LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How would you rate the importance of default settings in security?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: May 9th, 2008
Linux Security Week: May 5th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Network Security
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



sshpass - Non-Interactive SSH Password Authentication  08 May 2008 
Source: DebianAdmin - Posted by Bill Keys   
SH’s (secure shell) most common authentication mode is called “interactive keyboard password authentication”, so called both because it is typically done via keyboard, and because openssh takes active measures to make sure that the password is, indeed, typed interactively by the keyboard. Sometimes, however, it is necessary to fool ssh into accepting an interactive password non-interactively. This is where sshpass comes in. This article looks some of the security concerns with using sshpass. Do you use sshpass? If so do you think about the security issues with it.

Write Comment

 
A Guide to Cryptography in PHP  08 May 2008 
Source: Devx - Posted by Bill Keys   
In an ideal world, words like cryptography and security wouldn't even exist, but the real world is far from perfect, so software developers have to spend a good deal of time building security into applications. Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages. Building security into your web applications is an important skill to have. Have you thought about adding cryptography to your php programs? If so this article looks at ways of doing so.

Write Comment

 
Samba Security and Troubleshooting  06 May 2008 
Source: Linux home networking - Posted by Bill Keys   
Configuring Samba for your office or home can provide many advantages. By encouraging users to store files on a central file server, you can simplify data backup and in some cases, software installation and maintenance.

Unfortunately, the initial configuration of Samba can be tricky. Many simple steps need to be executed in the correct order, and one small slip up can have big repercussions. This chapter explores the ways in which you can recover from those mistakes that you couldn't avoid. Do you thing about how can I make my share secure? When setting up Samba it alway important to make it secure. This article will show you how to setup a secure Samba share.

Write Comment (4 Comments)

 
Virtual Server Sprawl Highlights Security Concerns  01 May 2008 
Source: Network World - Posted by Eckie Silapaswang   
Think server sprawl is bad now? Just wait till you experience virtual server sprawl. When users can clone a virtual machine with the click of a mouse, or save versions of applications and operating systems for later use, you're asking for trouble if IT doesn't maintain tight control, virtualization management vendor Embotics warned in a session at Interop Las Vegas Tuesday. (Look through our slideshow at other products shown at Interop.)

The ease of creating and deploying virtual machines can lead to a nightmare of confusion when it comes to IT maintenance. How do you keep track of hundreds of VMs scattered about your network, all with varying operating systems and applications installed? How do you know which ones are securely patched and what other servers they can access? Read on for an overview of this growing problem and let us know what solutions you may have for virtual server sprawl.

Write Comment

 
CDPSnarf - CDP Packet Sniffer  30 April 2008 
Source: Darknet.org - Posted by Eckie Silapaswang   
CDPSnarf is a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

Read on for some example output from CDPSnarf as well as links to the actual project. Let us know if this aids in your CISCO traffic debugging!

Write Comment

 
Creating a VPN with Tinc  14 April 2008 
Source: Linux.com - Posted by Bill Keys   
With tinc you can create a virtual private network (VPN) that lets you communicate between two machines over an insecure network such as the Internet with all of your traffic encrypted between the hosts on your virtual network.

Another interesting application for tinc is connecting your laptop to a Wi-Fi router at home. You might already be using WPA2 to ensure that only valid hosts can connect and communicate with your Wi-Fi router, but you might not be able to assign a fixed address to the laptop when it is connected over Wi-Fi. So if you want to connect to an SSH daemon on the laptop itself or access an NFS share on the laptop, you have to play guessing games as to which IP address the Wi-Fi router has given the laptop this time. Running tinc on the laptop and a server at home removes the guessing game -- just connect to the laptop's VPN IP address. This is an interesting article for anyone who is thinking about setting up an VPN. It talks about using a tool called tinc.

Write Comment

 
Performance Tradeoffs of TCP Selective Acknowledgment  10 April 2008 
Source: IBM.com - Posted by Eckie Silapaswang   
Selective acknowledgment (SACK) is an optional feature of TCP that is necessary to effectively use all of the available bandwidth of some networks. While SACK is good for throughput, processing this type of acknowledgment has proven to be CPU intensive for the TCP sender. This weakness can be exploited by a malicious peer even under commodity network conditions. This article presents experimental measurements that characterize the extent of the problem within the Linux® TCP stack. SACK is enabled by default on most distributions.

This article provides a detailed analysis of the Linux TCP stack with an in-depth look at SACK. Can exploitation of SACK drive CPU intensity to the point that it can be considered a legitimate DoS attack? Read on to find out!

Write Comment

 
Symark's Security Access Tool Bridges Linux, Active Directory  09 April 2008 
Source: searchenterpriselinux - Posted by Bill Keys   
There's a downside to adding Linux or Unix servers to a Windows shop: These orphan machines lie outside the protective umbrella of the centralized user authentication and authorization controls of Microsoft Active Directory. The result? Multiple user identifications and logins, higher risk of errors and security loopholes, and of course, more work for system administrators. Adding security in a Linux and Window environment is an important step in the health of a users network. This article looks some ways to increase the security of an Linux Windows shared environment.

Write Comment

 
OpenPacket.org 1.0 Is Live  07 April 2008 
Source: Tao Security - Posted by Eckie Silapaswang   
Nearly three years after the initial post describing the idea , I am happy to report that OpenPacket.org 1.0 is ready for public use, free of charge.
The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and other members of the digital security community. One of the most difficult problems facing researchers, analysts, and others is understanding traffic carried by networks. At present there is no central repository of traces from which a student of network traffic could draw samples. OpenPacket.org will provide one possible solution to this problem.

For all the Snort, Wireshark, and TcpDump enthusiasts out there, OpenPacket.org provides fresh packets for research and analyzing purposes. Looking for a particular traffic pattern? Check out OpenPacket.org!

Write Comment

 
Analyzing Malicious SSH Login Attempts  02 April 2008 
Source: SecurityFocus - Posted by Bill Keys   
Malicious SSH login attempts have been appearing in some administrators' logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one's system against these attacks. We have all see in your log files attempts on trying to login in to our Linux machines through ssh. If you are interesting in learning more about what they are doing then trying to login in to your machine, setting up a honeypot is a great way to learn. This article explains everything you need to know about honeypots.

Write Comment

 
<< Start < Prev 1 2 3 Next > End >>

Results 1 - 10 of 1470
    
Partner:

 

Latest Features
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
HowTo: Secure your Ubuntu Apache Web Server
SSH: Best Practices
Yesterday's Edition
sshpass - Non-Interactive SSH Password Authentication
Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use
Firefox Infects Vietnamese Users With Trojan Code
A Guide to Cryptography in PHP

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.