Security Information and Review

Collection of security information and review

Archive for July, 2009

Hardening Linux Server with TCP Wrappers

Author : Admin

TCP Wrappers, in the same manner by name, provides protection Linux server services that communicate using TCP packets. So, systems that communicate using TCP packets channel, those packets through TCP Wrappers and the request is checked against a series of rules. Majority of the commercial Linux server like Redhat Enterprise Linux AS, SLES and others distribution implement a facility known as TCP Wrappers. The TCP Wrappers are implemented using two files, one controlling what is specifically accepted and the other that specifies denials. The files are called /etc/hosts.allow and /etc/hosts.deny. These files provides ability to define access to Linux server services based on IP Address or hostname.

 

Rules of the TCP Wrappers in the /etc/hosts.allow and /etc/hosts.deny files, the process is sequential : clients and users listed in hosts.allow are allowed acess and clients / users listed in hosts.deny are denied access. … continue reading : Hardening Linux Server with TCP Wrappers.

8 July 2009 at 20:03 - Comments

Evaluate and Analyze Network Security Based on the Security Framework

Author : Admin

When we discussion about security and how to evaluate and analyze the security of an enterprise company or organization, we need a security platform. With security framework we believe that establishing an appropriate framework goes long way toward helping we establish a reasonable framework for analyzing security and shape an effective information security program.

 

Security framework is made up of three tiers : organizational factors, security objectives and security mechanisms. So, if we want to evaluate and analyze the security of an enterprise, it’s based on elements of the security framework .

… continue reading : Evaluate and Analyze Network Security Based on the Security Framework.

8 July 2009 at 11:21 - Comments

Hardening Linux Server part 2 : Advanced Linux Security

Author : Admin

In the previous discussion, Hardening Linux Server part 1: Physical Access Security was discussed how to improve physical access security in the Linux server. In this discussion will be discussed more detail in the side of Linux itself.

 

The “root” account has no security restrictions, for this reason we must know what we are doing and never login with this user unless it’s absolutely an instance that necessitates root access. The first thing to be done to improve security the Linux server, it’s configure users profile, especially the super user “root”. It’s sometimes and even often happens is delete file when we log in as “root”. So, we need to modifications of the “rm” command, like show in script following bellow. … continue reading : Hardening Linux Server part 2 : Advanced Linux Security.

5 July 2009 at 17:28 - Comments

Hardening Linux Server part 1 : Physical Access Security

Author : Admin

Security of a Linux Server is very important and it’s not only software or package is installed. There are several aspect to be considered such physical security, operating system, application and network. A Secure Linux server depends on how the administrator make it.

 

Improvement of Linux server security, one of more aspect that is very important is the physical security. Administrator must block unauthorized people to access Linux server and make sure who is promised to physical access to server. It’s important to note that there is possibility to bypass the security measure if someone has physical access to Linux server. So it’s select room server with access control system.
… continue reading : Hardening Linux Server part 1 : Physical Access Security.

5 July 2009 at 14:36 - Comments

Expert Network Scanning with Nmap

Author : Admin

Nmap is the most popular and feature rich of the network scanner and widely available for most Unix platform and Windows. Nmap first release in 1997 by Insecure and currently Nmap has been integrated into a number of commercial security products.

 

Nmap provides a number of command line options to fine tune performance and packet timing. First option that we will discussion is the –n, it’s instructs Nmap to don’t name lookups on the IP Address and make the scan faster to complete. Other option of Nmap is the –sP. It’s instruct Nmap to perform a host scan and by default, Nmap sends both an ICMP echo request also known as ping packet as well as TCP SYN packet. … continue reading : Expert Network Scanning with Nmap.

4 July 2009 at 22:45 - Comments

Microsoft Windows Authentication Spoofing Attack

Author : Admin

The common way to attack Microsoft Windows Sytem is pass through the Windows File and Print Sharing Service, which operates over protocol called SMB ( Server Message Block ). SMB protocol listening on TCP port 445 and 139 ( also known as NetBIOS based service ). An attacker commonly attacked via password guessing on Microsoft Remote Procedure Call ( MSRPC ) listening on TCP port 135, Terminal Services on TCP port 3389 and other services.

 

In this discussion, we will describe how to attack MS Windows System via password guessing and assuming that SMB is accessible. The most effective method for breaking into a Windows System is remote share mounting such as IPC$ or C$. Combination username and password is used to connect to an enumerated share. We will use the net use command like this. … continue reading : Microsoft Windows Authentication Spoofing Attack.

4 July 2009 at 17:55 - Comments

Artofdefence Hyperguard Vulnerability

Author : Admin

Hyperguard is a latest-generation enterprise Web application firewall with attack detection and attack protection functions that are freely configurable. Hyperguard enables centralized security monitoring, reporting and alerting and provides custom protection for your Web applications against external attacks. Hyperguard is a software-based web application firewall that is intended to be installed directly on the web server to be protected. It acts as a plugin that integrates into the web server.

 

Hyperguard has a modular design that enables different components to be operated on different servers and therefore work in cluster environments. It is for example possible to protect several web servers using multiple instances of Hyperguard on different machines while all configuration and monitoring can be done on a single master host. Hyperguard is divided into three components. … continue reading : Artofdefence Hyperguard Vulnerability.

3 July 2009 at 17:15 - Comments

Phion Airlock : Web Application Security and Vulnerability

Author : Admin

One of the famous web application firewall is Phion Airlock. It’s web application firewall which will protect and prevent attacker to access data.  Airlock web application firewall ( WAF ) provides a unique combination of protective mechanisms for web applications. Whether you want to observe PCI DSS, safeguard online banking or protect e-commerce applications: Airlock ensures sustained and manageable web application security.

 

The Phion Airlock web application firewall provides an application security gateway, which protects web applications against attacks. The product is completely independent from application or web servers, so security enforcement tasks are outsourced. phion airlock is a software appliance, which makes it possible to also run it in a virtualized environment. As the analyzing tasks are very load intensive, dedicated hardware is recommended. Airlock is a software appliance based on Sun Solaris 10 and is operate as secure reverse proxy technology with optional Single Sign On ( SSO ) authentication and access control capabilities. Airlock is designed and marketed by Phion that started as the brainchild of three young, Wieland Alge, Klaus Gheri and Peter Marte in 2000. … continue reading : Phion Airlock : Web Application Security and Vulnerability.

3 July 2009 at 15:38 - Comments

Radware AppWall : Feature and Vulnerability Review

Author : Admin

Radware AppWall is a web application firewall ( WAF ), designed and marketed by Radware. It’s design to make the secure web application and prevent data theft and manipulation of private / sensitive corporate and customer information by attackers. It enables PCI compliance by mitigating Web application security threats and vulnerabilities to prevent data theft and manipulation of sensitive corporate and customer information. AppWall incorporates advanced, patent-protected Web application security filtering technologies to seamlessly detect threats, block attacks and report events.
… continue reading : Radware AppWall : Feature and Vulnerability Review.

3 July 2009 at 01:35 - Comments

Hardening Web Base Application with Web Application Firewall

Author : Admin

Web Base Application, currently is not become a trend but also a solution in the online system. So, we need to hardening and improve our web base application security with web application firewall, as web application security threats and vulnerabilities to prevent data theft and manipulation of private / sensitive corporate and customer information by attackers. Web application firewalls are generally operate as proxies between clients and web servers. All requests and optionally responses are checked for patterns that indicate attacks against the provided web base application. The matching parts of the requests with the pattern or rule in the web application firewall, the request will be deleted or not forwarded to web base application. If a request is denied, an appropriate error is risen and delivered as a HTTP response to the client browser.

… continue reading : Hardening Web Base Application with Web Application Firewall.

3 July 2009 at 00:42 - Comments