Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Server Security - Page 22

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it c...

Linux runs the internet. More than 96% of the world’s t...

Linux security has traditionally depended on logs, metr...

Discover Server Security News

LS Hmepg 337x500 34 Esm H267

Sendmail Security Flaws: A Historical Overview and Context

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As far as software goes, Sendmail is ancient, dating all the way back to 1981. Sendmail 8 itself is well over 10 years-old. To put it nicely, its security track record is less than stellar. However, the last big show stoppers in Sendmail were found about three years ago – Zalewski's prescan() bugs reported in September and March of 2003, and crackaddr(), also in March of 2003. The crackaddr() bug was also discovered by Mark Dowd.

LS Hmepg 337x500 34 Esm H267

SecureWorks Study Finds Credit Unions Face Higher Attack Rates Than Banks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In a recent study spanning from February 2005 to March 2006, SecureWorks saw 67% more Internet attacks attempted against its credit union clients than its banking clients. SecureWorks' credit union clients range from large ($500 million to billions in assets) to smaller organizations (under $500 million in assets). On average, SecureWorks blocks 767 attacks per day per credit union client. SecureWorks CTO Jon Ramsey theorizes that their credit union clients are experiencing more Internet attacks than their banking clients because hackers assume that credit unions' networks are less protected than banks.

LS Hmepg 337x500 34 Esm H267

Wells Fargo: Customer Notification On Data Breach Due To Theft

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For the fourth time in the past 30 months, Wells Fargo & Co. has begun notifying customers about the potential compromise of confidential information following the theft of a company computer containing data on mortgage customers and prospective clients. The San Francisco-based bank on Friday posted a statement on its Web site saying that a computer belonging to its mortgage group had been reported as missing while being transported between Wells Fargo facilities by a global express shipping company.

LS Hmepg 337x500 34 Esm H267

Common Web Application Attacks: PHP Exploits Overview and Case Study

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This article looks at five common Web application attacks, primarily for PHP applications, and then presents a case study of a vulnerable Website that was found through Google and easily exploited. Each of the attacks we'll cover are part of a wide field of study, and readers are advised to follow the references listed in each section for further reading. It is important for Web developers and administrators to have a thorough knowledge of these attacks. It should also be noted that that Web applications can be subjected to many more attacks than just those listed here.

LS Hmepg 337x500 34 Esm H267

Apache Leads SSL Server Market With 44% Share Over Microsoft

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft. As the original developers of the SSL protocol, Netscape started out with a lead in the SSL server market. But they were soon overtaken by Microsoft's Internet Information Server, which within a few years held a steady 40-50% of the SSL server market.

LS Hmepg 337x500 34 Esm H267

Security Risks In Online Banking: Authentication Issues Identified

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Online bank customers may want to pay a little more attention to their browsers the next time they log in. Johannes Ullrich, chief research officer of the prestigious SANS institute said that many of the most popular banking sites may be needlessly placing their customers at risk. At issue are the user login areas that can be found on banking sites such as Chase.com and Americanexpress.com, which ask users to submit their user ID and password information. Although these forms may be encrypted, they do not use authentication technology to prove they are genuine, according to Ullrich.

LS Hmepg 337x500 34 Esm H267

Understanding Oracle Database Security and Effective Data Management

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It is important to understand the concepts of a database before one can grasp database security. A generic database definition is "a usually large collection of data organized especially for rapid search and retrieval (as by a computer)" (Database). This is not much different than Oracle's database definition, "An Oracle database is a collection of data treated as a unit. The purpose of a database is to store and retrieve related information." (Oracle Corporation) Databases can range from simplistic to complex. An example of a simple database is an address book. An address book provides great functionality but limits itself to specific information. For example, what if you need to include information about the model car the contact drives, or what their favorite food is? Chances are you would need another database. In a business environment it does not make sense to maintain multiple hard copy databases. Businesses must maintain large amounts of data. Examples of data are inventory, finances, payroll, employee information, and sales history.

LS Hmepg 337x500 34 Esm H267

Virus Attack Dynamics on Linux and Unix Servers: Security Insights

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Attack and shut down Linux or Unix related servers most likely shut down a virus means of getting to another machine. Windows servers that makes up under 30 percent of the servers in The Internet. If all Windows Servers are shut down in The Internet. The Internet will still be operating. No point writing a virus if it stops itself from spreading. Common sense. So common sense would say do not attack Linux.

LS Hmepg 337x500 34 Esm H267

Critical Security Measures for Government Data with Secure Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As the Linux operating system makes ever-deeper inroads into government data centers, agencies need to feel comfortable that the open-source computing infrastructures they're rolling out are indeed secure. In general, firewalls protect enterprise networks from intruders. But enterprises also require other types of protection in case a hacker gets past the firewall. Traditional Unix vendors have always provided added security at the operating-system level, including so-called "trusted" versions designed to provide data centers and security operations with machine-level security. These trusted versions defend against unauthorized access to data and applications.

LS Hmepg 337x500 34 Esm H267

Setting Up Dovecot For Secure IMAP And POP3 Server Access

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Internet Message Access Protocol (IMAP) servers such as Courier-IMAP and Cyrus IMAP may work well, but they’re complicated to install and configure. I'll show you how to set up your mail server quickly and securely using Dovecot, an open source IMAP and Post Office Protocol version 3 (POP3) server for Unix-like operating systems.

LS Hmepg 337x500 34 Esm H267

Securing Public Web Sites: Challenges And Risk Mitigation Methods

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Web servers are frequently attacked more than any other host on an organization’s network. In this paper, I will review the current challenges businesses face when hosting a public web site. I will address the various risks that are associated with web servers as well as the most effective methods of mitigating those risks through the design, implementation, and administration of public web sites.

LS Hmepg 337x500 34 Esm H267

Securing Your MySQL Installation: Best Practices for Protecting Data

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A MySQL installation should be made as secure as possible to protect databases and other information maintained by the MySQL server from unauthorized access. This article describes potential problem areas about which you should be concerned as a MySQL administrator, and provides guidelines for dealing with them. The issues covered here fall into the following broad categories, which include both local and remote exploits.

LS Hmepg 337x500 34 Esm H267

Effortless Backup Solutions for Slackware Using Bash and Netcat Tools

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I recently ran into the problem of not having enough hard drive space on my slackware linux laptop, but was lucky enough to have a much bigger drive sitting around from before and wanted a way to perform a hassle free seamless upgrade. i had this idea and it worked pretty well so i thought i would share it since i think it's pretty cool and only requires the use of two tools that should be included with all distributions. sometimes you won't find netcat (known as nc, or ncat as it is sometimes named) and if bash incorporated my server redirections patch that i posted before you wouldn't need it at all, but for now it's required to listen for the incoming connections over the net.

LS Hmepg 337x500 34 Esm H267

Evaluating Cyber Threats Impacting Your Disaster Recovery Strategies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sorry, I have to do this. I have to rant. Here's what I have to get off my chest. News item: "DHS Scores F on Cybersecurity Report Card." Last week, a congressional oversight committee gave the U.S. Department of Homeland Security a failing grade on its annual cybersecurity report card. Congress says that when it comes to protecting the country's data infrastructure -- an entity that in itself has become critical to the continued functioning of the U.S. economy -- the DHS is a D-U-N-C-E. Appalling.

LS Hmepg 337x500 34 Esm H267

Data Center Risk Management: 75% Lack Preparedness Against Disruptions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Business technology managers are facing tough challenges as data centers grow larger and more complex. More than 75% of all companies have experienced a business disruption in the past five years, including 20% who say the disruption had a serious impact on the business, according to a recent survey of data center managers. Despite the critical nature of data center operations to business, nearly 17% reported they have no risk management plan, and less than 5% have plans that address viruses and security breaches.

Your message here