LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How would you rate the importance of default settings in security?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: July 4th, 2008
Linux Security Week: June 30th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Host Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Open Source Tool of the Month: Nmap looks better than ever!  06 February 2008 
Source: Linux.com - Posted by Ryan Berens   
In this review from Linux.com, you get into some of the details on our Open Source tool of the month. The Zenmap front end for Nmap is covered, its new enhancements as well as what to do with the Command Wizard. It also covers some of the basics on port scanners too... Sometimes criticized for helping the bad guys find opening in the cracks of sites on the Internet, their real value is in allowing network security pros -- and those trying to protect their own machines and networks -- to test their own defenses. They can help ordinary users learn more about networking and network security.

Write Comment

 
Anti Tamper Module for Apache  23 January 2008 
Source: DarkNet - Posted by Bill Keys   
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.

Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated. I am interested if anyone has tested out mod_anti_tamper. I like using mod_security but mod_anti_tamper look like it will work well side my side with mod_security increase a web servers security.

Write Comment

 
Gotroot Modsecurity Rules for Apache - Anti-spam and Security  03 January 2008 
Source: DarkNet - Posted by Bill Keys   
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. Anything which helps Web application to be more secure is a very good thing. Have you implemented ModSecurity on your Apache server?

Write Comment

 
Would We Need Antivirus For Desktop Linux?  13 December 2007 
Source: Information Week - Posted by Ryan Berens   
Linux is often known for being a staple of security. Whether its about the kernel itself, the secured applications or in this case viruses, Linux has always been up to the challenge. what happens if the big boys like Symantec or Norton start making A/V for Linux platforms? Would it even be needed...

So what about viruses written specifically to target Linux? Yes, such beasts do indeed exist. That said, the nature of an open-source platform makes it that much easier (and faster) to close over the holes that they exploit. This is as it should be, and right now a big part of the appeal of running Linux on the desktop is that you're not a broad target for malware.

Write Comment

 
How to Secure Ubuntu With AppArmor  02 November 2007 
Source: BeginLinux.com - Posted by Bill Keys   
AppArmor attempts to protect processes on the server or desktop from security threats. AppArmor enforces limits on what processes can access on the system. It attempts to restrict processes to those resources that the process requires to function only. AppArmor will not only define the system resources a program can access , it will also determine the privileges with which it can access those resources. To protect applications you will need to set up a security profile for each application that you want to protect. This article talks about how to help secure Ubuntu with the AppArmor security framework. Since the release of Ubuntu Gutsy, AppArmor has been installed and loaded by default. Have you testing AppArmor with Ubuntu let if so do you think your computer is more secure?

Write Comment

 
Kernel Space: Should Security Modules be Dynamically Loadable?  31 October 2007 
Source: Linux World - Posted by Bill Keys   
The ever-contentious Linux Security Modules (LSM) API is being debated once again on linux-kernel, not its removal, which Linus Torvalds came down firmly against, but whether it should allow security modules to be loaded dynamically. As part of 2.6.24, Torvalds merged a patch to convert LSM into a static interface, but has indicated a willingness to revert it. The key sticking point is whether there are real security modules that require the ability to be runtime-loaded. The debate continues over the Linux Security Module. The question is whether a security module should have the ability to load at runtime? Since the LSM connects to key parts of kernel space, a loadable module could open it vulnerable to a attack.

Write Comment

 
Virtual Browsers: Disposable Security  24 October 2007 
Source: LinuxInsider - Posted by Bill Keys   
I give up. You should too. It's time to stop trying to secure users' Web browsers, and instead just throw them away. We can't stop users from clicking on the wrong links or going to compromised Web sites. We can't eliminate drive-by worm infections or block zero-day rootkits. Is virtualization the answer to browser security? With virtualiztion no matter how badly damaged the users platform is, it can be easily reinstalled. Is this better then spending tons of time on setting up a very secure network for your user's?

Write Comment (1 Comments)

 
Bastille: Classic Linux and Unix Security  10 October 2007 
Source: EnterpriseNetworkingPlanet - Posted by Bill Keys   
But don't overlook the reliable, helpful old-timer Bastille Linux. Bastille Linux is both a batch of Perl scripts that lead you through hardening your Linux system, and an educational tool. I recommend running it just to get a grounding in basic security measures — the newfangled things are nice, but the basics are still important and valuable. I have personal used Bastille Linux only once on a Fedora Distro. But have you tested it out, did you like it? Bastille might be a good place to start improving your security but it needs to be a ongoing process.

Write Comment

 
Virtual Rootkits Not a Problem, Say Researchers  03 October 2007 
Source: ZDNet - Posted by Bill Keys   
Rootkits that use virtualization techniques should not present detection problems, according to researchers from Carnegie Mellon and Stanford universities. Working with virtualization technology vendors VMware and XenSource, the researchers produced a study recently called "Compatibility is Not Transparency: VMM Detection Myths and Realities." (PDF) What do you think does virtual rootkits pose a threat to VM security? The researchers are stating that they are detectable because even if the rootkit is virtual it still leaves a physical footprint. In other words, they consume some of the machine's resources.

Write Comment

 
VMWare Touts Security of the Virtual World  17 September 2007 
Source: searchsecurity - Posted by Bill Keys   
VMWare Inc. is putting a lot of time and effort into assuring attendees at its VMWorld user conference here that security is near the top of the company's agenda. In light of the news in recent months about virtualized rootkits, there has been mounting concern among IT managers and security experts about the security of virtualized environments. Virtization security has got a lot of attention as of late. Is the problem that vm servers share resources and can lead to memory leaks? Does hardware installs have the same problem?

Write Comment

 
<< Start < Prev 1 2 3 Next > End >>

Results 11 - 20 of 729
    
Partner:

 

Latest Features
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
HowTo: Secure your Ubuntu Apache Web Server
Yesterday's Edition

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.