Archive for July, 2009

Protecting SSH from brute force attacks

Posted in IT Security on July 24, 2009 by cobra

Many people who run servers with SSH access and password authentication get butterflies when it comes to security. If a glance at the server logs shows high volumes of failed logins by automated scripts, it’s natural to wonder whether a carefully selected password is going to be adequate to fend off future brute force attacks. Recent attacks on a number of security sites illustrate that the people who run them don’t always take their own advice.

Simple measures can repel repeated cracking attempts. There are tools available which count failed logins from specific IP addresses and block further access once a set threshold is reached. These tools utilise a range of approaches for dealing with unwanted attention. Click here to read more

This threat can be prevented by using just open source tools and a few tweaks, it is possible to detect and block suspicious login attempts. One of those tools is an open source tool called OSSEC HIDS which can be downloaded from its OSSEC download page.

I’ve tryed it on Fedora Linux and it works just fine 🙂


How to Secure and Audit Oracle 10g and 11g

Posted in IT Security on July 21, 2009 by cobra

Ever wondered how to secure Oracle databases in the industry? Read the Hardening Your Database chapter from the 454-page book HOWTO Secure and Audit Oracle 10g and 11g and learn how to navigate the many security options within Oracle (authored by database security expert and Guardium CTO, Ron Ben Natan, Ph.D.)

Click here to access the chapter

First Zero-Day Exploit Released For Firefox 3.5

Posted in IT Security on July 21, 2009 by cobra

The race is on: Mozilla is scrambling to finish a patch for a now-public bug in its Firefox 3.5 browser, while exploit code is circulating and Metasploit has released a new module for the attack.

The vulnerability, which was initially discovered by Mozilla last week in the Firefox 3.5 Just-in-Time (JIT) JavaScript compiler, is considered “critical” in that it can be used to execute malicious code, according to Mozilla. A researcher posted his attack code on mil0rm on Monday. The flaw lets an attacker infect the machine of a victim duped into visiting a malicious Web page.

Click here to read more on ways to protect yourself from this threat.

How to defend against rogue DHCP server malware

Posted in IT Security on July 3, 2009 by cobra

Recently there have been reports of “rogue DHCP server” malware — trojans that automatically install their own DHCP servers on your network and compete with your legitimate server. Using rogue DHCP servers, attackers can intercept and redirect traffic from any device that uses the Dynamic Host Configuration Protocol (DHCP) — workstations, printers, laptops, copiers and more.

Click here to read more