SQL injection attacks can allow hackers to execute arbitrary SQL commands on your database through your Web site. To avoid these attacks, every piece of data supplied by a user on a Web form, through HTTP Post or CGI parameters, or other means, must be validated to not contain information that is not expected. GreenSQL is a firewall for SQL -- it sits between your Web site and MySQL database and decides which SQL statements should and should not be executed. At least that's the idea -- in execution, I found some open doors.
Do you want to know how you can protect your website's MySQL server from SQL injection attacks? Then read the following article which reviews GreenSQL, a proxy which guards against these types of attacks.
Most of you may not notice, or may not care, about the software versions that get revealed by the running services on your server. By default almost all services reveal some information to the clients that use them. Among this information is the version of the software that is being run. It has always been best practice, not to reveal more than it is needed. Why reveal the version of the service when nobody needs to know it? By letting these details be seen, you don't get anything else, but an extra chance for crackers to break into your server.
Have you though about hiding your version of services to attackers? This article looks at four services VSFTPD, PHP, Apache, and Postfix and simples ways of hiding there version numbers.
To help developers audit Web application security, Google has released an open source tool called ratproxy. It is a non-disruptive tool designed for Web 2.0 and AJAX applications that produces an easy-to-read report of potential exploits.
Ratproxy is a local program designed to sit between your Web browser and the application you want to test. It logs outgoing requests and responses from the application, and can generate its own modified transactions to determine how an application responds to common attacks. The list of low-level tests it runs is extensive, and includes:
Have you testing out ratproxy yet? If not this article will show you how to install and use it for your self.
Source: Linux Insider - Posted by Eckie Silapaswang
Plat'Home's latest product, OpenBloks is a pint-sized Linux server that weighs in at a measly 225 grams. It's not much bigger than a deck of cards, but it can run many of the same server applications full-sized machines run. It's ideal for many surveillance and automation processes that rely heavily on reliability.
Check out this article for an interesting look into alternatives for huge rack-mount, power-eating servers. What do you feel are the postivies and negatives for this implementation of Linux servers?
This mini-howto explains how to set up an SSH server on Debian Etch with public-key authorization (and optionally with disabled password logins). SSH is a great tool to control Linux-based computers remotely. It's safe and secure.
There's no warranty that it'll work for you. All of these settings are applicable for Debian and -like systems! There may be slightly changes on other systems as well.
Know your role and your SSH! There's nothing like a concise HowTo on getting things done, and in this case you can get your SSH woes out of the way with this article. Check one of our feature stories by Ryan W. Maple for an even more in depth view SSH best practices!
Source: SearchEnterpriseLinux.com - Posted by Eckie Silapaswang
While Microsoft's Active Directory (AD) is an effective play to circumvent the inherent central authentication foibles of Linux, getting the technology synced with servers has been a complex undertaking for IT practitioners, to say the least.
Integrating with Windows eventually has to happen since there is no denying the majority. However, there are obvious open source secure solutions to authentication with Windows - LDAP and Kerberos along with a touch of Samba can go a long way in providing that type of solution. Read on for a devil's advocate's view of Linux authentication in a Windows environment - do you think these solutions match up to what Microsoft can put out?
PuTTY allows you to use your Symbian-powered mobile device to connect securely to a remote computer no matter where you are located. With this tool you can perform various tasks and I bet many of you would like to be able to control their server from the road, we all know problems occur at the least opportune time.
Guests can never be trusted. Whether they're just anonymous users poking around your server or house guests that never seem to flush the toilet, you can never really entrust the integrity of your system to someone you don't know. Well, how about putting them in a sandbox environment? Not good enough? What about sandbox-within-a-sandbox? Read on to learn about combining the powers of chroot with Unionfs which enables you to put untrusted users into a safe, secure environment where damage is highly mitigated.
When ten plus people are yelling at you at the same time, who do you listen to? It wouldn't matter if everyone was yelling out the scores from yesterday's ball game, however, what if they were yelling about which box / server / service is down? Organize and get your battle plan set by having Nagios sort it all out for you. In fact, make sure everything is working properly with a secured SSH server first and you'll have an easier time bouncing around your network to mitigate any damages.
“Novell has released the first service pack (SP1) for its Suse Linux Enterprise 10 server software, which promises better virtualization and high performance support along with improved security”. Novell is claiming they improved virtualization security, but what is that security? While doing some research I went to the Novell official website I could not find any information stating how they improved virtualization security. Suse Linux virtualization Security; where's the proof?
