We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Security and vulnerability patching has become one of the top concerns for IT managers, but has also left many IT teams fighting a losing battle as the job of patching competes with day-to-day system maintenance and security tasks.
In this series of articles, learn how to plan, design, install, configure, and maintain systems running Linux in a secure way. In addition to a theoretical overview of security concepts, installation issues, and potential threats and their exploits, you'll also get practical advice on how to secure and harden a Linux-based system.
We've just finished adding a major new mission to Bastille Linux -- it now does hardening assessment! The US Government's TSWG helped us add this functionality. You can read about it in an interview I did with Jay Lyman, of Newsforge.
One reason software security vulnerabilities are so tough to fix is because they are so hard to find. Unlike other bugs that become apparent when an application acts up, security holes tend to hide from normal view. And that's just how the hacker underground likes it.
A new study addressing security issues finds that software-development managers generally rate Linux as a more secure operating system than Windows. The study, which will be released by the end of the month, was conducted by BZ Research, the research subsidiary of publisher BZ Media LLC. It was not funded by any vendors.
Microsoft's efforts to improve the security of Windows have paid off, leading to significant improvements in patch management and other areas, according to executives from North American companies surveyed by Yankee Group. The Linux-Windows 2005 TCO Comparison Survey, to be published in full in June, is based on responses from 509 companies of all sizes in markets such as healthcare, academia, financial services, legal, media, retail and government, Yankee Group said this week.
Enterprise Linux users should update their installations of XFree86 to remedy several security holes, some of which could allow attackers to take over a system. According to an advisory released by Red Hat affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3.
There are great open source products for nearly every purpose. But I have yet to find many in the security field. Most seem hand-written, based on books like the O’Reilly Secure Progrmaming Cookbook. Maybe I’m not looking hard enough. If I’m not, please point to your favorite open source security in TalkBack.
Australian company Cybersource says it's currently talking to two banks in Australia about providing Linux-based bootable CDs to consumers to ensure Internet banking security. The company yesterday released information about its Online Banking Coastguard solution. Coastguard is based upon Knoppix, a Linux distribution which boots entirely from CD and is known for its automatic hardware detection features. Cybersource has included Mozilla Firefox as the sole browser for Internet banking.
The Linux Intrusion Detection System (LIDS) is a kernel patch for both 2.4 and 2.6 kernels that adds Mandatory Access Control (MAC) and other security enhancements to the Linux kernel. The main feature of LIDS is its ability to limit the power of the root account. LIDS uses Access Control Lists (ACLs) to control access to files, processes, and network resources. Once these permissions are set, they cannot be overridden, even if a user or process has root privileges. You may be wondering why anyone would choose LIDS over its more popular counterpart, SELinux. Both have their advantages. Both add MAC and the ability to limit the damage that can be done by the root account. There are two reasons why you may want to consider LIDS instead of SELinux.
If you're an IT manager, introducing Linux into your enterprise is a tough decision. Choosing to take the plunge at all is one thing, but facing the myriad choices is another. At last count, the database at DistroWatch.com racked some 345 actively maintained Linux and BSD distributions. Although most enterprises are likely to consider only a fraction of that catalog, the number of decision points it represents is potentially much larger.
Hundreds of thousands of Web sites running Windows NT 4 remain -- and will remain -- at risk from attack via a vulnerability patched for other operating systems a month ago, a U.S.-based security firm and a British-based Web monitoring vendor said Thursday. The bug in a key Windows protocol, Server Message Block (SMB), was patched for Windows XP, Windows Server 2003, and Windows 2000 in February, but because NT 4 had reached the end of its support lifecycle December 31, 2004, no public fix was issued by Microsoft. Microsoft does provide security patches for NT 4.0 customers who pay for custom support, a service available through the end of 2006.
When being your own web host you should be technically inclined and have basic knowledge of operating systems, understand technical terms, understand how to setup a server environment (such as: DNS, IIS, Apache, etc.) have basic knowledge of scripting languages and databases (PHP, Perl, MySQL, etc.), be familiar with current technologies, and have a basic understanding of hardware and server components.
The National Security Agency built a version of Linux with more security tools that its technologists believe could help make the country's computing infrastructure less vulnerable. They won over the Linux developer community with the changes. But its success depends on the adoption by U.S. companies and government agencies, something that remains very much in doubt.
This document describes a method for generating automatic rotating "snapshot"-style backups on a Unix-based system, with specific examples drawn from the author's GNU/Linux experience. Snapshot backups are a feature of some high-end industrial file servers; they create the illusion of multiple, full backups per day without the space or processing overhead. All of the snapshots are read-only, and are accessible directly by users as special system directories.
ccording to Gilligan, a new vulnerability is discovered nearly every day in the commercial software products the Air Force uses – not just Microsoft, but also Linux, Oracle and Cisco Systems. "What we are now reaping is the unfortunate consequence of an era of software development in the 90s, when the rush to get the product to market overrode the importance of correctness in the quality of the software."
Oracle has tightened up the security of a number of its products to allow customers to use them in critical national infrastructures, including in conjunction with open source technology from Linux. Oracle has met the Common Criteria Evaluations at the EAL4 level – the highest industry security level for commercial software – for its Oracle Internet Directory, a middleware component of Oracle Identity Management; Oracle9i Database release 2; and the Oracle9i Label Security release 2.
Staying on my current security theme, O'Reilly has published a second edition of Linux Server Security by Michael D. Bauer. The book, targeted toward those managing Internet-connected systems, also known as bastion hosts, packs a powerful arsenal of security design, theory and practical configuration schemes into 500 pages.
Defense Department officials selected two companies to provide digital certificate validation for the department's public-key infrastructure (PKI), a decision that some officials feel could spur a faster move to paperless e-government. After a yearlong, worldwide pilot test, military officials chose Tumbleweed Communications and CoreStreet as the two certificate validation providers for its Identity Protection and Management Program, which includes the Common Access Card smart card program.
There are rare occasions in IT when a particular architecture reaches a point where it stops being purely IT driven and takes on a life of its own.The last year has seen the open source movement reach such a cult status and at the vanguard of open source fashion can be found the Linux operating system. Whilst the platform appeals at several levels for potential users, some of a philosophical nature and others far more concrete, it is noticeable that a couple of its qualities have recently been called into question.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
