These instructions describe setting up two-factor authentication with WiKID Strong Authentication, which is a commercial/open source two-factor authentication system and OpenVPN, an SSL-encrypted VPN, on a Linux server using the Radius Pluggable Authentication Module.. First, we will configure PAM to use Radius, then we will configure OpenVPN to use PAM and one-time passwords, then we will create a network client on the WiKID server for OpenVPN. We won't go into specifics about installing these services, rather we will focus on configuring them to all work together.
Source: Porcupine.org - Posted by Benjamin D. Thomas
In the spirit of our past work, our commitment to science and research, and our desire to help others we have also decided to put the text of the book online for free. Addison-Wesley was also kind enough to permit us to put up our final HTML drafts that we sent to the publisher; minus the final formatting and a few minor changes these should be very close to the book version and is suitable for printing, grep'ing, and the like. We will put up the final PDF version in the future as well.
We hope you find this useful; in addition to current owners all of this might be useful for those who cannot afford the printed version, would like to check it out without taking the fiscal plunge, or are just cheap.
This article addresses the role information security plays in an organization. Historically, organizations have deemed information security to be an information technology issue, one that the business as a whole did not need to address. Organizations have also treated information security as an add-on feature, almost an afterthought. Information security must become ingrained into the culture of the organization to ensure security compliance in all facets of the company. Organizations that are beginning to mature with information security may choose to investigate and implement established systems that support information systems.
Needs very little maintenance and is extendable beyond your wildest imagination. All depending on the hardware used, of course. This is just a COPY&PASTE howto. For more info use the net. I did... However, contributions and suggestions are allways welcome! I know this can be done better, so feel free. I should have based this tuto on 6.06 LTS right away, because of the LTS. Sorry for that. Due to some minor but important changes needed to make this work with Ubuntu 6.06 LTS, I wrote it again.
This guide describes how to generate and use a private/public key pair to log in to a remote system with SSH using PuTTY. PuTTY is an SSH client that is available for Windows and Linux (although it is more common on Windows systems). Using key-based SSH logins, you can disable the normal username/password login procedure which means that only people with a valid private/public key pair can log in. That way, there is no way for brute-force attacks to be successful, so your system is more secure.
When it comes to network security, Cisco is actively involved in coming up with some of the very best solutions to troublesome problems that unexpectedly occur. When it comes to books about security, however, Cisco Press has an uneven batting average. Some of the books are good, while others leave you wondering how they made it through the editing stage. Looking at words like “paradigm” on the back cover of this title, my spine began to get a familiar tingle, but in this case, I am happy to report, they have hit a home run.
Cisco Security MARS (Monitoring, Analysis, and Response System) is a product intended to work with your network and identify (as well as prevent) problems early on. It is also intended to boost data privacy to the point where compliance becomes a certainty. Given the customization that is possible and the importance of getting it right, a book on the topic that is detailed and easy to read is almost a necessity.
Roadwarrior is a client that uses unknown, dynamically assigned IP addresses to connect to a VPN gateway (in this case also firewall). This situation is shown on picture 1.1 and is one of the most interesting and today most needed scenarios in business environment. Here are some of the reasons why that is so: Client can be any computer (with any IP address assigned) that has Internet access and can initiate connection to VPN gateway. Wen connecting to VPN network, client is assigned an internal IP address on the network he is connecting to, which gives an impression that it is directly connected to VPN network, instead of connecting by tunneling through Internet. When internal IP address is assigned, network administration is easier. Traffic is protected on the route from the client to the VPN gateway. When connected, client doesn't have direct access to Internet because traffic is routed through VPN network and firewall (VPN gateway).
"The ASSP server project is an Open Source platform-independent transparent SMTP proxy server that leverages numerous methodologies and technologies to both rigidly and adaptively identify spam. This web site's domain name, "ASSPSMTP", is the common name used for the daemon or service running ASSP." In short ASSP is the most kickass solution that is both free and works great. It reduced spam to an absurd minimum for me. The current solutions (Spamassassin,Razor,Pyzor,Dcc) were not enough for my situation. This software works from the port 25 on a system. and stop spam where it enters your system.
More and more, developers are becoming aware of the threats posed by malicious code, and SQL injection in particular, and by leaving code vulnerable to such attacks. However, while SQL is the most popular type of code injection attack, there are several others that can be just as dangerous to your applications and your data, including LDAP injection and XPath injection. While these may not be as well-known to developers, they are already in the hands of hackers, and they should be of concern.
