Hand-rolling your own Linux-based network servers, routers and wireless access points is easier than ever largely because of the proliferation of tiny, specialized Linux distributions like Zeroshell. Zeroshell weighs in at just over 100 megabytes, making it perfect for embedded devices like PC Engines WRAP boards, Soekris boards, Mini-ITX, and other small form-factor computers
Check out this lightweight Linux distro which is suited to delivering network security services running on embedded devices.
Malicious SSH login attempts have been appearing in some administrators' logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one's system against these attacks.
Have you ever looked at your ssh logs and notice attackers trying to get in? This article analyses those logs and presents some recommendations to show you how to make your ssh server more secure.
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interested articles include "Problems with Penetration Testing," "Access Remote Network Services with SSH Tools," and "Protecting a Web Application Against Attacks Through HTML Shared Files."
Penetration testing is as popular as ever, yet it continues to miss the mark. As a means of validating the security of an application system, it fails miserably on several counts.
I continue to find organizations that make extensive use of penetration testing as their primary means of security testing systems before they go live, or periodically while they are in production. There are a myriad of problems with this approach, but I’d like to address one particular here that you likely haven’t considered.
This article looks at some of the issues with doing penetration testing. Do you do penetration testing on your applications?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for libcdaudio, ekg, net-snmp, optipng, libpng, rgmanger, gallery, gnutls, kernel, ruby, seamonkey, firefox, flash-plugin, acroread, httpd, gnutls, cups, netpbm, and tk. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and Ubuntu.
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
This article looks at the web testing framework live CD called Samurai. It has some interesting features so, check it out. Do you use any other Linux security live CD's?
You probably rely on the services on your own private network -- wikis, mail servers, Web sites, and other applications you've installed. What happens when you have to leave the friendly confines of your network? With minimum exposure and few simple tools, you can get all of the comforts of home anywhere you can find an Internet connection.
Do you want to learn how to use SSH tools to access services on a remote private network securely? Read on to find out about some of the features of SSH which you may not be familiar with.
