Security

Want to support HowtoForge? Become a subscriber!
 

Virtual Users And Domains With Postfix, MailScanner, Mailwatch & MySQL On CentOS 5.1

Virtual Users And Domains With Postfix, MailScanner, Mailwatch & MySQL On CentOS 5.1

This document describes how to customize Falko's "Virtual Users And Domains" - setup for CentOS 5.1 so that it works with MailScanner and Mailwatch. The resulting system provides a web interface (Mailwatch) where you can manage quarantined emails, train SpamAssassin, edit the white- and blacklist, view configuration files and the detailed MySQL database status ...

Virtual Hosting Howto With Virtualmin On CentOS 5.1

Virtual Hosting Howto With Virtualmin On CentOS 5.1

This tutorial shows how to set up a CentOS 5.x server to offer all services needed by virtual web hosters. These include web hosting, smtp server with (SMTP-AUTH and TLS, SPF, DKIM, Domainkeys), DNS, FTP, MySQL, POP3/IMAP, Firewall, Webalizer for stats.

Chrooting Apache2 With mod_chroot On Debian Etch

Chrooting Apache2 With mod_chroot On Debian Etch

This guide explains how to set up mod_chroot with Apache2 on a Debian Etch system. With mod_chroot, you can run Apache2 in a secure chroot environment and make your server less vulnerable to break-in attempts that try to exploit vulnerabilities in Apache2 or your installed web applications.

Increasing the security of PPTP by adding two-factor authentication to poptop

Security Issues and Poptop

PPTP does not have the best history in terms of security. The original Microsoft implementation for PPTP faired very poorly. MS-CHAPV2 solved these weaknesses - for wired networks. Unfortunately, back in 2004, Joshua Wright released a version of ASLEAP capable of brute-force attacking PPTP passwords in a wireless environment. As a systems administrator for the VPN, you can't tell if a user is connecting via some public WiFi service where someone might be running a tool like ASLEAP. Yet, the presense of PPTP client software on Windows machines makes using PPTP very tempting. The best answer to this problem is to utilize two-factor authentication. If a one-time passcode is brute-forced, it won't matter as it can't be used again.

How To Check If Your Server Is Infected With The Linux/Rst-B Backdoor (Debian Etch)

How To Check If Your Server Is Infected With The Linux/Rst-B Backdoor (Debian Etch)

Linux Rst-B is a backdoor that can be used to add your server to botnets (see http://www.heise.de/newsticker/meldung/103563 (in German)). This short guide explains how you can install and use the Sophos Linux/RST-B detection tool to check your Debian Etch server and find out if it is infected with Linux Rst-B.

Meet the Anti-Nmap: PSAD (EnGarde Secure Linux)

Meet the Anti-Nmap: PSAD (EnGarde Secure Linux)

Having a great defense involves proper detection and recognition of an attack. In our security world we have great IDS tools to properly recognize when we are being attacked as well as firewalls to prevent such attacks from happening. However, certain attacks are not blindly thrown at you - a good attacker knows that a certain amount of reconnaissance and knowledge about your defenses greatly increases the chances of a successful attack. How would you know if someone is scanning your defenses? Is there any way to properly respond to such scans? You bet there is...

Intrusion Detection: Snort (IDS), OSSEC (HbIDS) And Prelude (HIDS) On Ubuntu Gutsy Gibbon

Intrusion Detection: Snort (IDS), OSSEC (HbIDS) And Prelude (HIDS) On Ubuntu Gutsy Gibbon

Everybody knows the problem, you have a IDS tool(s) installed and every tool has his own interface. Prelude will allow to log all of the events to the prelude database and be consulted using one interface (prewikka). This howto will describe how to install and configure the different tools that will make up the complete solution.

How to install the WiKID Strong Authentication Server - Community Edition

How to install the WiKID Strong Authentication Server - Community Edition

The WiKID Strong Authentication Server is a dual-source two-factor authentication system. PINs are encrypted on a software token and sent to the WiKID server. If the PIN is correct, the encryption valid and the account active, a one-time password is generated, encrypted and returned to the user's token where it is decrypted and presented for use with a network-based services. While there are a number of tutorials on how to combine WiKID's two-factor system a variety of systems (such as SSH, OpenVPN, Apache and SSL-VPNs), this is the first to address how to install the WiKID Server.

first page
previous page
...
31
...
next page
last page