My implicit presumption in this series is that break ins are unplanned, opportunistic occurrences. Break in attempts are triggered by encountering an input form. As I mentioned previously, do not give information away needlessly. Moreover, I strongly suggest you consider becoming passively aggressive by making your presentation of the form and its expected input somewhat unpredictable. Moreover, I advise turning your data input into a simple waste of time and effort for those not trained to use the entry way. The intent is to encourage those seeking easy break in opportunities to turn their sights on other targets.
This article looks at the problem of how Web Application should validate the data they receive from the end-user. Do you validate your data from the Internet?
A traditional firewall is commonly employed to restrict Web site access to Ports 80 and 443, used for HTTP and Secure Sockets Layer communications, respectively. However, such a device does very little to deter attacks that come over these connections. URL query string manipulations including SQL injection, modification of cookie values, tampering of form field data, malformed requests and a variety of other nasty tricks are often given free passage on allowed, legitimate traffic.
Making your Web Application secure is a important feature to implement. This article looks at some quick but important things you can do to improve your application security.
Thanks to the end-of-term for many colleges and some K12 schools, brute-force attacks against SSH servers surged sharply this past weekend, according to the SANS Internet Storm Center. The sudden jump in SSH attacks merits a re-examination of how such servers should be properly secured. Jim Owens and Jeanna Matthews of the Department of Computer Science at Clarkson University have published a paper on the methods that such attacks frequently employ and on the best ways to defeat them.
Brute-force attacks gets a lot of attention in the press but do we really need to study it? Yes, with botnet and more powerful computers it makes brute-force attacks more affective. However, if users use strong passwords then the likely hood that they will be hacked by this type of attack goes down drastically.
The FBI issued an alert this week warning that wireless Internet networks, often called Wi-Fi hotspots, are more vulnerable to hackers than most users probably realize.
In South Florida, Wi-Fi hotspots are at airports, fast food restaurants, bookstores, coffee shops, sports bars, school campuses, malls, supermarkets -- just about everywhere. Several cities and neighborhoods in the region plan to eventually install networks for residents, too.
How secure do you think is your local hotspot? Do you trust it to do your finances or other personal tasks via a coffee shop Wi-Fi access point?
SH’s (secure shell) most common authentication mode is called “interactive keyboard password authentication”, so called both because it is typically done via keyboard, and because openssh takes active measures to make sure that the password is, indeed, typed interactively by the keyboard. Sometimes, however, it is necessary to fool ssh into accepting an interactive password non-interactively. This is where sshpass comes in.
This article looks some of the security concerns with using sshpass. Do you use sshpass? If so do you think about the security issues with it.
In an ideal world, words like cryptography and security wouldn't even exist, but the real world is far from perfect, so software developers have to spend a good deal of time building security into applications. Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages.
Building security into your web applications is an important skill to have. Have you thought about adding cryptography to your php programs? If so this article looks at ways of doing so.
Source: Linux home networking - Posted by Bill Keys
Configuring Samba for your office or home can provide many advantages. By encouraging users to store files on a central file server, you can simplify data backup and in some cases, software installation and maintenance.
Unfortunately, the initial configuration of Samba can be tricky. Many simple steps need to be executed in the correct order, and one small slip up can have big repercussions. This chapter explores the ways in which you can recover from those mistakes that you couldn't avoid.
Do you thing about how can I make my share secure? When setting up Samba it alway important to make it secure. This article will show you how to setup a secure Samba share.
Source: Network World - Posted by Eckie Silapaswang
Think server sprawl is bad now? Just wait till you experience virtual server sprawl. When users can clone a virtual machine with the click of a mouse, or save versions of applications and operating systems for later use, you're asking for trouble if IT doesn't maintain tight control, virtualization management vendor Embotics warned in a session at Interop Las Vegas Tuesday. (Look through our slideshow at other products shown at Interop.)
The ease of creating and deploying virtual machines can lead to a nightmare of confusion when it comes to IT maintenance. How do you keep track of hundreds of VMs scattered about your network, all with varying operating systems and applications installed? How do you know which ones are securely patched and what other servers they can access? Read on for an overview of this growing problem and let us know what solutions you may have for virtual server sprawl.
CDPSnarf is a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.
Read on for some example output from CDPSnarf as well as links to the actual project. Let us know if this aids in your CISCO traffic debugging!
With tinc you can create a virtual private network (VPN) that lets you communicate between two machines over an insecure network such as the Internet with all of your traffic encrypted between the hosts on your virtual network.
Another interesting application for tinc is connecting your laptop to a Wi-Fi router at home. You might already be using WPA2 to ensure that only valid hosts can connect and communicate with your Wi-Fi router, but you might not be able to assign a fixed address to the laptop when it is connected over Wi-Fi. So if you want to connect to an SSH daemon on the laptop itself or access an NFS share on the laptop, you have to play guessing games as to which IP address the Wi-Fi router has given the laptop this time. Running tinc on the laptop and a server at home removes the guessing game -- just connect to the laptop's VPN IP address.
This is an interesting article for anyone who is thinking about setting up an VPN. It talks about using a tool called tinc.
