Source: Net-Security.org - Posted by Benjamin D. Thomas
Given massive data growth across all industries, Information Lifecycle Management or ILM has become accepted as a critical business goal many organisations hope to achieve over time. Most organisations recognise that they cannot simply continue to store and then blindly manage data of all types on primary storage. That data which has immediate relevance to active business processes merits a place on high-performance/high-availability primary storage. It also warrants special attention with frequent or continuous data protection and business continuance processes.
You might remember my previous posting on websites that insist on sending your username and password credentials over the internet in plain text (in other words, anyone in between you and the destination web server can 'sniff' these credentials if they know what they are doing). This article created a substantial amount of feedback from both users and website owners. Some agreed to modify their authentication methods, some accused me working for their competition. No, I'm not making that up.
Since it’s inception in 1995, SSH has become the most widespread remote login protocol for Linux boxes, with some estimates saying that there were at least 2 million SSH users at the end of 2000. Gone are the days of telnet sending your data in plaintext over untrusted networks. Now you can type with a reasonable amount of confidence that your data is encrypted and secure. But, as Uncle Ben said, with great power comes great responsibility! By its very nature, an improperly configured ssh daemon can be a network liability rather than a asset. If you have a Linux box that is accessible via the Internet, it pays to know what you are doing. Therefore, here are five things you can do to lock down your server and make ssh more secure…
Source: Enterprise Networking - Posted by Benjamin D. Thomas
When asked about security on a multi-user Linux system, a wise man once said "everyone is root if you allow them to login as a user." There is plenty of truth in that, but embracing imminent compromise isn't always acceptable. Let's take a look at how you can limit your exposure while letting unknown and untrusted users login with a shell.
There are two groups of people who typically want to heavily restrict login users. First, the collaborators: possibly two separate organizations that have been forced to work together. Second, people who wish to allow some shady characters access to a shell but believe they may attempt to compromise security. If at all possible, the best policy is to simply not give access out, and if you do, make sure patches are applied daily.
Internet provides a wide range of content related to all topics. A large part of it is necessary to develop business activity. For this reason, companies in the twenty first century need the information available on the Internet to guarantee good results. However, the universal nature of this content allows employees with Internet access to make personal use of company resources, accessing content that is not related to their work, and thereby degrading the company’s profitability.
The Apache/PHP/MySQL stack is immensely popular for web application development, its components are powerful, versatile and Free. Unfortunately however, PHP comes with a default configuration that is not suitable for production mode, and may cause developers to use insecure techniques during the development phase. Inside is a check list of settings that are intended to harden the default PHP installation.
More than half of the Internet’s name servers are configured incorrectly, leaving networks vulnerable to pharming attacks and enabling servers to be used in attacks that can wipe out DNS infrastructure. This is the key finding of a survey of the Internet’s domain name servers released Monday. The Measurement Factory conducted the survey for Infoblox, which sells DNS appliances. Overall, the 2006 DNS Report Card assigned a grade of D+ for DNS security. This is the second annual survey conducted by The Measurement Factory about the state of the global DNS.
Ajax programming is one of the most exciting new technologies in recent history. Ajax (Asynchronous Javascript and XML) allows a web page to refresh a small portion of its data from a web server, rather than being forced to reload and redraw the entire page as in traditional web programming. Since they can make frequent, small updates, web applications written with Ajax programming can present user interfaces that are more like desktop applications, which are more natural and intuitive interfaces for most users. However, just like Uncle Ben said to Peter Parker (aka Spider-Man™) , with great power comes great responsibility. Web applications have become prime targets for malicious users and hackers performing SQL injection and similar attacks.
Web 2.0 is bringing in new security concerns and attack vectors. Yamanner, Samy and Spaceflash type worms are exploiting “client-side” AJAX frameworks, providing new avenues of attack and compromising some of the confidential information. On the “server-side”, XML based Web services are replacing some of the key functionalities and providing distributed application access through Web services interfaces. Here is the list of 10 attack vectors along with a brief overview of each.
Source: Newsforge.com - Posted by Benjamin D. Thomas
Directory services play a critical role in ensuring computer networks are properly secured and efficiently managed. While Linux machines running in Microsoft Windows networks can interoperate with Active Directory, configuration is complicated - especially for administrators lacking Linux expertise. Managing authentication between Windows and Linux systems just got easier.
Linux systems, as shipped, include support for Kerberos, LDAP and other security/authentication protocols, but don't typically come ready to perform single-sign on Linux by buying specialized, proprietary software. It is possible to partially implement Active Directory-based single sign-on on Linux systems without any additional software.
