephemeral, or dynamic ports (49152-65535). . Unmonitored network ports can serve as vulnerable access points for cyber threats. Consider these strategies to bolster your Linux network defense.. Open Ports, Linux Network, Port Scanning, Network Security, Linux Commands. . Brittany Day
Jul 16, 2023
•
How to Secure My Network
167
network securitynetwork auditingport scanningUtilizing Nmap to Scan Ports for Enhanced Network Security Insights
Here's how to use the Nmap network auditing tool to scan all ports, including open ports and specific ones, to identify any weakpoints in your system. . Nmap is a robust tool for scanning computer networks, helping you to spot any weakpoints in a system. Its compelling feature set makes it the de-facto tool for monitoring open ports on your network. Some of its other features include host discovery, service detection, and OS fingerprinting. So how can you use Nmap port scan techniques to find all open ports? . Nmap is essential for identifying vulnerabilities in your network. Learn to effectively perform scans for open ports, services, and potential weaknesses to secure your infrastructure. Nmap Tool, Network Scanning, Port Discovery, Security Auditing. . Brittany Day
Jan 21, 2022
•
How to Secure My Network
160
security toolopen source toolnetwork analysisExplore Knocker: The User-Friendly TCP Port Scanner for Analysis
Knocker is a simple and easy to use TCP security port scanner written in C to analyze hosts and all of the different services started on them.. . Knocker is a simple and easy to use TCP security port scanner written in C to analyze hosts and all . knocker, simple, security, scanner, written, analyze, hosts. . Anthony Pell
Jan 07, 2005
•
How to Harden My Filesystem
166
network securityport scanningsystem configurationUsing PortSentry For Real-Time Attack Detection Against Scans
The first step to an attack is to see what services a server is running, which is done with a port scan of the server.. A cracker will usually first look to see what services a target is running and go from there to attempt to break into the target server. Doing a port scan, crackers go through all the common ports on a system looking for possibly flaws in the configuration or for a service with a known vulnerability. PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It can run on multiple TCP and UDP sockets at once, detect stealth scans, report scan attempts to a local or remote logging facility, and take defensive actions against the attacker. Installation First, download PortSentry from here. Then, run: tar xvzf portsentry-1.0.tar.gz cd portsentry-1.0 make linux make install If you have any problems with this, read the portsentry-1.0/README.install file. Configuration The PortSentry configuration file is located at /usr/local/psionic/portsentry/portsentry.conf. If needed, change the configuration where necessary to suit the needs of the system. Blocking scans is recommended, but if ipchains is used, the -l options should be used with care because it can be used in a denial of service attack by filling up your /var partition. Once finished editing the configuration file, add any addresses that shouldn't be reported for scanning to the /usr/local/psionic/portsentry/portsentry.ignore file. At the very least, all local interfaces should be listed in the file along with 0.0.0.0. Here is an example portsentry.ignore file. 127.0.0.1 0.0.0.0 192.168.1.6 Using PortSentry The different options for running PortSentry are: portsentry -udp portsentry -tcp portsentry -audp portsentry -sudp portsentry -atcp portsentry -stcp With either the -udp or the -tcp options, normal scan detection is done. With -sudp and -stcp, normal stealth scan detection is done. With -audp or-atcp, advanced stealth scan detection is done. It is recommended that two instances of PortSentry are running. /usr/local/psionic/portsentry/portsentry -sudp and /usr/local/psionic/portsentry/portsentry -atcp Adding the above two commands to /etc/rc.d/rc.local will have PortSentry automatically started at boot up. More Information Check out this article. Also, here is an article about setting up PortSentry to log to a separate file. At DEFCON 7, the author of PortSentry made a presentation with the slides that are shown here. . Learn to harness the power of PortSentry for instantaneous threat identification and defense against port scanning attempts.. PortSentry Usage, Attack Detection Tool, Network Scanning Protection. . Anthony Pell
Aug 22, 2000
•
How to Learn Tips and Tricks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More