Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

A Pig(Snort), A Moon (Lua) and one very happy developer (Bill)  09 May 2007  Print E-mail
User Rating:      How can I rate this item?
Posted by Bill Keys   
Features About one month ago, Snort 3.0 Alpha was released for testing in the community. If you want to be on the cutting edge of intrusion detection, packet sniffing, and keeping your system safe, check out this introduction to preparing for the future of intrusion detection.

IPTables HOWTO Updated Release  28 November 2006  Print E-mail
User Rating:      How can I rate this item?
Source: Oskar Andreasson - Posted by Eric Lubow   
Features The aim of the iptables-tutorial is to explain iptables in a complete and simple way. The iptables-tutorial is currently rather stable, and contains information on all the currently available matches and targets (in kernel), as well as a couple of complete example scripts and explanations. It contains a complete section on iptables syntax, as well as other interesting commands such as iptables-save and iptables-restore. The tutorial has recently been under heavy scrutiny and updating, as can be seen in this, the latest version of the tutorial. It is now also available in bookform from If you feel like contributing or donating to the author of this tutorial, please do buy the book! Thank you!

Shell Scripting, oooh...its easy  26 November 2006  Print E-mail
User Rating:      How can I rate this item?
Source: Blessen Cherian - Posted by Benjamin D. Thomas   
Features Blessen Cherian, CTO and Executive Team Member of writes, "Shell scripting is nothing but a group of commands put together and executed one after another in a sequential way. Let's start by mentioning the steps to write and execute a shell script."

Why EnGarde Secure Linux is "Secure By Design"  09 October 2006  Print E-mail
User Rating:      How can I rate this item?
Features Secure By Design: How Guardian Digital Secures EnGarde Secure Linux


What is EnGarde Secure Linux?

EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet. EnGarde Secure Linux is the creation of Guardian Digital, Inc. a pioneer in open source security since 1999, and has been developed since then in collaboration with the worldwide community of open source security enthusiasts and professionals. Guardian Digital provides a secure and consistent environment for EnGarde Secure Linux through the Guardian Digital WebTool and the Guardian Digital Secure Network. A server-only system, EnGarde Secure Linux is administered securely and remotely using the WebTool, a custom interface that both simplifies server administration and guides the system user in maintaining a secure configurations for all of the services that comprise EnGarde. The Guardian Digital Secure Network maintains the consistency and security of EnGarde by providing system upgrades and security patches that have been constructed by Guardian Digital's engineering team to relieve the user of the burden of maintaining the system in a consistent and secure state.

Defense In Depth In EnGarde Secure Linux

Security is the primary consideration in designing every element of EnGarde Secure Linux. Guardian Digital applies basic security principles like "least privilege", "no unnecessary services" and "default-deny" rules to every level of EnGarde from access to kernel itself to defense of the network perimeter. Security begins with the selection of the best available open source packages, chosen and tailored for maximum security and following software security best-practices. The next level of protection comes from a complete re-engineering of the standard Linux security model using Security Enhanced Linux (SELinux). SELinux implements the principle of "Mandatory Access Control" which places each program and process under the control of its own SELinux policy, limiting its access to files and resources and effectively containing any intrusions or compromises. EnGarde Secure Linux builds on this secure foundation by placing all administration of EnGarde and its services under the control of the Guardian Digital WebTool. The Guardian Digital WebTool is a secure, remote graphical administration interface that is carefully tailored, not just to simplify administration, but to help maintain secure practices and configurations. For example, EnGarde, through the WebTool, limits user and IP access by default for most services like FTP file transfers and POP/IMAP mail retrieval. For services that must be publicly accessible like Web service and mail transport, the WebTool offers simple setup of SSL-enabled encrypted services. The WebTool also mandates secure practices like encrypted passwords and prevents hazardous configurations like open mail relays. EnGarde Secure Linux extends its secure environment through the use of a carefully integrated selection of the best open source security tools for detecting compromises and intrusions at all levels. EnGarde generates special security-focused system logs to help the administrator identify potential compromises, and adds to this host-based intrusion detection tools. EnGarde monitors the system for potential network compromises and intrusions using the open source Snort intrusion detection system, adding its own NetDiff port status monitoring software.


Linux and open source systems have long been renowned for their stability, versatility and scalability. EnGarde Secure Linux adds the feature crucial to providing services on the modern Internet -- security. Guardian Digital builds security into every element of EnGarde by selecting the best available open source tools and services available and configuring them with security as the top priority. Recognizing that security can only be maintained in a consistent and stable environment, Guardian Digital relieves the user of the burden of "hardening" the system and following secure practices by designing secure administration into its WebTool and by updating and securing the system through the Guardian Digital Secure Network. For an in-depth exploration of the EnGarde Secure Linux security environment, see the full version of this document at "Secure By Design" full text

RFID with Bio-Smart Card in Linux  22 September 2006  Print E-mail
User Rating:      How can I rate this item?
Source: Suhas Desai - Posted by Benjamin D. Thomas   
Features In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.

The RF Smart Card and card reader/writer were developed to handle payment transaction for public transportation systems. These contact less cards have security features, such as encrypted RF transmission mutual authentication, and security keys. The RF smart card has up to 16 separate sectors, which can be configured as purses or for general data storage. The first sector is typically used as a directory for the rest of the card, leaving 15 segments available for data or purses.

Each sector has two keys, called the A and B keys, allowing different access privileges to that sector. These key pairs can be designated as read and read/write, or decrement and increment/decrement .For example this would allow turnstile readers with the A key to only deduct value from a card sector, while smart card readers with the B keys could either add or subtract value .The card also has a 32-bit unique random number, which is permanently encoded into each chip by the chip manufacturer. Public key infrastructure (PKI) based systems are used to construct a secure system that can achieve secure access conditions. They are consequently being used to carry keys and store personal information in applications such student identification systems.

<< Start < Prev 4 5 6 Next > End >>

Results 37 - 45 of 178


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.