Protect,your,web,assets,Linux, technology Protect your web assets - Is Linux still safe?

Active shredder safety technology for the small office. Shreds 15sheets per pass into 5/32" x 1-1/2" cross-cut particles (Security Level3). Patented SafeSense® Technology stops shredding when hands touch thepaper opening. Designated shredde The electronic cigarette is not new. People who buy electronic cigarette knows that this product has been in the market for years now. Despite some sectors apparently trying to shoot the product down from the shelves, the popularity of elect

The Register is reporting that Linux servers have beenrecruited into a botnet. In May we saw TROJ/JSRedir-R and many variants thereofattacking web servers.Last November SophosLabs reported that after more thansix years there are still over 10 thousand Linux hosts infected withLinux/Rst-B. What does this all mean? What it means is that non-Windows hostsare vulnerable, contribute to the global security problem and cannot be ignored.Thereare viruses and worms for Linux; however, the greatest threat posed by Linux isits primary use as a server for many mission-critical, sensitive, andpublic-facing applications.According to Apache has a 47.17 percentmarket share as of August 2009 (mostly Linux). There are three primary means bywhich attackers are compromising Linux hosts.I will outline each of these andprovide advice on what you might do to protect your Linux assets from intruders.Problem: Password guessing SSH attacks.Too many systems use trivial passwordsand predictable usernames for critical accounts.As mentioned in the SophosLabsblog on Linux/Rst-B, by guessing accounts such as root, apache, mysql, wwwuserand other stock accounts, bots are able to automatically scour the internet andfind weak systems to exploit. Solution: Use non-standard account names.Dontallow keyboard interactive logins on your OpenSSH server, and require the useof password-protected keys.This will eliminate close to 100% of attacks withvery little effort.University of Georgia has a great Linux tutorial, andUniversity of California at Berkeley has a tutorial for Windows. Problem:Compromised FTP passwords.FTP does not encrypt credentials when sent across thewire.A combination of methods are being used to steal FTP passwords includingmalware on Windows hosts to scrape FTP passwords from client computers andsniffing network traffic in search of FTP transactions.The primary reason touse authenticated FTP these days is updating web content. Solution: Stop usingFTP...Really.Its long past its due date and its time to move on to SCP and SFTP.Windowsusers who are familiar with many of the graphical FTP clients out there willfind a comfortable friend in WinSCP.Another best practice to follow is nevertell applications on any operating system to Remember my password.I have seen alot of malware on Windows that specifically hunts down these stored passwordsto send back to the criminals for their dastardly uses. Problem: Insecure webapplications.Every week I receive a list from the SANS Institute containing allthe known web-based applications that have had vulnerabilities discovered sincethe previous week.The list is very long, and not updating any one of them canallow an attacker to compromise your host. Solution: Carefully audit allsoftware used in hosting applications to the open internet.Subscribe to thesecurity mailing lists for all utilized applications including BIND, Apache andall web hosted applications.By subscribing to lists like SANS mentioned above,you can do a quick weekly audit to see if applications you depend on have reportedvulnerabilities.The best defense is to stay on top of where your weaknesses maybe, and to patch early and often.



Maximizing Your Experience with Patent Attorneys

When you have a product or service that you want to get patent rights on, you will need to use a patent attorney. This is the only way to make sure that no one else is stealing your idea from you.But there is one thing that you need to know ...


How To Uninstall Tuneup Utilities On Windows

Tuneup utilities for windows 10 were developed by AVG to make the computer accelerate faster than ever before by cleaning up the cache files and the undesired files. However the concept didn't work well and users are trying to uninstall thi ...


RPA: What Makes it Crucial for Software Testing

Automation has the potential to assist human beings in more ways than one could imagine. However, most of these applications for automation have been in the context of physical activity or some such. But what many people do not know yet is t ...


HRMS Mobile Apps Drive Enterprise Mobility Today

The scenario in Enterprises is changing rapidly across the globe, with more and more Enterprises embracing the concept of enterprise mobility.A study shows that 71% of enterprises count mobility as a top priority to stay competitive. Wire19A ...


How to Kill The Exploiter Orb in Warframe

Source: How to Kill The Exploiter Orb in WarframeExploiter Orb is the toughest boss in game that is hard to find and hard to kill. That is why an essential guide needs to kill him to earn huge rewards. Warframe has numerous missions that pl ...


Which CMS is Better - WordPress vs Drupal?

WordPress and Drupal are the two widely used and best cms for developers all over the world. In order to create a website for your business, it is highly required to choose the right CMS platform that makes the best and attractive website.. ...