- Social Engineering Methods for Penetration Testing
- Putting Infosec Principles into Practice
- Installing an Apache Web Server with TLS
- Essential tools for hardening and securing Unix based Environments
- Peter Smith Releases Linux Network Security Online
- Securing a Linux Web Server
- Password guessing with Medusa 2.0
- Password guessing as an attack vector
- Squid and Digest Authentication
- Squid and Basic Authentication
Fri, 21 Oct 2016 10:18:59 +0000
LinuxSecurity.com: Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.Fri, 23 Sep 2016 10:53:29 +0000
LinuxSecurity.com: When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.Mon, 22 Aug 2016 15:30:11 +0000
LinuxSecurity.com: One of the powerful things that Linux on servers allows you to do is to create scalable web applications with little to no software costs. Apache HTTPD, commonly referred to as just Apache, is the number one web server software in the world.Tue, 26 May 2015 19:34:05 +0000
LinuxSecurity.com: System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services.Mon, 06 Jan 2014 18:28:38 +0000
LinuxSecurity.com: Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."Tue, 28 Apr 2015 11:26:18 +0000
LinuxSecurity.com: With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.Mon, 09 Jan 2012 13:34:36 +0000
LinuxSecurity.com: Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelogTue, 13 Dec 2011 11:27:40 +0000
LinuxSecurity.com: Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.Thu, 01 Dec 2011 15:02:43 +0000
LinuxSecurity.com: Digest AuthenticationDigest Authentication hashes the password before transmitting over the wire. Essentially it sends a message digest generated from multiple items including username, realm and nonce value. If you want to know more see (RFC 2617).Thu, 01 Dec 2011 15:00:24 +0000
LinuxSecurity.com: This is perhaps the easiest authentication helper to configure in Squid, but also the most insecure. The biggest problem with Basic is it transmits username and password in clear text, hence very susceptible to network sniffing or man in the middle type attacks. The only reason I'm writing about it is it's a valid authentication mechanism in some limited circumstances. Secondly I want to show you how authentication has evolved over the years.