Source: EnterpriseNetworkingPlanet - Posted by Bill Keys
But don't overlook the reliable, helpful old-timer Bastille Linux. Bastille Linux is both a batch of Perl scripts that lead you through hardening your Linux system, and an educational tool. I recommend running it just to get a grounding in basic security measures — the newfangled things are nice, but the basics are still important and valuable.
I have personal used Bastille Linux only once on a Fedora Distro. But have you tested it out, did you like it? Bastille might be a good place to start improving your security but it needs to be a ongoing process.
Rootkits that use virtualization techniques should not present detection problems, according to researchers from Carnegie Mellon and Stanford universities. Working with virtualization technology vendors VMware and XenSource, the researchers produced a study recently called "Compatibility is Not Transparency: VMM Detection Myths and Realities." (PDF)
What do you think does virtual rootkits pose a threat to VM security? The researchers are stating that they are detectable because even if the rootkit is virtual it still leaves a physical footprint. In other words, they consume some of the machine's resources.
VMWare Inc. is putting a lot of time and effort into assuring attendees at its VMWorld user conference here that security is near the top of the company's agenda. In light of the news in recent months about virtualized rootkits, there has been mounting concern among IT managers and security experts about the security of virtualized environments.
Virtization security has got a lot of attention as of late. Is the problem that vm servers share resources and can lead to memory leaks? Does hardware installs have the same problem?
Longtime readers of my column know what a honeypot proponent I am. I run several around the world, collecting information on malware and malicious hackers, and I think every company should have one.
I find honeypots quit interesting because you can see what attackers are trying to do but, how useful are they? If system administrators implemented strong security measures then are honeypots useful to them? I feel honeypots should only be used for computer security researchers.
A few emails have come through about how user’s WordPress installations have been compromised, or where an attacker has found resources he/she shouldn’t have. This article will discuss some security techniques to better harden and secure your WordPress blog; this is especially effective in a hosted environment.
Learning to use the .htaccess file is important not only for web blogs but for any web application. Restricting access is the key here, what users can and can't do on a website. There are other ways to restrict access, do you know any?
System administrators need to secure their systems while avoiding locking them down so strictly that they become useless. Bastille is a software tool that eases the process of hardening a Linux system, giving you the choice of what to lock down and what not to, depending on your security requirements.
I remember using Bastille a couple of times but after using it I changed many of the changes back to what it was before. Do you use Bastille every time you install a new OS? It sure does help with improving security but does it hurt usability to much for desktop user's to run?
How can you be sure your network is secure? Before you can patch vulnerabilities you need to discover them. You need to think like a cracker might. You need to hack your own system. This is known as “penetration testing” – a more palatable term to corporations – and the rich tool set of Linux makes it a superb platform for doing this.
Nmap is a simple tool for penetration testing but it does a great job of letting you know what the attackers are seeing. I find my self finding opening in my network that I have never seen before while using this tool. Do you think Nmap can be our only penetration testing tool or should users use other as well?
On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. Have you test drove McAfee's Rootkit Detective software? The feature that made me think about trying it out is McAfree says that it has the ability to detect self-cloaking malware attacks that install themselves as kernel modules or drivers. Since any attack that installs them self's in the kernel are very hard for software to detect, I am in interested in how effective they are in finding them. Also, how does this software rank up against other rootkit finders for example, chkrootkit?
Have you heard that Rule Set Based Access Control (RSBAC) 1.3.5 has been released for both
Linux kernels 2.4.34.5 and 2.6.22.1?. How is RSBAC different from other security frameworks like SELinux? One improvement that caught my eye was " Cache for inherited filesystem attribute values ". Seems that this will help increase performance of RSBAC. Check out RSBAC for your self and see how it compares with other Access control security frameworks.
" An increasing number of malware attacks are exploiting software application vulnerabilities." In software development is security a after thought when designing and writing a application? Patching a program after it's release is also just as import as to writing secure code. However, I believe that software developers depends on patching their software too much. In market of making software, vendors need to get the software out the door as fast as possible. So what is the balance between speed of deployment and writing secure code?
