Do you know if your server or your home computer has unnecessary ports open to the internet? These days most of the people have multiple devices which are constantly connected to the internet; each and every device comes with many services with open ports running quietly in the background. The user might not even have an idea of those services running, but the open ports often open new possibilities of threats from the outside world.
Installed home surveillance systems can cost thousands of dollars, they are expensive to maintain and costly to upgrade. Lying around your house right now you've probably got all the ingredients you need to create your own video surveillance system for next to nothing - all you need are a couple of old web cameras, a PC and some new free (as in freedom) Windows software called iSpy.
Latest from the Bizarre Cathedral.
Latest from the Bizarre Cathedral.
Some websites need to handle data securely and assure the end-user they are a) secure and b) who they say they are. The traditional way to achieve these is via Secure Socket Layer. Firefox 3 changed what happens when a self-signed SSL certificate is encountered. It's a change which has caused some concern and much discussion.
Should we only trust certificates signed by third parties? Are there cases where using a self-signed certificate is valid? Should users be informed or warned and how strong should the language of that notification be? Is it possible a simple solution is already available but has been overlooked in all the flan-flinging? I think so.
The guide will take you through the setup of the pfSense firewall with one WAN interface, one LAN interface and one Opt1-WiFi Interface.
This guide was written for Linksys, Netgear, and D-link users with no firewall or router experience. No experience is needed with FreeBSD or GNU/Linux to install and run pfSense. When you are finished, management of pfSense will be from a web interface just like any of the SOHO firewall/router appliances.
Requiring system accessibility via the Internet poses several problems for system administrators. One problem is allowing access by authorized users with the least amount of complexity on the client computer while keeping the system and its services safe from intruders. Common services that may be provided include web server, File Transfer Protocol (FTP) server, and Secure Shell (SSH) server. Each of these services can require different methods of security to ensure only authorized users have access.
The stability of an enterprise-wide infrastructure depends on understanding innovative, defensive security-related software. Linux Firewalls: Attack Detection and Response with iptables, psad and fwsnort written by Michael Rash and published by No Starch Press, outlines viable approaches that enable a defensive solution in depth.
Eighty percent of input to the brain is visual, and comes directly through the eyes. We humans are incredible machines with the ability to recognize patterns instantaneously. Machine technology is not capable of matching humans, and won't be for many decades. Security data visualization translates complex data relationships into meaningful visual patterns that humans can quickly interpret. The book Security Data Visualization: Graphical techniques for network analysis by Greg Conti and published by No Starch Press answers the important and core question: can visualization help with security? The answer is a resounding "yes".
Security has always been a concern when using a computer. First, we thought physical security was enough. After all, if the computer is in the house, how could anyone else get to it? But in today’s world, many of us live with our computers on-line twenty-four/seven. Security is not just loading up the latest protection software, but being aware of how the “bad guys” attack. Good security also requires vigilant testing and, since no one wants to simply issue a challenge to the “bad guys” and see what happens—they don’t typically fill out trouble tickets—we need to use tools that can simulate these attacks.
Honeypots look like victim systems waiting or searching for malware and other nefarious attacks, registering the enemy's practices in high-resolution gory, blood-ridden detail. Virtualization allows one system to act as a network of disparate victim OS’s and services. Security experts can observe attacks live or stored for detailed analysis, learn the methodology of Dr Evil and generate statistics for internet wide attacks.
With the lay public now moving their businesses and lives online, everything they do has an electronic component. But, being lay people, they’re using the most antiquated, bug-ridden, security-deficient, poorly-implemented solutions and services possible. And this is despite being told better. They indulge in PayPal, eBay, FaceBook, DRM, MySpace, and on-line shopping. All of which suck...
Most modern GNU/Linux distributions are secure with their default minimal installs, whether desktop or server, while some distributions are designed specifically with security in mind. However, any GNU/Linux distribution that needs services available to other users or systems will need either enhanced or configurable security. There are other situations in which added security is beneficial; for example, a large environment, while secure to the outside world, would be enhanced with additional security measures in place.
Have you ever wanted to configure a personal firewall for your GNU/Linux box, but were scared of the complexity of iptables? Well, I might not be able to make you a security expert, but I can show you a tool that will help you to configure your personal firewall the easy way. The secret? Firewall Builder (also known as
fwbuilder for short).
Having a web page is probably the most complex of the 'simple' tasks available. The typical process pipeline would begin with DNS, converting a human-friendly name into an IP address, and would be registered through one of the many registrars on the Internet. This IP address would connect, via your ISP's address block, to your public router or load balancer, routing valid traffic (and only the valid traffic) to the appropriate machine on your network. This machine could be a GNU/Linux box, an embedded device, or an arbitrary, standalone, application that just happens to open a suitable port. This machine relies on the server software and (sometimes) the underlying operating system to determine which files are available to which users.
And at every stage there's software involved that could be bugged, broken, or suffering planet-sized security flaws. Each configuration file gives an opportunity for human error, opening the holes wider. Every registration service discloses a little more of your private information to the general public. With so many steps involved, is it any wonder that problems exist?
No one would argue that software auditing is not an important feature of mission critical applications. If a software based process is critical to the life of your company, then so is the security and access control surrounding resources managed by that software based process. Auditing is the way you track who did what to what and when it happened. Lately, however, the software industry has been lackadaisical at best regarding auditing. Off the shelf software developers either care about auditing, or they don’t.
Pro Apache XML, authored by Poornachandra Sarang, PhD, and published by Apress, clearly explains XML, and, in specific, the Apache Software Foundation-related projects. eXtensible Markup Language (XML) is a human readable, machine-understandable text format. Web services send XML messages and XML acts as the underlying structure in configuration files for many modern frameworks and thus applications. In fact, the next quality-jump in the office suite is XML (zip compressed) document formats that are, in theory, easily translatable into other formats.
Two weeks ago, I explained how to set up a Kerberos realm; and last week, I went on to describe how to actually do something useful with it by doing Kerberized NFS. But there’s so much more interesting stuff that can be done with Kerberos, and it would be a shame to ignore those.
GSSAPI, SASL, and negotiation
NFS is a network protocol with which many UNIX-administrators have a love/hate relationship. On the one hand, it’s the ideal protocol if you need to export a filesystem from a UNIX-like system. On the other, it has a bit of a reputation of being insecure. Since a rogue system can just tell an NFS server that “hey, I’m representing a user with UID 1000, please remove all the files in my home directory”, this reputation may not be totally undeserved.
Or is it?
Good security is the basis of any viable website. With the internet being the most public of places, broken systems cost—money, reputations and possibly customer identities are the currency. Pro PHP Security, published by Apress and written by Chris Snyder and Michael Southwell, is a detailed and authoritive account of the security details that effect a successful deployment of a PHP website. The book ranges from the almost theoretical to the highly practical such as SQL injection attack hardening and validating user input.