Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Filtering E-Mail with Postfix and Procmail, Part One
This article is the first of three articles that will help systems administrators to implement SMTP daemons and local mail delivery agents to filter out unwanted e-mails before they arrive in the end-users' in-box. Specifically, this series will examine the use of Postfix and Procmail to eliminate spam before it hits the client.
PortSentry for Attack Detection - Part Two
This is the second in a two-part series on PortSentry. The first part discussed how PortSentry works to identify attacks, as well as what types of attacks it identifies. This article will focus on building, installing, and operating PortSentry. The focus here will be on the various configuration options available for PortSentry, as well as some of the benefits and drawbacks of those options.
PortSentry for Attack Detection, Part One
Portsentry is an attack detection tool developed by Psionic Technologies. This article is the first of a two-part series that will describe in detail how Portsentry works from both a theoretical and a technical point of view.
Restricting UNIX Users
This article will discuss ways in which security administrators can limit what users are able to do on a UNIX system, with a particular focus on Linux. Both local and remote users will be considered. However, restricting root users will not be discussed in this article.
Openwall: Improving Security with the Openwall Patch
This article will examine the OpenwallLinux kernel Patch, one of the best-known kernel hardening patches. It will explain how to install the patch and will examine its main features.
IPCop: An Overview
IPCop is a cut-down Linux distribution that is intended to operate as a firewall, and only as a firewall. It has some advanced firewalling features, including VPNs using IPSec. This article describes the set-up and use of IPCop, and contains a few comments about its features.
Grsecurity is a suite of patches (distributed as a single patch file) for the Linux kernel that are an attempt to improve the security of a Linux system. Grsecurity is based on a port of some previous patches for the Linux 2.2 kernel, including Openwall and PaX, which have never been ported to the 2.4 kernel. Grsecurity provides some updates to these patches and has been ported to the Linux 2.4 kernel. This article will offer a brief overview of grsecurity.
Linux Kernel Hardening
This article will cover the issues of Linux hardening, with a specific focus on kernel hardening and its use on production systems. Several kernel-hardening approaches and their usability will be analyzed.
IPTables Linux firewall with packet string-matching support
Linux firewalling code has come a long way since the time ipfwadm was introduced in kernel version 1.2.1 in 1995. Ipfwadm enabled standard TCP/IP packet filtering features such as filtering by source/target addresses and port numbers. Then, in early 1999, when the first stable 2.2.0 kernel was released, firewalling code was replaced with new ipchains-controlled code. New features included support for chains of rules, fragmentation handling, better network address translation (NAT) supp...
A Simple Oracle Host-Based Scanner
As with any large software package, the default installation of Oracle does not provide for the most secure system out of the box. Indeed, some aspects of the default installation are remarkably insecure. This paper will explore the scanning of an installation of Oracle's RDBMS and, in doing so, will investigate some common security deficiencies.