x
Loading
 Loading
Hello, Guest | Login | Register
Security
Five Easy Ways to Secure Your Linux System
Five Easy Ways to Secure Your Linux System
When it comes to system security, there's no single correct solution. But with vigilance and these techniques, you will be five steps closer.
Got Security? You're in Denial
Do you think your systems are secure? Install DenyHosts and you'll realize that you were in denial.
Klaatu Recommends Nikto for Web Security
Download and use Nikto before an attacker reduces your website to a burned-out cinder.
Ubuntu's Encrypted Home Directory: A Canonical Approach to Data Privacy
How can users protect themselves from the loss of important data when a computer goes missing? Well, the latest release of Ubuntu makes this not only possible, but frighteningly easy!
Your Distro is Insecure: Ubuntu
Ubuntu Server has one of the cleanest and easiest Linux distribution installers. However, in many cases, its designers choose to ignore security in favor of ease-of-use. The result? An install that is not secure by default.
On-the-fly Encryption with TrueCrypt
Got security? TrueCrypt allows you to create and use encrypted volumes and reduce the risk to your sensitive data.
Enhance Security with Port Knocking
The author of All I Really Need to Know I Learned in Kindergarten left out (at least) one important lesson: Secret knocks are really, really useful. As kids, we'd use secret knocks to keep undesirables (the kids we didn't like) out of our clubs or rooms. As system administrators, we can use secret knocks to protect our systems from crackers.
Secure Remote Access from Your Desktop
Connecting to your home computer from work, a friend's house, or while on vacation in another country is very simple — if you know how to use a small handful of tools. Ken Hess shows you how to connect securely and tunnel traffic using SSH.
Keeping a Watchful Eye with OpenNMS
Network management requires attention to faults, configuration, accounting, performance, and security — the so-called FCAPS. You can spend lots of money and lots of time deploying an FCAPS package — or you can deploy the open source OpenNMS. Here's how.
Stop More Spam
Learn how to tune and extend SpamAssassin to catch more spam.
Bro: A Network Intrusion Detection System
Intrusion detection is critical for network security. Use Bro to catch miscreants red-handed.
Casting Your Net with OpenVPN
A virtual private network (VPN) extends the resources of your local area network to telecommuter’s home, satellite offices, and far-flung sales warriors. OpenVPN is a fast, scalable, secure, and free VPN solution for Linux. And best of all, it’s easy to configure and deploy. Here’s a hands-on primer.
Penguin Penicillin: CLAMAV and AVG Free
Fight the spread of spyware and malware with CLAMAV and AVG Free, two cost-free Linux antivirus solutions.
Keychain: Hassle-free SSH
If you're running Linux, you should be aware that using telnet is a no-no. With the wide availability of network sniffers and automated password grabbing tools, telnet is simply not a secure way to work. Instead, use ssh and keep your passwords in keychain.
Expire Passwords
Improve system security by expiring user passwords from time to time. The command passwd -x 30 joe forces joe to change his password after thirty days.
ClamAV: Anti-Virus for Linux
It never hurts to use protection. Here’s a way to keep your Linux system free of viruses.
Configuring PAM, Part Two
Configuring PAM can be tricky. Look at some examples and learn what rationales work for customizing your own.
Hide in Plain Sight
Hide messages in images with simple steganography tools.
Configuring PAM, Part One
Start using the Pluggable Authentication Modules(PAM) system to manage login authentication. (You can also read http://www.linux-mag.com/2000-06/guru_01.html.)
Tunneling Data
Network tunneling can be helpful and even necessary, but it can also be used to circumvent security policies. Here’s a survey of the best tunneling tools available and a list of techniques that may help you detect active tunnels.
Survey Says: Linux Is More Secure

A survey of 6,344 developers shows that software managers find Linux to be more secure than Windows. BZ Media conducted the study, by asking more than 6,000 software develoment managers to rate the security of server OSes.

Windows Server was rated very insecure or insecure by 58 percent of the respondents, followed by 13 percent rating Linux insecure or very insecure. Sun's Solaris received the best response, with only 6 percent of respondents rating Solaris insecure. 78 percent of those taking the survey found Linux to be "secure" or "very secure." ZDNet also has coverage of the results.

Book Review: Forensic Discovery
Forensic Discovery is a book that is a book every Linux admin should read. Forensic Discovery is a slim volume, it clocks in at a mere 217 pages, but it's full of useful information. As an added bonus, the book is well-written and easy to follow, and should be accessible to any reader with a passing understanding of Linux or UNIX systems.
The Coroner's Toolkit
When a malcontent breaks into, or cracks, your computer, your reactions are likely to be very much the same. What was taken? What was left behind? Is the computer safe to use? How can I keep my computer safer in the future? To find answers, reach for The Coroner’s Toolkit.
Securing Your Environment: Part 2
SNORT looks for intrusions, while ACID can help you make sense of what’s happened after an intrusion.
Securing your Environment, Part One

Surprisingly, securing a site’s production environment is a task that many ignore until it’s too late. But the task need not be so onerous. Several LAMP tools can help shore up security.

Digital Rights Management
SSH Tunneling
Security has long been an important computer issue, but it's become increasingly relevant as the number and severity of threats has risen.
Using Keys with SSH
If you've administered any remote Linux machines, then you're probably already familiar with SSH. As you may know, SSH provides secure, encrypted network communication. Utilities like ssh and sftp, which are based on SSH, protect remote login sessions and file transfers, respectively, and have largely subsumed similar but insecure and unencrypted utilities such as ftp, rlogin, rsh, rcp, and telnet. (In fact, if any of your systems still use telnet, put down this magazine at once, go disable telnet, install and enable SSH, and then continue reading.)
SANE Network Scanning
Document and image scanners have become an integral part of many offices. With a scanner, you can quickly digitize photos, diagrams, and even textual documents for electronic alteration and distribution.
Finding Rootkits, Infections, and Files
Last month's "Tech Support" showed you how to monitor filesystem changes with Tripwire, a handy system utility that alerts you to all filesystem changes. Like SNORT and others, Tripwire's just one of many practical security measures that minds your system 24/7.
Follow Linux Magazine
Rackspace