Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Ahead With Linux Security HOWTOs

7.Locks HexConnections Esm H350
How to Secure My NetworkPrice Tag 1access control Linux administration

Most SSH hardening advice ends at the same recommendation: Disable password authentication and use SSH keys. . That's good advice. It removes entire classes of attacks, including password spraying, credential stuffing, and brute-force attempts against exposed servers. The problem is what happens next. Many administrators treat SSH keys as the finish line when they are really the beginning of the hardening process. Attackers rarely care whether they obtained access with a password or a private...
1 min read How to Secure My Network
Detect Unauthorised Ssh Keys Hero Esm H350
How to Secure My NetworkPrice Tag 1security advisory remote access

Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
4 - 7 min read How to Secure My Network
IDS VS IPS Esm H350
How to Secure My NetworkPrice Tag 1intrusion detection application security

The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
4 - 8 min read How to Secure My Network
8.Locks HexConnections CodeGlobe Esm H350
How to Secure My NetworkPrice Tag 1unauthorized access security techniques

Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
5 - 9 min read How to Secure My Network
7.Locks HexConnections Esm H350
How to Secure My NetworkPrice Tag 1security advisory incident response

The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
6 - 11 min read How to Secure My Network
Filter Icon Refine HOWTOs
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security HOWTOs

We found 1 articles for you...
163
20.Lock AbstractDigital Circular Esm H240
Price Tag 1web applicationpentesting toolsenumeration

Best Directory Bursting Tools For Linux Web Application Testing

Looking for free-to-use tools to enumerate hidden directories and files on a web server? Here are the best Linux tools for directory bursting. . In the reconnaissance stage of every web application pentest, it is essential to find possible directories on the application. These directories might hold significant information and findings that would help you greatly to find vulnerabilities in the application and improve its security. Luckily, there are tools on the internet that make directory brute-forcing easier, automated, and faster. Here are five directory-bursting tools on Linux to enumerate hidden directories on a web application. Directory bursting , also known as "directory brute forcing", is a technique used in ethical hacking to discover hidden directories and files on a web server or application. It involves systematically attempting to access different directories by guessing their names or enumerating through a list of common directories and file names. The process of directory bursting typically involves using automated tools or scripts that send HTTP requests to a web server, trying different directories and file names to find resources that are not explicitly linked or advertised on the website's navigation or sitemap. . Powerful directory enumeration tools for web application penetration testing reveal concealed directories and enhance security protocols.. directory bursting tools, web application security, pentesting techniques. . Brittany Day

Calendar 2 Aug 19, 2023 User Avatar Brittany Day How to Secure My Webserver
166
General Esm H240
Price Tag 1web applicationsql injectionsecurity impact

Understanding SQL Injection Attacks On Web Applications

SQL injection attacks are executed via front-end Web applications that don. The link for this article located at Hungry Hackers is no longer available. . The link for this article located at Hungry Hackers is no longer available.. injection, attacks, executed, front-end, applications, article. . Alex

Calendar 2 Jan 06, 2010 User Avatar Alex How to Learn Tips and Tricks
Banner 2 1028x280 1708121730 1 1771599631
163
General Esm H240
Price Tag 1data protectionweb applicationsecurity tools

Enhance Web App Security With PHP Input Validation Strategies

This whitepaper lists the more useful PHP validation tools and explains how you can use them to increase the overall security of your Web applications.. . Delve into PHP security validation mechanisms in this comprehensive guide to bolster the protection of your web platforms and mitigate vulnerabilities.. PHP Security Techniques, Input Validation, Web App Safeguards. . Anthony Pell

Calendar 2 Jun 19, 2006 User Avatar Anthony Pell How to Secure My Webserver
160
General Esm H240
Price Tag 1web applicationLinux securitysecurity tool

Linsec TWiki: Effective Collaboration Tool for Linux Security Projects

linsec TWiki is a web-based collaboration tool for a personal project detailing security on Linux in particular, but any *NIX-ish operating system (ie. OpenBSD, Mac OS X, etc.).. . Explore the linsec TWiki, an innovative online platform designed for individual initiatives centered around Linux security and teamwork.. linsec TWiki, Linux security, collaboration tool, project management. . Anthony Pell

Calendar 2 Jan 07, 2005 User Avatar Anthony Pell How to Harden My Filesystem
Banner 2 1028x280 1708121730 1 1771599631
160
General Esm H240
Price Tag 1web applicationalert managementIDS

Discover BASE: An Essential Resource for Analyzing SNORT IDS Alerts

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.. . BASE is the Basic Analysis and Security Engine for querying SNORT IDS alerts. Analyze and manage your alerts efficiently.. analysis, basic, security, engine, based, console. . Anthony Pell

Calendar 2 Jan 07, 2005 User Avatar Anthony Pell How to Harden My Filesystem
160
General Esm H240
Price Tag 1web applicationsecurity measuressession management

Understanding Session Fixation Risks in Web Applications

Web servers are employing techniques for protecting session IDs from three classes of attacks: interception, prediction, and brute force attacks. This paper reveals a fourth class of session attacks against session IDs: session fixation attacks. The article located at Session Fixation Vulnerability in Web-based Applications is no longer available. . . Session fixation attacks leverage session management flaws for unauthorized access. Websites mitigate this with secure tokens, HTTP-only flags, strict timeouts, and more. Session Fixation, Web Security, Session Management. . Anthony Pell

Calendar 2 Nov 23, 2004 User Avatar Anthony Pell How to Harden My Filesystem
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here