Did you know that a freshly installed Linux server can be hardened in less than 10 minutes? Here’s how!

Manny people think: "My machine cannot be hacked. There are so manny computers over internet, why would happen this to me? Also I've taken some security measures. It will not happend to me."

Sometimes it is possible that your server is compromised, but the actions made by attacker do not affect your server functionality, so you may never find that your machine was compromised.

This tutorial really should be titled "How to get your
Debian server off the ground as quickly as possible", since it's based on
minimal Debian Linux (stable) install.

Here you'll be able to get your box secured very quickly, and then get the
services running with minimum hassle and pain.

The professor was shocked. She never expected any of her students to do this. The computer monitor showed an obscene e-mail from her favorite student. It was actually a spoofed spam, not actually sent from her student, but sent by spammers.

One of the most important functions a Web site has is the ability to track who is visiting it, where they are coming from, and what they are doing. While logs themselves may not always be the most accurate measurement of what's going on, they do provide a high level overview useful for tracking common user functions and tasks. There are instances when certain types of data aren't logged such as referrers, cookies, user agents, and POST data. Logging can also be used to track abnormal behavior including malicious requests sent by a potential attacker trying to break into your site. These logs can be extremely valuable in identifying if an attack was successful or not, as well as some of the exact commands that an attacker may have executed.

In a word, No. No machine connected to the internet is 100% secure. This doesn't mean that you are helpless. You can take measures to avoid hacks, but you cannot avoid them completely. This is like a house - when the windows and doors are open then the probability of a thief coming in is high, but if the doors and windows are closed and locked the probability of being robbed is less, but still not nil.

This document is intended as a starting checklist to harden Windows 2000 Server and IIS for security vulnerabilities. This checklist is designed for those that are extremely familiar with Windows and IIS, as explanations for the checklist actions are not included. It is strongly recommend that you visit the Microsoft Security and Privacy page, at http://www.microsoft.com/security/default.asp, for specific information about each step and the reason behind each action.

The Openwall Project provides security related kernel patches for Linux and BSD kernels. I read about this in Hardening Linux by James Turnbull. The patch that most interested me was to prevent executable code from running in the stack. That won't prevent all buffer overflow attacks, but it can stop some of them. I really don't understand why this isn't just the default nowadays - I know it can break some programs and debuggers, but it seems smart to me.

Updated: 2006-03-20

A few months ago, I began seeing our 'secure' log files fill up with entries, stating: "Failed password for illegal user [username]". Being somewhat alarmed about this I decided to search the Internet to find out if others were experiencing these or similar attacks and, hopefully, find a solution.

Distributed Denial of Service (DDOS) attacks are a significant threat to the availability of any company's networks and systems. In the last 18 months, the press has reported many high profile DDOS attacks costing the victims many hundreds of thousands of pounds.

"Mod_bandwidth" is a module for the Apache web server that enables the setting of server-wide or per connection bandwidth limits, based on the directory, size of files and remote IP/domain.  Installing this module involves a number of steps, but it is fairly simple to accomplish.

Database security can jeopardize your network security. The security administration of your RDBMS (Relational Database Management System), needs to be focused on preventing the unauthorized use of your company or business information by criminals.