Server Security - Page 37 - Results from #720

Discover Server Security News

Security Assessment of BIND DNS Servers: Risks and Impacts

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

DNS servers across the Internet running BIND are not up to date with security patches and software updates. As a result, a significant fraction of the Internet's DNS servers is vulnerable to compromise, subversion, denial of service, and general misuse. Considering that DNS is the lynchpin of the corporate enterprise, the impact of these vulnerabilities is significant and a successful attack could bring down any online business.. . .

LinuxSecurity.com Team
Mar 06, 2003

Harnessing Google For Identifying Web Application Risks

Why bother pounding at a website in search of obscure holes when you can simply waltz in through the front door? Hackers have recently done just that, turning to Google to help simplify the task of honing in on their . . .

LinuxSecurity.com Team
Mar 05, 2003

Sendmail Urgent Notification: Remote Access Security Risk 03-2003

A new critical vulnerability has been discovered in Sendmail. The UNIX and Linux vendors have been working feverishly to get a patch ready and most are available now. Sendmail is too big a target for attackers to ignore, so it makes sense to act immediately to protect your systems. Also, nice outline of how the whole disclosure was performed between countries, distributions, state and country agencies, and the vendor.. . .

LinuxSecurity.com Team
Mar 03, 2003

Comparing Linux And Windows Security Vulnerabilities In Cyber Threats

Counting viruses is simplistic, but there is evidence that Windows is becoming more resistent, and Linux is becoming more of a target Turning the heat up another notch on a long-simmering debate, the Aberdeen Group has published a study comparing the security of Linux/Unix systems with that of the Microsoft Windows family of products.. . .

LinuxSecurity.com Team
Feb 26, 2003

PHP 4.3.0 Security Advisory: Severe CGI Remote Code Execution Threat

The PHP Group has learned of a serious security vulnerability in the CGI SAPI of PHP version 4.3.0.. . .

LinuxSecurity.com Team
Feb 17, 2003

FTP Server Incident: Unauthorized Access Reveals Sensitive Files

This week I was sidetracked from my projects yet again by the need to investigate two security incidents. Both involved deleted files on servers that apparently had been compromised. The first incident was more of a server configuration issue than a . . .

LinuxSecurity.com Team
Feb 13, 2003

Discovering Djbdns: A Safe, Reliable Choice for DNS Services

BIND has become the most popular DNS server on the Internet. It is also a favorite hacker target. For organisations that require a more secure DNS infrastructure, the djbdns package may be the answer. . .

LinuxSecurity.com Team
Feb 05, 2003

Game Server Advisory: Denial Of Service Risk Identified Amid Attacks

Ryan Bril submits Multiplayer game servers that let players attack each other in virtual worlds could be the latest tool for online scofflaws to digitally attack other computers on the Internet, a security firm said Thursday. . .

LinuxSecurity.com Team
Jan 20, 2003

Maximize Xinetd: Secure Service Control And Management Techniques

Xinetd is a secure, powerful and efficient replacement for the old Internet services daemons named inetd and tcp_wrappers. Xinetd can control denial-of-access attacks by providing access control mechanisms for all services based on the address of the remote client that wants to connect to the server as well as the ability to make services available based on time of access, extensive logging, and the ability to bind services to specific interfaces.. . .

LinuxSecurity.com Team
Dec 02, 2002

Enhancing TCP Server Management With Tcpserver for Better Security

If you're still running inetd, it's time to move on. Either xinetd or tcpserver offer superior security and control. We're going to look at tcpserver. Note that there is one limitation: it manages only tcp. If you're using UDP or rpc services, tcpserver alone will not do the job. In that case, xinetd is the way to go.. . .

LinuxSecurity.com Team
Nov 25, 2002

RAV AntiVirus for Samba: File Security Against Malware Threats

RAV AntiVirus for Samba (Linux) is, as the name describes it, an antivirus product 100% dedicated to Linux, protecting file servers from viruses and other malwares, regardless of the systems targeted. Due to integration of a cutting edge technology named "total platform independence", RAV engine detects all malwares, be it for Windows, Linux or other OS. . .

LinuxSecurity.com Team
Nov 21, 2002

Set Up Encrypted NFS on Linux Systems with OpenSSH for Security

NFS is a widely deployed, mature, and understood protocol that allows computers to share files over a network. The main problems with NFS are that it relies on the inherently insecure UDP protocol, transactions are not encrypted, hosts and users cannot . . .

LinuxSecurity.com Team
Nov 14, 2002

Important ISC BIND Advisory: Immediate Upgrade to Version 9.2.1 Required

ISC is aware of several bugs which can result in serious vulnerabilities in BIND as distributed by ISC. Upgrading to BIND version 9.2.1 is strongly recommended. However, patches for BIND 8.3.3, 8.2.6 and 4.9.10 are now publicly available from ISC and new BIND 4 & 8 releases will be published in the next day or two . . . .

LinuxSecurity.com Team
Nov 13, 2002

Unlock Effective Security Management with Nessus Scanner

No ace sysadmin should be without Nessus, it's the utility of choice for hardcore security scanning. Nessus is based on nmap, the excellent port scanner by Fyodor. Primarily authored by Renaud Deraison, it adds a nice graphical interface and loads of attack. . .

LinuxSecurity.com Team
Nov 12, 2002

Improving IT Security Through Robust Authentication Systems

Cut costs. Save money. Maintain the status quo. With that mantra in mind, many network managers figure they've got authentication covered. As long as there's a password policy in place, who needs to spend money on authentication tools. . .

LinuxSecurity.com Team
Oct 25, 2002

SANS Top 20: Persistent Threats Affecting UNIX/Linux Security

It's depressing for security professionals to see just how many of the vulnerabilities on the new SANS/FBI Top 20 List have CVE numbers in the 1999-xxxx range--meaning that they were identified and fixed years ago on some systems. Newer problems . . .

LinuxSecurity.com Team
Oct 24, 2002

Set Up Secure Webmail Service On Linux With IMAP And SSL

This article describes how you can set up your Linux computer to be a web-based e-mail system for yourself or a group of friends. It will work best, of course, if you are on a dedicated internet connection, like a cable modem or a DSL line at home. This will provide you with a secure method to check your e-mail from remote locations without having to add insecure connection methods that could be used by an attacker. . . .

LinuxSecurity.com Team
Oct 23, 2002

Enhancing Web Application Security Against Evolving Internet Threats

As the use and exploitation of the Internet matures, so does its need for security. Most seriously engineered Internet sites deploy firewalls and other similar techniques to restrict Internet access to limited ranges of network services. Although the hacking community continues . . .

LinuxSecurity.com Team
Oct 23, 2002

Exploring Misconfigured Proxy Servers and Their Traffic Implications

Joe Stewart writes, "This paper discusses the abuse of misconfigured HTTP proxy servers, taking a detailed look at the types of traffic that flow through this underground network. Also discussed is the use of a "honeyproxy", a server designed to look like a misconfigured HTTP proxy. Using such a tool we can spy on the Internet underground without the need for a full-blown honeypot.. . .

LinuxSecurity.com Team
Oct 22, 2002

LinSec 2002 Release: Enhancing Linux With Mandatory Access Control

LinSec team is proud to announce the first stable release of LinSec. LinSec, as the name says, is Linux Security Protection System. The main aim of LinSec is to introduce Mandatory Access Control (MAC) mechanism into Linux (as opposed to existing Discretionary Access Control mechanism).. . .

LinuxSecurity.com Team
Oct 16, 2002

Community Poll

More Polls

Server Security - Page 37

Misuse of Cron Jobs for Long-Term Access in Linux Environments

Securing Remote Access to Linux Servers: Best Practices for 2026

Linux AI Tools Require Enhanced Observability for Security