Server Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
codeRedKiller is a simple concept that truly can help conserve resources. It saves time and energy (bandwidth and cpu power, etc) by automatically identifying and dropping requests from CodeRed infected hosts. Its goals are to stop CodeRed requests to apache webservers . . .
One of the most common uses of network systems is for e-mail-based communications. As such, a great deal of attention has been given to securing e-mail systems. However, most of this focus has been in two areas: security at the message . . .
A nice account of the costs associated with attacks and computer security. " The threat from computer crimes and other online security breaches has barely slowed, never mind stopped, according to a recent survey of 538 security professionals in U.S. corporations . . .
A security flaw involving the server software that allows Quake III players to play the popular shoot-them-up over a network has been reported. According to a posting on respected security mailing list BugTraq, a buffer overflow vulnerability in Quake III Arena . . .
The focus of Internet security is to ensure private, authenticated communications between parties over the Internet or Intranets. Many of the security requirements are not that different from the requirements within a closed system complex. A closed system complex, however, may . . .
The Apache Software Foundation Inc.'s Apache HTTP Server has earned what many hope for and few achieve: an enviable security reputation. This achievement is especially striking when contrasted with Microsoft Corp.'s IIS (Internet Information Services) Web server (see story), which has . . .
This article is a link to the contents of DNS Security Chapter of the O'Reilly DNS book. Why should you care about DNS security? Why go to the trouble of securing a service that mostly maps names to addresses? Let us . . .
Patrick Mullen writes, "The Duke of URL has just posted its review of EnGarde Secure Linux 1.0.1. EnGarde Secure Linux is a unique brand of Linux with a focus on security, e-commerece, and servers. The review covers installation, its interface, and more.". . .
Hardening BSD is definitely trickier than hardening a Linux based workstation being that the top 3 distributions of BSD, Net, Open, Free, have done an excellent job of strengthening the systems on their own. Using FreeBSD at home while I write . . .
Economic conditions and an apparent decision to start a fee-based service will force access to MAPS services to cease. A post from mail-abuse.org to the net-abuse.email newsgroup has started some controversy over MAPS' intentions, finding replacements for their service, and basically what should be done next.. . .
The following article tries to explain how to use PHP on your server in a secure manner. This includes how to safely install it, remove samples and set up security specific options. It is very important to make sure that the . . .
Emily Ratliff posted a summary of the recent USENIX "Birds of a Feather" (BOF) discussion about the Linux Security Module effort. This effort is trying to devise a set of Linux kernel hooks to support "plugging in" to Linux support for advanced security policies.. . .
Now, in this short series of articles, I'm going to delve deeper into Linux security and discuss protective measures such as VPN systems and tripwire. Even though I'm aware of the many different security analysis tools out there, I'm not experienced . . .
As we covered in the last article, SSL/TLS (Secure Socket Layer/Transport Layer Security) are the protocols used to add encryption and authentication to TCP/IP and HTTP. In this article we'll cover the most popular open source method of adding SSL/TLS to a web server. Adding mod_ssl to Apache.. . .
A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. Until all vendors have released updates, there is an interim workaround available. . . .
This is a great security utility to be sure, but what about non-system files like those that constitute your Web site? Never fear: Tripwire, in partnership with Covalent, has recently released Tripwire for Web Pages into its security software stable. Tripwire . . .
Security specialist Steve Gibson has created quite a fracas with his increasingly vocal opposition to the raw-socket connectivity planned for Windows-XP, and upon which he bases predictions of impending chaos for the entire Internet, so he's decided to exploit the very threat he claims will make the Internet permanently unstable.. . .
A flaw exists in the dnskeygen utility under BIND version 8 and the dnssec-keygen utility included with BIND version 9. The keys generated by these utilities are stored in two files. In the case of HMAC-MD5 shared secret keys that are used for dynamic updates to DNS servers, the same secret keying material is present in both files. Only one of the files is configured by default with strong access control. The resulting exposure may allow unauthorized local users to obtain the keying information. This may allow attackers to update DNS servers that support dynamic DNS updates.. . .
IT security has a lot in common with the meat-packing plants of 150 years ago or sailing a ship across the oceans in the 1700s, said Gene Kim, chief technology officer of Tripwire, in a speech Thursday at The Internet Security . . .
ava programs are especially vulnerable to decompilers, because Java source code is compiled to Java bytecode. But there are techniques to make decompilation harder. It is a difficult prospect to take machine level code and translate it backwards into language level . . .