Articles by secureguardian

  • Meet the Anti-Nmap: PSAD (EnGarde Secure Linux)

    Author: secureguardianTags: Comments: 0

    Meet the Anti-Nmap: PSAD (EnGarde Secure Linux) Having a great defense involves proper detection and recognition of an attack. In our security world we have great IDS tools to properly recognize when we are being attacked as well as firewalls to prevent such attacks from happening. However, certain attacks are not blindly thrown at you - a good attacker knows that a certain amount of reconnaissance and knowledge about your defenses greatly increases the chances of a successful attack. How would you know if someone is scanning your defenses? Is there any way to properly respond to such scans? You bet there is...

    read more... | PDF view as pdf

  • SSH: Best Practices

    Author: secureguardianTags: Comments: 5

    SSH: Best Practices Are you using SSH in the best way possible? Have you configured it to be as limited and secure as possible? The goal of this document is to kick in the new year with some best practices for SSH: why you should use them, how to set them up, and how to verify that they are in place. All of the examples below assume that you are using EnGarde Secure Linux but any modern Linux distribution will do just fine since, as far as I know, everybody ships OpenSSH.

    read more... | PDF view as pdf

  • Writing Snort Rules On EnGarde

    Author: secureguardianTags: Comments: 0

    Writing Snort Rules On EnGarde There are already tons of written Snort rules, but there just might be a time where you need to write one yourself. You can think of writing Snort rules as writing a program. They can include variables, keywords and functions. Why do we need to write rules? The reason is, without rules Snort will never detect someone trying to hack your machine. This HOWTO will give you confidence to write your own rules.

    read more... | PDF view as pdf

  • HowTo: Install And Configure FWKNOP (Using EnGarde Linux)

    Author: secureguardianTags: Comments: 0

    HowTo: Install And Configure FWKNOP (Using EnGarde Linux) Secret knocks have been used for purposes as simple and childish as identifying friend or foe during a schoolyard fort war. Fraternities teach these knocks as a rite of passage into their society, and in our security world we can implement this layer of security to lock down an SSH server. The FireWall KNock Operator (fwknop) is an excellent port knocking implementation that combines encrypted port knocking with passive OS finger-printing. This makes it possible to define specifically which Linux systems are allowed access to your SSH server. fwknop combines its functionality with iptables rules and log messages to grant or deny access to the SSH daemon.

    read more... | PDF view as pdf

  • Secure Servers: Package Building With EnGarde Secure Linux

    Author: secureguardianTags: , Comments: 0

    Secure Servers: Package Building With EnGarde Secure Linux Although EnGarde Secure Linux does not include a development environment "out of the box," all of the tools to set one up are available via the Guardian Digital Secure Network. The purpose of this document is to provide you, the software developer, with the instructions to set up a package building environment of your own. After building the environment, we will walk you through building a package for the popular object oriented programming language, Ruby. Read on for an introduction to your EnGarde Package Building Survival Guide.

    read more... | PDF view as pdf

Page 1 of 1