This week, perhaps the most interesting articles include "Parallel SSH Execution and a Single Shell to Control Them All," "Preventing MySQL Injection Attacks With GreenSQL On Debian Etch," and "Ultimate Security Proxy With Tor."
Earn your MS in Info Assurance online
Norwich University's Master of Science in Information Assurance
(MSIA) program, designated by the National Security Agency as providing academically excellent education in Information Assurance, provides you with the skills to manage and lead an organization-wide information security program and the tools to fluently communicate the intricacies of information security at an executive level.
Learn more
LinuxSecurity.com
Feature Extras:
Never Installed a Firewall on Ubuntu? Try Firestarter - When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing.
Read on for more information on Firestarter.
Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
|
EnGarde Secure Community 3.0.21 Now Available (Oct 7) |
|
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.21 (Version 3.0, Release 21). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
|
|
Parallel SSH Execution and a Single Shell to Control Them All (Oct 31) |
|
Many people use SSH to log in to remote machines, copy files around, and perform general system administration. If you want to increase your productivity with SSH, you can try a tool that lets you run commands on more than one remote machine at the same time. Parallel ssh, Cluster SSH, and ClusterIt let you specify commands in a single terminal window and send them to a collection of remote machines where they can be executed.
Do you want to increase your productivity with SSH? Check out this article on 3 parallel SSH tools which let you run commands on multiple machines at the same time. news/network-security/parallel-ssh-execution-and-a-single-shell-to-control-them-all
|
|
SQLmap 0.6.1 - Automatic SQL Injection Tool (Oct 31) |
|
sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.
Have you ever used any security tools for detecting SQL injection attack. This article discusses some of the features of sqlmap.
|
|
Upcoming Conference Talks on SELinux: sVirt and Kiosk Mode (Oct 30) |
|
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes.
This article looks at some interesting development in the SELinux project. What would you like to see in SELinux?
|
|
Preventing MySQL Injection Attacks With GreenSQL On Debian Etch (Oct 29) |
|
GreenSQL (or greensql-fw) is a firewall for MySQL databases that filters SQL injection attacks. It works as a reverse proxy, i.e., it takes the SQL queries, checks them, passes them on to the MySQL database and delivers back the result from the MySQL database. It comes with a web interface (called greensql-console) so that you can manage GreenSQL through a web browser. This guide shows how you can install GreenSQL and its web interface on a Debian Etch server.
Are you concern with the threat of SQL injection attacks? This article looks at GreenSQL which acts as a firewall for your MySQL database. news/network-security/preventing-mysql-injection-attacks-with-greensql-on-debian-etch
|
|
Virtual Desktops, Real Security (Oct 28) |
|
Deep inside a nameless government department -- you will probably guess its identity, but nobody can say it officially -- a Linux desktop revolution has taken hold. For this particular organization, however, the big deal is not the fact that Linux is involved, but the way in which it is being used.
What do you think? Will virtualizing the desktop make it more secure? This article looks at how virtualization and SELinux can help make an organization's desktops more secure.
|
|
Ultimate Security Proxy With Tor (Oct 27) |
|
Nowadays, within the growing web 2.0 environment you may want to have some anonymity, and use other IP addresses than your own IP. Or, for some special purposes - a few IPs or more, frequently changed. So no one will be able to track you. A solution exists, and it is called Tor Project, or simply tor. There are a lot of articles and howtos giving you the idea of how it works, I'm not going to describe here onion routing and its principles, I'll rather tell you how practically pull out the maximum out of it.
Did you ever wanted to increase your security and privacy on the Internet? This article will teach you how to use the proxy software called Tor. Have you every used it before? news/network-security/ultimate-security-proxy-with-tor
|
Nov 03, 2008
•
Anthony Pell
PREVIOUS
NEXT
