Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
74
Red Hat Linuxnetwork assessmentNessusNessus: Effective Network Security Assessment On Red Hat Linux
As it says in the Bible in Hezekiah 5:10, "The one who sets the plan in motion, but verifies it not, is worse than a fool." Okay, you know that there's no book of Hezekiah in the Bible. But, the statement is accurate, especially as it pertains to verifying the state of our security. And verification does not take an advanced science degree.. . .. As it says in the Bible in Hezekiah 5:10, "The one who sets the plan in motion, but verifies it not, is worse than a fool." Okay, you know that there's no book of Hezekiah in the Bible. But, the statement is accurate, especially as it pertains to verifying the state of our security. And verification does not take an advanced science degree. NetSec Letter #18, 10 April 2002 Using Network VATs for Verification Fred Avolio, Avolio Consulting, Inc., / As it says in the Bible in Hezekiah 5:10, "The one who sets the plan in motion, but verifies it not, is worse than a fool." Okay, you know that there's no book of Hezekiah in the Bible. But, the statement is accurate, especially as it pertains to verifying the state of our security. And verification does not take an advanced science degree. (After teaching three classes for NASA Kennedy Space Center, I've shied away from saying, "not rocket science.") All it takes is a plan and a tool. The Importance and Ease of Verifying Years ago, when I was in the firewalls business, I sent someone on an installation job. The customer was replacing a packet-filtering firewall with our more robust application gateway firewall. Unlike today, when everyone has detailed specific, up-to-date, and relevant policies, the customer did not have a security policy, besides the Primordial Security Policy (see NetSec Letter #17, NetSec Letter #17, 4 March 2002 ). In the process of gathering firewall-specific policies, the installer asked, "Do you permit outbound FTP requests?" To which he got the reply, "No." The installer sat down at a screen, typed in the FTP client command "ftp ftp.uu.net" and found indeed they *did* permitit. The written policy or the policy in the administrator's head did not permit it, but the policy as implemented did. All it took to verify the policy was typing that one command. Yes, it is really more involved than that. To be thorough, one would have to test every network port. To do that, you use an automated tool. There are commercial tools such as ISS's Internet Security Scanner () and freely available tools like NMAP (https://nmap.org/) and Nessus (https://www.tenable.com/ You aim these scanners at the system or systems you wish to test, and pull the trigger. They automatically scan ports, look for known vulnerabilities. A note of warning: running scanners against systems is considered a hostile act, and in some places is a criminal offense. Don't think of scanning a computer that you don't own, or for which you are not responsible, or that you have not been hired to scan. Using Nessus Recently, my company took on the task of assessing the vulnerability of a web server. There is more to a vulnerability assessment than running a scanner and interpreting the results, but this is part of what we did. We used Nessus running on Red Hat Linux and were very happy with the results. First, we started with a plan, and so should you. All I mean by this is, know what you are testing. Know what should be there. If you are testing an FTP server and you find and FTP listener running on port 21, it is not a surprise. If you know you are testing a web server, and you were told that it is only used for web-related services, you should be surprised to find running listeners for SMTP (e-mail), and TELNET (terminal services). Nessus can use NMAP, as well as other tools, for port scanning. It also comes with "plug-ins" -- add-on tools that test and look for known vulnerabilities. There are 900 plug-ins in the database in 22 areas. It will produce a report, complete with graphs, lists of vulnerabilities found (classifying them as "high," "serious," "medium," and "low"), and explanations of what it found. Youmay also specify how far Nessus will go in its testing. We set it in "safe" mode. This directs Nessus to not attempt to exploit indicated vulnerabilities. In this installation, Nessus found ports running services we did not expect. The written and verbal information we received did not indicate they should be running. It also found a directory with example CGI scripts -- some exploitable. It reported old, potentially vulnerable, versions of software, a potential vulnerability in a particular server, and server banner responses that give out too much information (for example, "220 ProFTPD 1.20pre1 Server"). When the scanning was done, we were not finished. We still had to look at the report to see if it was accurate, and convey to the client what items were really important to deal with immediately, what might be false positives -- with suggestions for "manual" verification steps, and what could be ignored -- and why. Next Steps Verifying security is as important as initially planning and implementing it. And verification should be on going -- a never-ending process. Our final recommendation to our client was this: "After addressing the concerns herein, scan the site monthly to see if the security posture changes, and account for those changes (or address them)." Promotions, Self and Otherwise There are 3 columns I wrote for WatchGuard Technologies I have not mentioned to you before. The first, from their "Foundations" series is "What Are Intrusion Detection Systems (IDS)?" at WatchGuard LiveSecurity: Foundations: What Are Intrusion Detection Systems? . The second, "Security Tokens: Why Aren?t You Using Them?" at . And the third is "Basic IP Router Security" which you can find at WatchGuard LiveSecurity: Editorial: Basic IP Router Security . While doing some research for a class I am developing, I came across this short article from *CIO Magazine*: "How to make a firewall sandwich," . Ron DuFresne has an interesting paper on his website entitled " Extrusion Detection Systems; the art ofnetwork monitoring." You may find it at https://saw.com/buy-domain May 6 and 7 in Las Vegas, Dave Piscitello, Joel Snyder, and I will again be presenting our two VPN classes, "Introduction to VPNs" and "VPN Design and Deployment." See Frederick M. Avolio - 2005 Speaking and Teaching Calendar for information about these and other courses. On May 30, I'm delivering the 11AM Keynote address at the eSecurity conference ( ). The title is "Network Security: It's Not Just for Security Guys Anymore." I'll also be at CSI's NetSec 2002 in San Francisco in June ( ). I'll deliver a talk on wireless security, another on how to secure your web (or any other) server, and will teach my 2-day "Tools and Techniques" class ( Tools and Techniques for the Network Security Practitioner ). . As it says in the Bible in Hezekiah 5:10, 'The one who sets the plan in motion, but verifies it not,. bible, hezekiah, motion, verifies. . Anthony Pell
Apr 11, 2002
•
Network Security
83
network securityattack mitigationfirewall techniquesEnhancing Network Security: Firewalk and Scanner Tools Overview
Network scanning, password grabbing, trojaned software -- all are the bane of the righteous sysadmin. Craig Ozancin reveals how to beef up network security and ward off attackers at the LinuxWorld Expo, as reported by Rick Moen. "Nessus, the older SATAN . . . . Network scanning, password grabbing, trojaned software -- all are the bane of the righteous sysadmin. Craig Ozancin reveals how to beef up network security and ward off attackers at the LinuxWorld Expo, as reported by Rick Moen. "Nessus, the older SATAN and SAINT packages, Firewalk (which probes and identifies a network's firewall ruleset), or proprietary scanners such as Internet Security Systems's Internet Scanner and Axxent Technologies' NetRecon -- as well as checking Websites on the target network for known-exploitable CGI scripts. " The link for this article located at LinuxWorld [LinuxToday] is no longer available. . Network scanning, password grabbing, trojaned software -- all are the bane of the righteous sysadmin. network, scanning, password, grabbing, trojaned, software, righteous, sysadmin. . LinuxSecurity.com Team
Aug 30, 2000
•
Hacks/Cracks
74
network assessmentsecurity scannerLinux networkExploring Security Scanners' Role in Linux Network Protection
This paper discusses the differnt types of security scanners available for Linux. "A scanner is a program that automatically detects security weaknesses in a remote or localhost.". Scanners are important to Internet security because they reveal weaknesses in the . . .. This paper discusses the differnt types of security scanners available for Linux. "A scanner is a program that automatically detects security weaknesses in a remote or localhost.". Scanners are important to Internet security because they reveal weaknesses in the network. System administrators can strengthen the security of networks by scanning their own networks. The link for this article located at Linux.com --Â Â is no longer available. . Discover key Linux security scanners like Nmap, OpenVAS, Nikto, and more to find and fix vulnerabilities, enhancing your network's defenses. Linux Network Scanners, Vulnerability Assessment Tools, Security Scanner Advantages. . Anthony Pell
May 16, 2000
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More