Top: Security

---

---

• 3DES Strength - Effective key strength of 3DES encryption explained
• ACLs - Support for POSIX ACLs and similar fine-grained permission systems on Linux
• Apache HTTP Methods Patch - Patch to remove insecure HTTP methods from Apache httpd 1.3.x.
• Apache Security Tips - Security tips for the Apache httpd
• Attacking Linux - How to improve your Linux security by thinking like an attacker; article by Rick Moen
• Auditor LiveCD - Auditor Security Collection is a Linux live CD with an extensive collection of tools for examining compromised systems.
• Authfail - Tool to monitor logs for repeated authentication failures and generate netfilter DROP or REJECT rules, foiling brute-force login attacks
• Break-in without Remote Exploit - Explains why it's not enough to just keep patch-levels updated and use encrypted transports.
• Buffer Overflow - Techniques to eliminate security risks from buffer overflows
• Challenge-Response - Critique of Challenge-Response software by Karsten Self
• Debian Compromise 2003 - Analysis and lessons to draw from the Nov. 2003 compromise of several Debian developer servers
• Extended File Attributes - chattr, lsattr, and extended file attributes.
• fail2ban - Python utility 'fail2ban' scans logfiles like /var/log/pwdfail and then bans via iptables rules IPs that generate too much password failures
• Firewalls - Complete text of Cheswick and Bellovin's classic book 'Firewalls and Internet Security: Repelling the Wily Hacker', first edition
• Firewall Builders - Tools available on Linux for easily building and managing iptables IP-filtering rulesets
• Firewall Limitations - Editorial making the point that people relying on 'firewalls' for security are deluded, and that the perimeter security model is severely broken
• Firewall Piercing - Tunneling SSH through firewalls using httptunnel, proxytunnel, or corkscrew
• FISH Protocol - The FIles over SsH protocol extension
• Forensics - Basic security detective techniques
• FTP Daemons - List of all known ftp daemons for Linux and *BSD, with recommendations for anonymous-only deployments.
• iptables logs - Guides and tools for interpreting iptables and ipchains logs, by Manfred Bartz
• GnuPG Lecture - Lecture notes from a technical overview lecture about GnuPG (gpg), by Rick Moen.
• GnuPG with Mutt - Everything You Need to Know to Start using GnuPG, but Justin R. Miller
• Halted Firewalls - Constructing a hardened firewall using a Linux host that deliberately runs in a system-shutdown state
• Identd for Firewalls - How to set up an identd for firewalls
• IDS Lecture at BayLISA, March 2002 - Notes on John S. Flowers's highly-regarded intrusion detection software lecture
• IDSes - Presentation by David B. Allen at LinuxWorld Conference and Expo 2003 on Linux Intrusion Detection Systems
• IDSes - Rick Moen and other mailing list participants' rundown on Intrusion Detection System software options
• IP Tables - IP Tables Quick Reference (unfinished)
• Linspire Root Issues - What is and is not true about LinspireOS (formerly LindowsOS) and the trait of running routinely as the root user
• mod_security - Ivan Ristic's ONLamp.com article on configuring and using Apache's mod_security module
• Network Monitoring - Rundown of tools commonly used to monitor networks
• NTLM Auth - How to do NTLM authentication on Linux, required to talk through IIS / MS Proxy Server firewalls
• Overview - Overview of Linux system and network security
• PAM - Documentation about the Programmable Authentication Modules (PAM) framework
• PAM Delay - Module for PAM that foils brute-force login attacks by introducing an enforced delay between login attempts of any given login name. (See also Authfail.)
• PAM LDAP - Configuring PAM to authenticate to an LDAP directory
• Passwords - How to deal with humans' inability to remember strong passwords reliably and in sufficient number
• Password Safes - Applications for storing passwords in encrypted form
• PHP - Information on security issues and remedies for PHP applications
• Ping of Death - How the Ping of Death worked against perennially vulnerable Microsoft OSes, circa 1997
• Port Forwarding - Various techniques for forwarding ports across networks
• Portsentry Considered Harmful - Comparison of Psionics's proprietary Portsentry dynamic scanning-detection and port-blocking utility with snort, explaining why the former category is actively bad for system security
• Resources/Deter - Matthew Deter's security resources
• Resources/Farmer - Dan Farmer's security resources
• Resources/Stokely - Resources for system administrators from Stokely Consulting
• Root Compromise - Outlines for a talk on response to Linux system root compromise
• Root Password Lost - How do I recover a lost root password?
• Root w/X11 - List of methods for running X11 applications with root-user authority (without having to run X11 generally as root)
• ROPE iptables scripting - ROPE Iptables module: scripting engine that runs inside the kernel, helps write iptables match modules for complex protocols, e.g., blocking gnutella and bittorrent.
• SATAN on Linux - Modifications to make the (now-obsolete) SATAN security-checker compile and run on Linux
• scp Shells - Shells for naive-user access to sftp/scp/sftp2
• Security Breach - What should I do if I detect that my systems have been security-compromised?
• Security HOWTO Corrections - Corrections to the Linux Security HOWTO, unfortunately ignored by its maintainers
• Security Tools - Fyodor's catalogue of the top 100 network security tools. Indispensible.
• Smoothwall GPL - Analysis of claims that Smoothwall's maintainers violated the GNU GPL (they didn't)
• Squid Transparent Proxy - How to set up a transparent proxy with Squid, in three easy steps
• ssh-agent Tip - Tips for integrating ssh-agent into one's desktop setup
• SSH Agent - Mark A. Hershberger's tips on use of ssh-agent
• SSH Agent - Radu Rugina's tips on use of ssh-agent
• SSH Hints - Tips for effective use of ssh
• SSH Public-key Process - Safely automating inter-host processes using ssh keypairs
• SSH Quoting Syntax - Avoiding problems with shells parsing quoted strings intended to be passed to ssh
• SSH scp-Emulation - Emulating scp using only bare ssh
• sshd Always Running - Tip to make sure sshd always respawns, using init's 'respawn' directive
• sshd Debugging - Tip for debugging sshd problems
• SSH OPIE - Configuration details for running OpenSSH with OPIE one-time password authentication
• SSH Software - SSH-Protocol Software for Sundry Platforms — most-comprehensive list known
• SSL Cert Self-signing - Creating and self-signing SSL site certificates
• Tips - General security tips
• Tools/Fyodor - List of security tools maintained by Fyodor, author of nmap
• VPNs - Virtual Private Network options on Linux
• VPNs by N. Treadway - Virtual Private Network options on Linux, list maintained by Nathan Stratton Treadway
• Virus - Linux software for detecting/purging MS-Windows viruses
• VXing - Cyneox's Linux virus and security site.
• Zimmermann-Sassaman Protocol - Details a method for conducting rapid mass GPG/PGP keysigning events

Home | Suggest new link