Server Security - Page 49
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Depending on where you are and what you're doing there, security can mean very different things. This second article in our series on sendmail and security, based on the tutorial given by Eric Allman and Greg Shapiro at the recent USENIX . . .
Traditionally, BIND has been the nameserver of choice when doing name service on a Unix system. Like many of its close relatives, such as sendmail, it was designed at a time when the internet wasn't even known as the internet, and . . .
This two-part series on securing sendmail, based on the tutorial given by Eric Allman and Greg Shapiro at the recent USENIX technical conference in San Diego, begins by detailing the measures you can take to secure any sendmail installation. It continues . . .
Tips on securing apache for use with virtual hosts. "There is no best way to do this except to be paranoid about every detail, pay attention to security alerts and trust no one. Fortunately, Apache has some recommendations. Here is how . . .
This article discusses the various security mechanisms for apache. "... But what's all this noise about 'discretionary' and 'mandatory,' you ask? Put simply, discretionary control (DAC) mechanisms check the validity of the credentials given them at the discretion of the . . .
"Immunix" is a family of tools designed to enhance system integrity by hardening system components and platforms against security attacks. The Immunix OS is a Linux platform hardened with the Immunix tool set. Immunix works by hardening existing software . . .
Here is an information bulletin that was issues by CIAC last Tuesday. It covers a BIND buffer overflow that exists in 8.2, 8.2.1 and 8.2.2. Here CIAC explains how the exploit works, "The exploit requires two systems to be . . .
This article discusses the use of mod_ssl, OpenSSL, RSARef, MySQL and PHP to develop a secure web server. "Our objective is to install a web server that will allow us to host sites, that would be secure for e-commerce . . .
In this installment, we add scripts to let the user browse our product catalog and we let them order our products. After completing this installment, you will have experience navigating the product catalog, viewing product details, managing the shopping cart, . . .
A serious bug has been discovered in the Linux kernel that can be used by local users to gain root access. The problem, a vulnerability in the Linux kernel capability model, exists in kernel versions up to and including version 2.2.15. According to Alan Cox, a key member of the Linux developer community, "It will affect programs that drop setuid state and rely on losing saved setuid, even those that check that the setuid call succeeded."To ensure that this vulnerability cannot be exploited by programs running on Linux, Linux users are advised to update to kernel version 2.2.16 immediately. Information on "capabilities" are discussed in the Capabilities FAQ We also recently ran a story on a capabilities-based operating system that is worth reading.
This advisory is for all 386BSD-derived OSes, including all versions of FreeBSD, NetBSD and OpenBSD. "An unprivileged local user can cause every process on the system to hang during exiting. In other words, after the system call is issued, no . . .
Developers of the NetBSD open source operating system say a recent security breach did not compromise the software's source code. NetBSD developer and project spokesman Charles Hannum has confirmed that a key developer's password was "discovered" by outsiders.
This is a introductory article on securing your Linux server. It starts with physical security then briefly discusses network security. "Your objective is to add as many rings or layers as possible, making the potential cracker take more . . .
British Internet companies are increasingly turning to complexes capable of withstanding a nuclear onslaught in the battle against computer hackers and other threats, according to one security consultant. . . .
This ApacheToday article discusses what issues are involved with Apache to configure an E-Commerce site. "So, E-Commerce is the buzzword, but how do you actually produce an E-Commerce site? ... Here's a quick guide to some of the issues . . .
Jose Nazario has updated the .cf/.mc patch on his mirror site to include "Killer Resume" and was kind enough to share the fix with us. The patch, designed to block the ILOVEYOU worm and related worm/virus medleys, works . . .
The potential represented by the "mstream" Distributed Denial of Service (DDoS) exploit is a serious and continuing threat. This advisory provides an update to a previously delivered NIPC DDoS detection tool that now allows users to identify the presence of . . .
With the use of increasingly sophisticated encryption systems, an attacker wishing to gain access to sensitive data is forced to look elsewhere for information. One avenue of attack is the recovery of supposedly erased data from magnetic media or random-access . . .
Noel continues the story of when some Unix boxes that he helped admin were cracked. This article talks about some of the efforts made to track down the cracker and some surprises. This is the third part of the story . . .
This is the second article in a three-part series dealing with using PHP 4 and MySQL to make a comprehensive e-commerce storefront solution. This article covers session management within the store, user privileges, and a few security concerns. . . .