Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Server Security - Page 24

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it c...

Linux runs the internet. More than 96% of the world’s t...

Linux security has traditionally depended on logs, metr...

Discover Server Security News

LS Hmepg 337x500 34 Esm H267

Oracle Unveils 103 Moderate Fixes for Critical Database Security Flaws

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Analyst group Gartner has warned administrators to be "more aggressive" when protecting their Oracle applications because they are not getting enough help from the database giant. Gartner published an advisory on its Web site just days after Oracle's latest quarterly patch cycle, which included a total of 103 fixes with 37 related to flaws in the company's database products. Some of the flaws carry Oracle's most serious rating, which means they're easy to exploit and an attack can have a wide impact.

LS Hmepg 337x500 34 Esm H267

Protecting Linux and Solaris Servers From HTTP Threats With DotDefender

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Applicure announced today the release of dotDefender 2.0 for Solaris and Linux Web servers. dotDefender secures websites against a broad range of HTTP-based attacks, including Session attacks (e.g. Denial of Service, Session Hijacking), Web application attacks (e.g. SQL injection, Cross-site scripting, and known attack signatures), as well as requests originating from known attack sources (e.g. spammer bots and compromised servers).

LS Hmepg 337x500 34 Esm H267

Oracle Database MySQL: Critical Patch for 80+ Security Flaws

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Wednesday became a busy day for database administrators after Oracle released its quarterly patch update which, this time around, tackles more than 80 vulnerabilities in different Oracle software packages and components. Various flavours of Oracle database (37 security bugs), Oracle E-Business Suite and Applications (27), Oracle Collaboration Suite (20) and Oracle Application Server (17) are most in need of update.

LS Hmepg 337x500 34 Esm H267

Mastering Essential Linux Commands And Terminal Shortcuts

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is a practical selection of the commands we use most often. Press to see the listing of all available command (on your PATH). On my small home system, it says there are 2595 executables on my PATH. Many of these "commands" can be accessed from your favourite GUI front-end (probably KDE or Gnome) by clicking on the right menu or button. They can all be run from the command line. Programs that require GUI have to be run from a terminal opened under a GUI.

LS Hmepg 337x500 34 Esm H267

Understanding Common Errors In Vulnerability Management Solutions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Vulnerability management is viewed by some as an esoteric security management activity. Others see it as a simple process that needs to be done with Microsoft Corp.'s monthly patch update. Yet another group considers it a marketing buzzword made up by vendors. This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.

LS Hmepg 337x500 34 Esm H267

Security Flaws Overview: 2005 Trends And Data Analysis Challenges

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

After three years of modest or no gains, the number of publicly reported vulnerabilities jumped in 2005, boosted by easy-to-find bugs in web applications. Yet, questions remain about the value of analyzing current databases, whose data rarely correlates easily. A survey of four major vulnerability databases found that the number of flaws counted by each in the past five years differed significantly. However, three of the four databases exhibited a relative plateau in the number of flaws publicly disclosed in 2002 through 2004. And, every database saw a significant increase in their count of the flaws disclosed in 2005.

LS Hmepg 337x500 34 Esm H267

Exploring User And System Control In Linux Permissions Management

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I work for a government contractor, and have recently convinced them to purchase a Beowulf cluster, and start moving their numeric modelers from Sun to Linux. Like most historically UNIX shops, they don't allow users even low-level SUDO access, to do silly things like change file permissions or ownerships, in a tracked environment. I am an ex-*NIX admin myself ,so I understand their perspective and wish to keep control over the environment, but as a user, I'm frustrated by having to frequently call the help-desk just to get a file ownership changed or a specific package installed.

LS Hmepg 337x500 34 Esm H267

Research Shows 90% Spoofing Success Rate for Fingerprint Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sweaty hands might make you unpopular as a dance partner but they could someday prevent hackers from getting into your bank account. Researchers at Clarkson University have found that fingerprint readers can be spoofed by fingerprint images lifted with Play-Doh or gelatine or a model of a finger moulded out of dental plaster. The group even assembled a collection of fingers cut from the hands of cadavers.

LS Hmepg 337x500 34 Esm H267

Innovative Data Protection Practices Transform Linux Backup Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is an exciting time for people involved in data protection, and not in the bad way that things can be exciting. Many more options, techniques, and practices have become available to IT professionals. The new technology solves a great many problems. Three major technologies or practices are rapidly changing our ability to protect mission-critical information. First, backup is changing - dramatically. The introduction of disk-to-disk backup systems is shrinking backup windows to nearly zero and bringing restore times in line with modern service levels. With disk-to-disk systems, the traditional tape backup devices are replaced with a hard drive-based system. Using a technique called virtual tape, the disk system emulates the tape system for purposes of software compatibility. Since the disk drives are much faster than tape devices, backup and restore operations are much faster.

LS Hmepg 337x500 34 Esm H267

Modern Operating Systems Benefit from SELinux Enhancements and Features

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security Enhanced Linux has move into the mainstream of operating system architecture in recent years. For those who don't understand the technology, many articles exist. SELinux provides mandatory access control to a wider audience. It helps eliminate O-day attacks. The agenda for the 2006 SELinux Symposium has just been announced and some project leaders of Linux distributions may way want to attended.

LS Hmepg 337x500 34 Esm H267

Key Security Practices for Configuring Your Linux System

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Linux, like Microsoft Windows, is simply a computer operating system but Linux in itself is not a magic wand that can be waved and make all sorts of computing problems disappear. While Windows has its own set of problems, so too does Linux. There is no such thing as a perfect or completely secure computer operating system. Whether the machine will be a desktop computer or a server; purpose is a key to understanding how to initially install and configure your Linux PC.

LS Hmepg 337x500 34 Esm H267

Deakin University Email Security Upgrade With IronPort Appliances

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Struggling to cope with increasing volumes of spam, Deakin University was forced to redeploy its Linux e-mail servers and implement an alternative system for e-mail security. Craig Warren, Deakin's operational service provision manager, said the Linux servers running antivirus and spam filtering software were effective for about three years, but "the spammers were steadily beating us".

LS Hmepg 337x500 34 Esm H267

Gartner Survey Reveals Data Backup Trends After Hurricanes

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The number of companies making copies of data to protect it has dramatically risen in the wake of hurricanes Katrina and Wilma this year, but most of those companies are keeping that duplicate data locally where it's still vulnerable to disasters, according to a survey released yesterday by Gartner Inc. The September survey of 104 North American IT managers showed that 45% of respondents back up or replicate data to another disk, up from just 6% who did so in 2004. But 70% of the respondents who make backups do so to a local device.

LS Hmepg 337x500 34 Esm H267

Simplifying System Backups With Simple Backup Suite for Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most computer users don't make use of a system backup tool until after they suffer the misfortunes of a hard drive crash without one. But even then, many find backup software too complicated to configure, and there seems to be little in between creating CD or DVD archives by hand and overpowered network backup systems designed for the enterprise. The Simple Backup Suite (sbackup) is a tool for configuring regular backups of system data and simplifying full and partial recoveries.

LS Hmepg 337x500 34 Esm H267

Explore Amanda: The Top Backup Tool for System Administrators

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Amanda is the world's most popular open source Backup and Archiving software. Amanda allows system administrators to set up a single backup server to back up multiple hosts to a tape- or disk-based storage system. Amanda uses native dump and/or GNU tar facilities and can back up a large number of workstations running various versions of Linux, Unix, OS X or Microsoft Windows operating systems.

LS Hmepg 337x500 34 Esm H267

Enhancing Web Server Security with OWASP and WASC Principles

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Web servers are among the most obvious targets for black hats. Whether used for basic e-commerce or more advanced Web services, they give attackers an always-on interface to an IT system and often a shortcut to the parts that handle financial transactions. Even better for the attacker, they increasingly run custom applications developed in-house. These are more likely than the basic Web server software to contain security vulnerabilities, as they haven't been subjected to the rigorous quality control procedures of the open-source community or a commercial vendor.

LS Hmepg 337x500 34 Esm H267

Network Security Myths: Linux and Windows Interconnected Risks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The bug that besets a Windows network today is very likely to infect a Linux or Unix network connected to it. Similarly, companies that fail to secure their Linux networks may find rogue code spreading and infecting interconnected Windows networks. Security is one of the foremost and fundamental components of the network infrastructure Latest News about network infrastructure and one that will negatively or positively impact the daily operations of any business. No software code or hardware device, be it proprietary oropen source Latest News about open source, is immune to hacks.

LS Hmepg 337x500 34 Esm H267

Enhance Safe Remote File Access by Utilizing SSHFS Technology

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It's a dangerous Internet out there, kids. If you are going to work on remotely connected machines, do it safely. Simple file transfers and interactive sessions have scp and ssh respectively; in fact there is hardly a commercial Web hosting provider left that doesn't support them. For more complicated scenarios we have VPN tools. But what if you need to work with files on a remote server, but find scp tedious in repetition and FreeS/WAN too cumbersome? You might find just what you're looking for in sshfs -- a tool for mounting a remote filesystem transparently and securely as if it were just another directory on your local machine.

LS Hmepg 337x500 34 Esm H267

Steps To Preserve Log Integrity For Compliance And Evidence

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In the past few years, companies have spent billions of dollars to update their IT infrastructures to meet requirements from various European and US government regulations. One of the more noticeable and most important recommendations of these regulations is record-keeping. For example, Sarbanes-Oxley recommends that all companies "maintain financial records for seven years." In order to ensure the accuracy of corporate financial and business information, this recommendation also pertains to records that are used to "audit unauthorised access, misuse and fraud." Other regulations such as HIPAA also recommend keeping records for up to six years.

Your message here