What is Digg?Sponsored by Dragon Age: Origins
Can't get enough Dragon Age: Origins? Check out new footage. view!
DragonAge.BioWare.com - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
42 Comments
- l33tmike, on 10/08/2008, -1/+206: OpenSSH
Are you seriously trying to tell me some people still actually use telnet? - davidg17, on 10/08/2008, -3/+20That's why I ditched OpenBSD for the security only a Windows ME box could grant me.
/sarcasm - downlo, on 10/08/2008, -1/+17Horrible list. No mention of PaX/PIE/SSP/RSBAC. All of the tools listed in the article are reactive tools, not proactive tools. Hell even SE/Linux in not on the list and PAM password controls make John pointless.
- inactive, on 10/08/2008, -0/+10I believe that SSH was just introduced to the Cisco CCNA curriculum last year. Sad, really.
- JonForTheWin, on 10/08/2008, -1/+8Cisco didn't even use SSL with their users' login page until late last year. Cisco fails.
- Exekutor, on 10/08/2008, -1/+7Nobody can hack me. I have Norton.
- garrettg84, on 10/08/2008, -0/+5Telnet and rsh. No lie. I see it every now and again especially amongst old school bsd guys. The other place is networking people dealing with fairly old equipment or those that just refuse to use ssh because they are windows retarded. "Who cares if somebody sees the enable password to my router?"
- fatsobob, on 10/08/2008, -5/+10Pretty decent list of security tools.
- cgibbo, on 10/08/2008, -0/+3Does not include Bastille Linux.
http://www.bastille-unix.org/running_bastille_on.h ... - JonForTheWin, on 10/08/2008, -0/+3Thank you! I was thinking the exact same thing. PaX and grsec especially.
fail2ban is a good tool too (gets rid of the threats of annoyance at least) - inactive, on 10/08/2008, -1/+3That's all well and good, but this article from the site is more informative:
http://www.dailyartisan.com/news/10-awesome-benefi ... - Hydraulix, on 10/08/2008, -1/+3lol, firestarter? A real secure box doesn't run X. Learn iptables and STFU.
- wesw02, on 10/08/2008, -0/+2I completely agree, you could retitle this article network security tools and it would fit better.
- LVsFINEST, on 10/08/2008, -0/+1I can't believe they left out Ossec as its by far the best of all those. Besides that, most of these are offensive tools whereas Ossec will truly turn your linux box into Fort Knox. Ossec has the ability to deny hosts on the spot based on its log monitoring, which recognizes a TON of various logs. So, multiple failed logins (SSH, FTP), multiple HTTP error codes (403, 404), Firewall events (Cisco PIX, modsecurity - which is another one that should have made the list) and even IDS (snort) events will result in hosts being denied. It also does rootkit detection (#4 Chkrootkit), and performs integrity checking (#7 Tripwire). Not to mention it has a nice web interface too for viewing everything.
I have an idea... - inactive, on 10/09/2008, -0/+1But yet the NSA has their hand in just about everything Windows.. Hell, even their webservers are Windows-based with IIS.
Know why they chose Linux? Because it's open to more thorough input that way.
http://www.nsa.gov/selinux/info/faq.cfm#I9 - fuhrysteve, on 10/08/2008, -0/+1"That was an awesome list."
False.
"Long live Linux forever."
True. - DrDabbles, on 10/09/2008, -0/+1That's untrue. You could have paid for the secure firmware images for you routers, firewalls, etc. I purchased this for all of my Cisco equipment a few years ago.
- derkles, on 10/08/2008, -0/+1Yes, some legacy production machines and telephony equipment only offer telnet for remote console. Place an ethernet to serial device on this machine and you can ip access to the serial port.
- DrDabbles, on 10/09/2008, -0/+1Actually, Linus thinks you people that over-fret about security are seriously misguided. I tend to agree. Also, what would you implement as a security model? Since SELinux was developed in part by the NSA to make hosts at the very least MIL/FIPS spec secure, I tend to find it adequate for a server for my company. In the event of a serious attack, my other security measures (separate boxes for DB and web, etc.) would be in effect, thereby preventing too much data from being leaked.
And before you say anything about BSD, keep in mind that there is NO perfect security, and even BSD can be taken down or penetrated. - basye, on 10/08/2008, -5/+6Thanks, passed this along.
- 4321234, on 10/08/2008, -4/+5This is about preventing your SERVER from becoming a WINDOWS virus SERVER. You can add a virus scanner to scan for WINDOWS viruses.
- vardhaman2249, on 10/08/2008, -7/+8windows is more secure than linux even without antivirus or firewall !!....only noobs use linux.
- baranovich, on 10/08/2008, -0/+111. Bastille - http://www.bastille-unix.org/
- damm, on 10/09/2008, -0/+1Things missed,
Samhain - http://la-samhna.de/
Totally deprecates tripwire...
Additionally, Prelude Hybrid IDS - http://www.prelude-ids.com/en/welcome/index.html
Tie in Snort, Samhain and other various tools into 1 database for polling or you can use Prewikka to view the database. - inactive, on 10/08/2008, -1/+2Uh... /s ?
- javaroast, on 10/08/2008, -2/+2Did you get that comment from the random comment generator? Makes no sense. If you are gonna troll at least put the bare minimum of effort into it.
- ruiacp, on 10/08/2008, -2/+2A secure windows is like an unpenetrated prostitute...
- grenadesingh, on 10/08/2008, -2/+1APF and bfd make a killer combo for good firewall security
- inactive, on 10/08/2008, -2/+1I don't think I want the burden of America's debt on my PC.
- inactive, on 10/08/2008, -2/+1It makes no sense?
Here, maybe you can understand simple words: SELinux sucks. It's useless. It's like putting a butterfly on a shotgun wound.
Linux has an old, outdated, archaic security model. You can try to freshen it up all you like, but it will still smell like *****.
Just ask Linus. - davidg17, on 10/08/2008, -2/+1more productive?
I've spent all of this week trying to figure out why our MS SQL server running on 2003 is throwing errors in an error log, but it's still doing the backup that we tell it to do.
It's just a false negative, and there's no way to fix it (other than to check a box that tells me not to report "errors" when they happen - which is just too dangerous). - ncc74656m, on 10/08/2008, -5/+3Good with Linux. Bad with grammar.
/Heil Grammar - AlaskaLoneWolf, on 10/08/2008, -5/+2That was an awesome list. Long live Linux forever.
- claytonjs, on 10/08/2008, -5/+1List needs DenyHosts as well.
http://denyhosts.sourceforge.net/ - Knet88, on 10/08/2008, -6/+1Hang on to that dream, hacking into norton-running machines is a right of way for most hackers.
- ZPWeeks, on 10/08/2008, -9/+4Step 1. Format drive
Step 2. Install OpenBSD
Step 3. Profit! - inactive, on 10/08/2008, -8/+2SELinux is a band-aid. I would never rely on that for *true* security.
As long as Linux is stuck on this archaic model, there will never be the possibility of a true reference monitor. - techdever, on 10/08/2008, -9/+311. Switch to a BSD system
- ronaldst, on 10/08/2008, -9/+2Use Windows Server 2003 and up. Less headaches, more productive with better security!
- inactive, on 10/08/2008, -9/+2I want the gold.
Give me the gold. - skeen07, on 10/08/2008, -11/+4BUT I THOUGHT IT JUST WORKS?!!! =D /smug
Oh, wait.. - inactive, on 10/08/2008, -14/+3OR use windows with an anti-virus software
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is