LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How would you rate the importance of default settings in security?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: May 16th, 2008
Linux Security Week: May 13th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Security Projects
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Prolexic Defends Anti-spam Services Against Ongoing Ddos Attacks  26 September 2007 
Source: Prolexic - Posted by Eckie Silapaswang   
Even companies that provide us protection against spam are targets themselves. SURBL has recently announced a public thanks to Prolexic for providing their DDOS mitigation services to protect the website. Due to their efforts the ongoing attacks are now virtually invisible. Read on for a summary of the project - maybe you should check to see if your SURBL list providers or other spam protection services are protected themselves?

Write Comment

 
UTM Firewalls: Ready For the Enterprise  31 August 2007 
Source: Network World - Posted by Eckie Silapaswang   
I once saw a football game where the defensive tackle was just not holding up his game. Runs kept going through his assigned slot, and the offense hammered that side relentlessly. Fortunately for him, they shifted the defense so the middle linebackers could plug up the hole, effectively nullifying any plays going to that side.

This article does go over many benefits of Unified Threat Management (UTM) firewalls - all your antivirus, malware, etc. detection and blocking in one layer. The aim of this seems to be ease of management. However, I"m reminded of UTM firewalls the same as that offensive line I previously mentioned. What's the use of an all-star lineup if there's a hole to be exploited? This is where "security in layers" shows its strengths - difficulty of setup is just one sacrifice you pay in order to have a secure system.

Write Comment (1 Comments)

 
Open Source Security, Part 2: 10 Great Apps  20 August 2007 
Source: Linux Insider - Posted by Eckie Silapaswang   
For everyone who loves lists, this article brings you a quick roundup of 10 great open-source applications that have a penchant for security in mind. What do you think of this list? See any other good open-source app you would recommend for anyone running a secure server setup?

Write Comment (1 Comments)

 
Antivirus Tools Underperform When Tested in LinuxWorld 'Fight Club'  09 August 2007 
Source: Dark Reading - Posted by Eckie Silapaswang   
LinuxWorld hosts a battle royal of anti-virus software in an AV 'FightClub' - 10 AV products are put up against 25 viruses to see who is still left standing. Don't worry, open-source enthusiasts, ClamAV performed in the top-tier, being one of only 3 tools that detected and properly blocked those viruses. Certain tools couldn't even catch 10% of the viruses. This just goes to show just how effective open source can be especially in the world of "taken for granted" anti-virus programs.

Write Comment (1 Comments)

 
Learn to use Metasploit - Tutorials, Docs & Videos  20 July 2007 
Source: Darknet.org - Posted by Eckie Silapaswang   
It seems these days you can't get into a discussion about security tools without having Metasploit, the open-source exploit framework, being mentioned. This day is no different. Due to a recent surge of research and development by the creators of Metasploit, the author of this article decided it would be a good idea to have a compilation post of resources including history, docs, and videos of the framework in action. Read on to find out what all the fuss is aboot. Oh yea, did I mention it was written in Ruby?

Write Comment

 
Detecting "Off Port" Services  10 July 2007 
Source: Tenable Network Security - Posted by Eckie Silapaswang   
Anyone who has used Linux long enough will look at numbers such as 22 and 80 in a totally different light than everyone else. Default port numbers are expected to be hammered with tons of packets day to day, from legitimate user requests to probes sent by nmap scans. Changing services such as SSH and FTP to non-default numbers are not only a tactic for securing your server - they're a tactic for malicious users to hide these services as backdoors once a system is compromised. Read on to see how scanning tools such as Passive Vulnerability Scanner and Nessus can be used to scan for these "off port" services.

Write Comment

 
Virtual Hosting With vsftpd And MySQL On Debian Etch  26 June 2007 
Source: HowtoForge - Posted by Eckie Silapaswang   
Layers upon layers of security should make anyone feel warm and fuzzy about their secured application. I like the fact that if anyone is going to root me, they're going to have to WORK for it. FTP was always an area where I felt it could use a little more work in locking down its defenses. Enter Vsftpd along with a tag team partner of virtualization, and you've got a how-to of sandboxing your FTP server into a virtual environment.

Write Comment

 
Pixy - An Open-Source Vulnerability Scanner for PHP Applications  21 June 2007 
Source: Secure Systems Lab - Posted by Eckie Silapaswang   
In the months following the PHP "Month of Bugs", we have seen all sorts of exploits developed and publicized ranging from the obscure to warnings of vulnerable WordPress-based blogs. How do you know if your PHP applications are not affected by a bug, or worse yet, already compromised? Bring in a new tool from Secure Systems Lab - Pixy, an open source vulnerability scanner for PHP applications. Get this before they get you!

Write Comment

 
Web Application Attack and Audit Framework  13 June 2007 
Source: SourceForge - Posted by Benjamin D. Thomas   
w3af, is a Web Application Attack and Audit Framework. It is extended using plugins; the framework and the plugins are fully written in python. Each plugin will add a functionality like xss detection or sql injection exploitation.

Write Comment

 
With RHEL 5, Red Hat goes to bat for SELinux  06 June 2007 
Source: SearchEnterpriseLinux.com - Posted by Eckie Silapaswang   
IT managers that want to secure their Linux environments and keep things running smoothly have a very powerful tool at their disposal: Security Enhanced Linux, or SELinux, an implementation of mandatory access controls originally developed by the National Security Agency (NSA) and integrated in to most mainstream Linux distributions.

Write Comment

 
<< Start < Prev 1 2 3 Next > End >>

Results 11 - 20 of 315
    
Partner:

 

Latest Features
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
HowTo: Secure your Ubuntu Apache Web Server
SSH: Best Practices
Yesterday's Edition
Strong passwords no panacea as SSH Brute-Force Attacks Rise
Tools circulate that crack Debian, Ubuntu keys

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.