In this review from Linux.com, you get into some of the details on our Open Source tool of the month. The Zenmap front end for Nmap is covered, its new enhancements as well as what to do with the Command Wizard. It also covers some of the basics on port scanners too...
Sometimes criticized for helping the bad guys find opening in the cracks of sites on the Internet, their real value is in allowing network security pros -- and those trying to protect their own machines and networks -- to test their own defenses. They can help ordinary users learn more about networking and network security.
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.
I am interested if anyone has tested out mod_anti_tamper. I like using mod_security but mod_anti_tamper look like it will work well side my side with mod_security increase a web servers security.
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Anything which helps Web application to be more secure is a very good thing. Have you implemented ModSecurity on your Apache server?
Linux is often known for being a staple of security. Whether its about the kernel itself, the secured applications or in this case viruses, Linux has always been up to the challenge. what happens if the big boys like Symantec or Norton start making A/V for Linux platforms? Would it even be needed...
So what about viruses written specifically to target Linux? Yes, such beasts do indeed exist. That said, the nature of an open-source platform makes it that much easier (and faster) to close over the holes that they exploit. This is as it should be, and right now a big part of the appeal of running Linux on the desktop is that you're not a broad target for malware.
AppArmor attempts to protect processes on the server or desktop from security threats. AppArmor enforces limits on what processes can access on the system. It attempts to restrict processes to those resources that the process requires to function only. AppArmor will not only define the system resources a program can access , it will also determine the privileges with which it can access those resources. To protect applications you will need to set up a security profile for each application that you want to protect.
This article talks about how to help secure Ubuntu with the AppArmor security framework. Since the release of Ubuntu Gutsy, AppArmor has been installed and loaded by default. Have you testing AppArmor with Ubuntu let if so do you think your computer is more secure?
The ever-contentious Linux Security Modules (LSM) API is being debated once again on linux-kernel, not its removal, which Linus Torvalds came down firmly against, but whether it should allow security modules to be loaded dynamically. As part of 2.6.24, Torvalds merged a patch to convert LSM into a static interface, but has indicated a willingness to revert it. The key sticking point is whether there are real security modules that require the ability to be runtime-loaded.
The debate continues over the Linux Security Module. The question is whether a security module should have the ability to load at runtime? Since the LSM connects to key parts of kernel space, a loadable module could open it vulnerable to a attack.
I give up. You should too. It's time to stop trying to secure users' Web browsers, and instead just throw them away. We can't stop users from clicking on the wrong links or going to compromised Web sites. We can't eliminate drive-by worm infections or block zero-day rootkits.
Is virtualization the answer to browser security? With virtualiztion no matter how badly damaged the users platform is, it can be easily reinstalled. Is this better then spending tons of time on setting up a very secure network for your user's?
Source: EnterpriseNetworkingPlanet - Posted by Bill Keys
But don't overlook the reliable, helpful old-timer Bastille Linux. Bastille Linux is both a batch of Perl scripts that lead you through hardening your Linux system, and an educational tool. I recommend running it just to get a grounding in basic security measures — the newfangled things are nice, but the basics are still important and valuable.
I have personal used Bastille Linux only once on a Fedora Distro. But have you tested it out, did you like it? Bastille might be a good place to start improving your security but it needs to be a ongoing process.
Rootkits that use virtualization techniques should not present detection problems, according to researchers from Carnegie Mellon and Stanford universities. Working with virtualization technology vendors VMware and XenSource, the researchers produced a study recently called "Compatibility is Not Transparency: VMM Detection Myths and Realities." (PDF)
What do you think does virtual rootkits pose a threat to VM security? The researchers are stating that they are detectable because even if the rootkit is virtual it still leaves a physical footprint. In other words, they consume some of the machine's resources.
VMWare Inc. is putting a lot of time and effort into assuring attendees at its VMWorld user conference here that security is near the top of the company's agenda. In light of the news in recent months about virtualized rootkits, there has been mounting concern among IT managers and security experts about the security of virtualized environments.
Virtization security has got a lot of attention as of late. Is the problem that vm servers share resources and can lead to memory leaks? Does hardware installs have the same problem?
