Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Fine Tune your automatic Updates for Ubuntu / Debian
0
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address.

There is a new bug in BIND, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) through BIND 9.9.7-P1 and BIND 9.10.2-P2.

Basically, anyone can stop your BIND service (named), effectively shutting down your name resolution.

So if you administer name servers using BIND, you need to update NOW.
Unfortunately, that means you cannot wait for binaries for your distribution to become available, you need to install from source.

Problems:
  1. You need to install a development environment in your DNS servers
  2. Configuring and compiling can take a long time, using resources
  3. You need to uninstall the current packages, without losing your zone files and named config, including startup scripts.

My solution: configure a test server, configure, compile and install the new version of BIND from source, then copy all the files to the production servers. This way you disrupt the service for 20 sec max.

Caveat: all servers should run the same distribution and packages.

My servers all run Debian 7.8, with minimal packages installed, to reduce attack vectors.

Technique:
1. Create a test server (either from scratch, or by cloning one of your production DNS servers).
2. Prepare the build environment
test-server:apt-get install build-essential libssl-dev

Open in new window


3. Download and extract the package:

Open in new window

0
 
LVL 35

Author Comment

by:Dan Craciun
Comment Utility
0
Hello EE,

Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of iptables and know basic Linux commands.
1. To start install the 'Tor' package available in most repositories.
apt-get install tor

Open in new window

If you are using a different distribution of Linux obviously use your package manager to install the Tor package.

2. We are now going to want to start Tor, run this command:
root@s2:~# service tor start
[ ok ] Starting tor daemon...done.

Open in new window

If you are using a different distribution of Linux, use the appropriate command to start the Tor daemon.

3. Now we're going to want to edit the Torrc configuration file and add these lines:
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353

Open in new window

The Torrc file is located at /etc/tor/torrc

root@s2:~# vim /etc/tor/torrc

Open in new window


4. Once you have added those 4 lines to the Torrc restart the Tor daemon
root@s2:~# service tor restart
[ ok ] Stopping tor daemon...done.
[ ok ] Starting tor daemon...done.

Open in new window


5. Finally we are going to set the iptables rules to send all DNS requests and etc through Tor. For this we will use a handy bash script to set everything up for us. Add this script to startup to have transparent proxy after you boot
#!/bin/sh
# destinations you do

Open in new window

4
 
LVL 70

Expert Comment

by:Jason C. Levine
Comment Utility
Thanks, Brandon...that makes sense.

So Tor is really only useful for low-bandwidth applications.  YouTube, Facebook, and other resource-heavy things will probably be too slow or unusable altogether?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
Comment Utility
They are all usable.. some nodes give you fast access, some are hideously slow.. you CAN watch videos, download stuff whatever it's whether you want to deal with the slowness.
0
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evolve, so do those challenges.  Let’s take a look at 5 challenges that are faced by most MSPs this year:
 
1.  Cloud Computing Finally Becoming Mainstream
 
The concept of cloud computing has finally become mainstream.  If your customers haven’t yet asked for it, they will — and many of them will ask without knowing what it is or why they want it.  That opens a big opportunity for you to provide new services, sometimes at a lower cost point, and to keep your margins up.  Amazon and others are doing the missionary work for you, by getting decision makers to want cloud computing in their businesses and hosting environments.  But Amazon is basically a self-service operation, leaving a great big gap for you to be the local, knowledgeable full-service value-added vendor. 
 
If you don’t yet have a cloud based offering, get one.  And make sure that your sales and support teams are knowledgeable about cloud computing, so they can help your customers and prospects make the right decision by implementing your cloud offering in their businesses.
 
2.  Incursion by the Omnipresent Communications Companies
 
As recently as a few years ago, being an MSP meant setting up shop in a part of the industry that you can make your …
3

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.