Server Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Web server attacks have doubled over the course of the last year, despite increased spending on security. That's the main conclusion of a survey of more than 2,500 organisations, sponsored by security firms TruSecure and Predictive Systems. The survey found that . . .
Subterrian.net has a copy of the presentation delivered by Sean Lewis at ToorCon 2001, held last weekend in San Diego, Calif. Lewis discusses BSD essential BSD security issues, working well as a primer for new and experienced users alike. Read all . . .
The Sendmail mail delivery subsystem is vulnerable to multiple local attacks that lead to information loss, information leaks and mail system compromise. The mail system privileges compromise affects Sendmail 8.12.0. Other problems affect all versions up to 8.12.0.. . .
This article takes a look at a little shell application that uses an innovative approach to increasing open UNIX security. A step-by-step analysis of the code is provided. The author's areas of expertise are in Web programming and cutting-edge network security development.. . .
vsFTPd, the "very secure" FTP daemon, now includes the ability to control bandwidth by preventing the link from being saturated. "vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously this is not a guarantee, but a reflection that I have written the entire codebase with security in mind, and carefully designed the program to be resilient to attack.". . .
With yet another Linux-based vulnerability hitting last week, Mark Read, network security analyst at MIS Corporate Defence Solutions, delves into an age-old debate that fuels many a discussion. Yes, it's the same old story of Microsoft versus Linux in the race for optimum IT security. What everyone wants to know is, who will cross the finishing line first?. . .
The Nimda worm has spread wildly, infecting many Microsoft Windows 9x, ME, NT 4.0, and 2000 machines, and its network scans have brought some networks to their knees. It was first reported on September 18th in the morning almost one week . . .
Building your own console server is easy. All you need is an old PC and some additional serial cards (most PCs come with only two ports). Multiport serial boards, such as those from Digi International, that install under Linux are available. . . .
"LaBrea" is a free, open-source tool that deters worms and other hack attacks by transforming unused network resources into decoy-computers that appear and act just like normal machines on a network. But when malicious hackers or mindless worms such as Nimda . . .
Although proponents argue that Linux is at least as secure-and perhaps more secure-than Unix, Microsoft Corp.'s Windows NT or Novell Corp.'s NetWare, there is still concern at many federal agencies about the operating system's safety.. . .
If Attorney General Ashcroft hadn't talked about this Windows worm on national TV, and received at least ten in my mailbox already, this would probably otherwise belong on an NT security web site, but certainly many of use have heterogeneous networks. Nimbda is Admin backwards... "The worm, known as "W32.Nimda," had affected. . .
The rtr-graph package described in this article is a set of Perl scripts for polling routers (or other SNMP-enabled devices) for information about traffic in and out of specified interfaces. You can set up "rtr-traff" as a cron job to poll . . .
"Eric Chien, chief researcher at Symantec's antivirus research centre, does not expect the virus to spread, principally because it lacks the self-replication characteristics that made Code Red and the Lion worm (which affected Linux servers) such nuisances. "I don't think . . .
Jail chroots an environment and sets certain restrictions on processes which are forked from within. For example, a jailed process cannot affect processes outside of the jail, utilize certain system calls, or inflict any damage on the main computer. Jail is . . .
This article discusses a network setup which might prove useful for people who like to put some extra effort into connecting their machines to the Internet. The goal is to build a secure client and server farm on a single IP address.. . .
RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use for over a year (since version 1.0.9a). The standard package includes a range of access control models like MAC, RC, and ACL . . .
After project leaders pan vulnerability assessment, a Back Orifice demonstration quells the skeptics. My company is about to deploy a virtual private network (VPN). During a recent project meeting, the project manager asked each department representative to identify six tasks related . . .
Anti-virus software for FreeBSD is not a common thought to most FreeBSD administrators. However, if you're like me, most of my networks are Windows 2000/NT on the workstations, and FreeBSD on the servers. This means that the average user can download . . .
Security experts and vendors of Linux and other Unix-like operating systems are urging network administrators to replace some versions of popular e-mail server software known as Sendmail, because the most recent open-source versions can provide a doorway for local hackers.. . .
Sendmail contains an input validation error, may lead to the execution of arbitrary code with elevated privileges. Local users may be able to write arbitrary data to process memory, possibly allowing the execution of code/commands with elevated privileges.. . .