Server Security

Discover Server Security News

Apache CodeRed Countermeasures with PHP: codeRedKiller!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

codeRedKiller is a simple concept that truly can help conserve resources. It saves time and energy (bandwidth and cpu power, etc) by automatically identifying and dropping requests from CodeRed infected hosts. Its goals are to stop CodeRed requests to apache webservers . . .

LinuxSecurity.com Team
Aug 19, 2001

Securing Sendmail with TLS

One of the most common uses of network systems is for e-mail-based communications. As such, a great deal of attention has been given to securing e-mail systems. However, most of this focus has been in two areas: security at the message . . .

LinuxSecurity.com Team
Aug 16, 2001

ComputerWorld: Security Statistics

A nice account of the costs associated with attacks and computer security. " The threat from computer crimes and other online security breaches has barely slowed, never mind stopped, according to a recent survey of 538 security professionals in U.S. corporations . . .

LinuxSecurity.com Team
Aug 06, 2001

Buffer overflow bug shakes Quake

A security flaw involving the server software that allows Quake III players to play the popular shoot-them-up over a network has been reported. According to a posting on respected security mailing list BugTraq, a buffer overflow vulnerability in Quake III Arena . . .

LinuxSecurity.com Team
Aug 02, 2001

AS/400 Internet Security

The focus of Internet security is to ensure private, authenticated communications between parties over the Internet or Intranets. Many of the security requirements are not that different from the requirements within a closed system complex. A closed system complex, however, may . . .

LinuxSecurity.com Team
Aug 02, 2001

Apache avoids most security woes

The Apache Software Foundation Inc.'s Apache HTTP Server has earned what many hope for and few achieve: an enviable security reputation. This achievement is especially striking when contrasted with Microsoft Corp.'s IIS (Internet Information Services) Web server (see story), which has . . .

LinuxSecurity.com Team
Jul 24, 2001

DNS and BIND, 4th Edition: DNS Security

This article is a link to the contents of DNS Security Chapter of the O'Reilly DNS book. Why should you care about DNS security? Why go to the trouble of securing a service that mostly maps names to addresses? Let us . . .

LinuxSecurity.com Team
Jul 19, 2001

The Duke of URL Reviews EnGarde Secure Linux

Patrick Mullen writes, "The Duke of URL has just posted its review of EnGarde Secure Linux 1.0.1. EnGarde Secure Linux is a unique brand of Linux with a focus on security, e-commerece, and servers. The review covers installation, its interface, and more.". . .

LinuxSecurity.com Team
Jul 18, 2001

Hardening BSD

Hardening BSD is definitely trickier than hardening a Linux based workstation being that the top 3 distributions of BSD, Net, Open, Free, have done an excellent job of strengthening the systems on their own. Using FreeBSD at home while I write . . .

LinuxSecurity.com Team
Jul 17, 2001

MAPS Subscription Policy Changes

Economic conditions and an apparent decision to start a fee-based service will force access to MAPS services to cease. A post from mail-abuse.org to the net-abuse.email newsgroup has started some controversy over MAPS' intentions, finding replacements for their service, and basically what should be done next.. . .

LinuxSecurity.com Team
Jul 13, 2001

Using PHP Securely

The following article tries to explain how to use PHP on your server in a secure manner. This includes how to safely install it, remove samples and set up security specific options. It is very important to make sure that the . . .

LinuxSecurity.com Team
Jul 10, 2001

Kernel Security Extensions USENIX BOF Summary

Emily Ratliff posted a summary of the recent USENIX "Birds of a Feather" (BOF) discussion about the Linux Security Module effort. This effort is trying to devise a set of Linux kernel hooks to support "plugging in" to Linux support for advanced security policies.. . .

LinuxSecurity.com Team
Jul 02, 2001

Tools of the Trade: Part 1

Now, in this short series of articles, I'm going to delve deeper into Linux security and discuss protective measures such as VPN systems and tripwire. Even though I'm aware of the many different security analysis tools out there, I'm not experienced . . .

LinuxSecurity.com Team
Jun 25, 2001

Web Security: Apache and mod_ssl

As we covered in the last article, SSL/TLS (Secure Socket Layer/Transport Layer Security) are the protocols used to add encryption and authentication to TCP/IP and HTTP. In this article we'll cover the most popular open source method of adding SSL/TLS to a web server. Adding mod_ssl to Apache.. . .

LinuxSecurity.com Team
Jun 24, 2001

Security bugfix for Samba

A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. Until all vendors have released updates, there is an interim workaround available. . . .

LinuxSecurity.com Team
Jun 23, 2001

Saving face: Tripwire for Web Pages

This is a great security utility to be sure, but what about non-system files like those that constitute your Web site? Never fear: Tripwire, in partnership with Covalent, has recently released Tripwire for Web Pages into its security software stable. Tripwire . . .

LinuxSecurity.com Team
Jun 20, 2001

Security geek developing WinXP raw socket exploit

Security specialist Steve Gibson has created quite a fracas with his increasingly vocal opposition to the raw-socket connectivity planned for Windows-XP, and upon which he bases predictions of impending chaos for the entire Internet, so he's decided to exploit the very threat he claims will make the Internet permanently unstable.. . .

LinuxSecurity.com Team
Jun 12, 2001

ISS Xforce: BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys

A flaw exists in the dnskeygen utility under BIND version 8 and the dnssec-keygen utility included with BIND version 9. The keys generated by these utilities are stored in two files. In the case of HMAC-MD5 shared secret keys that are used for dynamic updates to DNS servers, the same secret keying material is present in both files. Only one of the files is configured by default with strong access control. The resulting exposure may allow unauthorized local users to obtain the keying information. This may allow attackers to update DNS servers that support dynamic DNS updates.. . .

LinuxSecurity.com Team
Jun 12, 2001

Tripwire CTO: Security requires new thinking

IT security has a lot in common with the meat-packing plants of 150 years ago or sailing a ship across the oceans in the 1700s, said Gene Kim, chief technology officer of Tripwire, in a speech Thursday at The Internet Security . . .

LinuxSecurity.com Team
Jun 11, 2001

Securing Java Code: Part 4, Decompilers

ava programs are especially vulnerable to decompilers, because Java source code is compiled to Java bytecode. But there are techniques to make decompilation harder. It is a difficult prospect to take machine level code and translate it backwards into language level . . .

LinuxSecurity.com Team
Jun 11, 2001

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

New Bifrost Malware Evades Detection, Threatens Linux Server Security

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers