LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How would you rate the importance of default settings in security?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: July 4th, 2008
Linux Security Week: June 30th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Documentation
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Information Security as a Business Practice  11 December 2006 
Source: Info Sec Writers - Posted by Eric Lubow   
This article addresses the role information security plays in an organization. Historically, organizations have deemed information security to be an information technology issue, one that the business as a whole did not need to address. Organizations have also treated information security as an add-on feature, almost an afterthought. Information security must become ingrained into the culture of the organization to ensure security compliance in all facets of the company. Organizations that are beginning to mature with information security may choose to investigate and implement established systems that support information systems.

Write Comment

 
Set Up Ubuntu-Server 6.06 LTS As A Firewall/Gateway For Your Small Business Environment  10 December 2006 
Source: HOWTO Forge - Posted by Eric Lubow   
Needs very little maintenance and is extendable beyond your wildest imagination. All depending on the hardware used, of course. This is just a COPY&PASTE howto. For more info use the net. I did... However, contributions and suggestions are allways welcome! I know this can be done better, so feel free. I should have based this tuto on 6.06 LTS right away, because of the LTS. Sorry for that. Due to some minor but important changes needed to make this work with Ubuntu 6.06 LTS, I wrote it again.

Write Comment

 
Key-Based SSH Logins With PuTTY  08 December 2006 
Source: HOWTO Forge - Posted by Eric Lubow   
This guide describes how to generate and use a private/public key pair to log in to a remote system with SSH using PuTTY. PuTTY is an SSH client that is available for Windows and Linux (although it is more common on Windows systems). Using key-based SSH logins, you can disable the normal username/password login procedure which means that only people with a valid private/public key pair can log in. That way, there is no way for brute-force attacks to be successful, so your system is more secure.

Write Comment

 
Book Review: Security Threat Mitigation and Response  24 November 2006 
Source: UnixReview - Posted by Benjamin D. Thomas   
When it comes to network security, Cisco is actively involved in coming up with some of the very best solutions to troublesome problems that unexpectedly occur. When it comes to books about security, however, Cisco Press has an uneven batting average. Some of the books are good, while others leave you wondering how they made it through the editing stage. Looking at words like “paradigm” on the back cover of this title, my spine began to get a familiar tingle, but in this case, I am happy to report, they have hit a home run.

Cisco Security MARS (Monitoring, Analysis, and Response System) is a product intended to work with your network and identify (as well as prevent) problems early on. It is also intended to boost data privacy to the point where compliance becomes a certainty. Given the customization that is possible and the importance of getting it right, a book on the topic that is detailed and easy to read is almost a necessity.

Write Comment

 
Racoon Roadwarrior Configuration  13 November 2006 
Source: HOWTO Forge - Posted by Eric Lubow   
Roadwarrior is a client that uses unknown, dynamically assigned IP addresses to connect to a VPN gateway (in this case also firewall). This situation is shown on picture 1.1 and is one of the most interesting and today most needed scenarios in business environment. Here are some of the reasons why that is so: Client can be any computer (with any IP address assigned) that has Internet access and can initiate connection to VPN gateway. Wen connecting to VPN network, client is assigned an internal IP address on the network he is connecting to, which gives an impression that it is directly connected to VPN network, instead of connecting by tunneling through Internet. When internal IP address is assigned, network administration is easier. Traffic is protected on the route from the client to the VPN gateway. When connected, client doesn't have direct access to Internet because traffic is routed through VPN network and firewall (VPN gateway).

Write Comment

 
Enhance Your Mail Server With ASSP (Anti-Spam SMTP Proxy)  10 November 2006 
Source: HOWTO Forge - Posted by Eric Lubow   
"The ASSP server project is an Open Source platform-independent transparent SMTP proxy server that leverages numerous methodologies and technologies to both rigidly and adaptively identify spam. This web site's domain name, "ASSPSMTP", is the common name used for the daemon or service running ASSP." In short ASSP is the most kickass solution that is both free and works great. It reduced spam to an absurd minimum for me. The current solutions (Spamassassin,Razor,Pyzor,Dcc) were not enough for my situation. This software works from the port 25 on a system. and stop spam where it enters your system.

Write Comment

 
Malicious Code Injection: It’s Not Just for SQL Anymore  03 November 2006 
Source: Info Sec Writers - Posted by Eric Lubow   
More and more, developers are becoming aware of the threats posed by malicious code, and SQL injection in particular, and by leaving code vulnerable to such attacks. However, while SQL is the most popular type of code injection attack, there are several others that can be just as dangerous to your applications and your data, including LDAP injection and XPath injection. While these may not be as well-known to developers, they are already in the hands of hackers, and they should be of concern.

Write Comment (2 Comments)

 
Penetration Test Framework UPDATE  10 October 2006 
Source: Info Sec Writers - Posted by Eric Lubow   
Lee Lawson submits this work on an excellent Penetration Test structure. This is a must for anyone performing penetration testing!!!

Write Comment (1 Comments)

 
Correct Syntax for Using SSH and SFTP on Ubuntu on Irregular Ports  07 October 2006 
Source: MidSpot - Posted by Eric Lubow   
I’m posting the following more for my own benefit and reference than anything else…Correct syntax for SSH and SFTP on Ubuntu on irregular ports: (replace items in < > with your stuff, without the < >)

Write Comment

 
How to Cheat at Managing Information Security  28 September 2006 
Source: Slashdot.org - Posted by Benjamin D. Thomas   
Mark Osborne doesn't like auditors. In fact, after reading this book, one gets the feeling he despises them. Perhaps he should have titled this book 'How I learned to stop worrying and hate auditors'. Of course, that is not the main theme of How to Cheat at Managing Information Security, but Osborne never hides his feeling about auditors, which is not necessarily a bad thing. In fact, the auditor jokes start in the preface, and continue throughout the book.

The subtitle of the book is 'Straight talk from the loud-fat-bloke who protected Buckingham Palace and ran KPMG's security practice'. Essentially, the book is Osborne's reminiscence of his years in information security; including the good, the bad, and more often then not, the ugly.

Write Comment

 
<< Start < Prev 1 2 3 Next > End >>

Results 11 - 20 of 442
    
Partner:

 

Latest Features
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
HowTo: Secure your Ubuntu Apache Web Server
Yesterday's Edition

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.