The post How to Secure Your Linux Server appeared first on Hack Ware News.
]]>It’s important for anyone running a Linux server, or any type of server for that matter, secure. Especially if it communicates with the outside world. Servers are like your houses in the digital realm. They have to be kept secure from intruders. So you have a Linux server, here’s how to secure it.
In other words, keep it simple, but secure. Install the apps and run only the services that you need. Additional apps, introduce vulnerabilities as well as unpatched services that can be exploited by external malicious actors. Keeping the server clean and lean also speeds up its performance. Also, depending on the Linux distro, a number of extra services will be run by default. Keep an eye out for those services. Check if they’re really important and if they are, make sure they’re updated.
A simple netstat –npl command in the terminal will show you all the running services and the ports they use. That’s another thing. These services might be using some ports you want to keep closed. Disable unwanted services with the following command.
Systemctl disable service_name
It’s no secret that logging in as Root user gives you unrestricted access to everything in your Linux setup. And for many Linux users, it’s the easiest way to use Linux which is why most newbies log in as Root. Malicious attackers know this too. When users log in as Root, any running apps and services with vulnerabilities also give attackers unlimited access to everything else. The best practice for Linux users, is to create a user with enough sudo access to perform most tasks and only switch to Root when needed.
In Ubuntu for example, you can add a new user with sudo powers by typing in the following at the terminal:
adduser usercansudo
qpasswd –a usercansudo sudo
Afterwards, log out of the system and login as the new user then disable the Root user by editing the sshd_conf file.
Nano /etc/ssh/sshd_conf
Look for this commented item: #PermitRootLogin no
Remove the comment, save the file and restart the ssh service using the following command:
systemctl restart sshd
Restrict access to your server to just you and others you implicitly trust. In the previous item, create as many users as you can with level access and disable root. The fewer the better though.
When logging in remotely, the default port for ssh is 22 which is what most people, including attackers would do to get into a Linux server. This port can be changed and by changing this port, eavesdroppers, attackers and bots will be left guessing how to log in to your system. It’s simple but effective. To change the ssh port, we go back to the sshd_conf file. You can issue the following commands:
sudo nano /etc/ssh/sshd_conf
Find the commented port line:
#Port 22
Uncomment it and change the port number to something else. Feel free to change 22 to something between 1024 and 32,767 but make sure that no other service uses your chosen number. Then save the file. Restart the ssh service.
systemctl restart sshd
You can check if it works by logging in through ssh with this command:
ssh -p{port_number}@server_IP
Example:
ssh –p1027 192.168.10.11
You’ve probably read plenty of articles regarding vulnerabilities that no basic user could probably think of but continuously explored by determined hackers out for a quick buck. No server is secure, not even Linux and the best defense for this, apart from a good firewall and anti-malware programs, is to keep your operating system and its packages updated. Always be on the lookout for core or kernel updates.
[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]
The post How to Secure Your Linux Server appeared first on Hack Ware News.
]]>The post Google’s Project Zero has discovered a major Linux kernel vulnerability appeared first on Hack Ware News.
]]>
The vulnerability is a use-after-free (UAF) attack, which works by exploiting the cache invalidation bug in the Linux memory management system, allowing an attack root access to the target system. UAF vulnerabilities are a type of memory-based corruption bug. Once attackers gain access to the system, they can cause system crashes, alter or corrupt data, and gain privileged user access.
Jann Horn, the white hat hacker who discovered the vulnerability says his PoC has been made available to the public and “takes about an hour to run before popping a root shell”. Linux kernel maintainers have responded to the vulnerability rapidly, fixing the issue with a patch in only two days. Linux kernel maintainers fast response has put other Linux distributions under scrutiny after Debian and Ubuntu took over a week to provide updates on the issue.
Two versions, Debian 16.04 and Ubuntu 18.04 have still not been patched as of Wednesday 26 September. Ubuntu have responded to the criticism to announce they will likely be ready to release the patches around October 1.
Researcher Horn warns that although this vulnerability has been patched, attackers may find another way, this is particularly a concern since Linux distributions don’t publish kernel updates regularly. This vulnerability highlights the importance of having a secure kernel configuration and is something users should be vigilant about.
This is the latest in notable discoveries for Jann Horn, who also discovered the Meltdown and Spectre vulnerabilities affecting modern CPUs.
[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]
The post Google’s Project Zero has discovered a major Linux kernel vulnerability appeared first on Hack Ware News.
]]>The post WhatsApp vulnerability allows users to easily spread fake news appeared first on Hack Ware News.
]]>With over 1 billion users and more than 60 billion messages sent every day, security flaws are a serious concern as they have the potential to have far-reaching impacts across the world.
Researchers at Israeli security company Check Point have brought to light the security flaws in WhatsApp’s protocols and design framework, which have a loophole enabling the creation and spreading of fake news under the guise of “trusted sources”.
Essentially, malicious users are able to intercept and modify the content of messages sent through both private and group conversations. This can be an easy way of spreading fake news.
What are the possible “attacks”?
The problem lies with how the WhatsApp mobile apps connect with the corresponding WhatsApp Web, and the way it decrypts encrypted messages using the protobuf2 protocol.
How were these security flaws discovered?
The team of security researchers at Check Point (Dikla Barda, Roman Zaikin, and Oded Vanunu) first decrypted the network request of messages being sent via the app. They did this by creating a custom extension for Burp Suite, a popular security software web application. This extension allowed them to easily intercept messages so they could analyse their structure and look for loopholes.
By analysing the decrypted message, they could see all the parameters and variables being used in the messages sent between the mobile app and the web version of WhatsApp. This opened the window of opportunity for manipulating these, and it was quickly discovered that they could modify messages, the sender and target recipient.
It’s worth noting that these exploits can only be performed by members of the group conversation, rather than a 3rd party attacker or someone sniffing the network. However, it’s still a critical security flaw because attackers can achieve all kinds of malicious objectives, including spreading misinformation and fake news, or creating false evidence in their favor.
Check Point has urgently informed WhatsApp about these security flaws, as it’s essential they get addressed as soon as possible. The current status is that they’re being investigated further, so we’re waiting for an update from WhatsApp themselves on the matter.
The post WhatsApp vulnerability allows users to easily spread fake news appeared first on Hack Ware News.
]]>The post Computer Security Vulnerabilities to Cyberattacks appeared first on Hack Ware News.
]]>It seems no matter how much you try to minimize the vulnerabilities in your computer by using sophisticated software programs that are designed to detect outside attacks to your computer or your company’s computer network and eliminate the possible threat. This requires you to be extremely vigilant about the kinds of things you do on the Internet.
In order for any vulnerability to become a problem there will be three distinct phases involved; an actual flaw or vulnerability in the system, an attacker would have to have access to the system or computer and the attacker has the ability to exploit the specific vulnerability. With that said, there are things anyone can do to help minimize that likelihood that you or your business could be the victim of a cyberattack.
Short of cutting the Ethernet cord and completely isolating your computer or computer network from accessing the Internet altogether, there many steps that you will need to do in order to protect yourself. This will also require you to be extremely vigilant in order to prevent unauthorized access to your computer.
In order to best deal with vulnerabilities, it is important to first understand what are the most common types of cyber vulnerabilities that exist today. Below are what are considered the most common cyber vulnerabilities that can threaten your computer’s security.
The injection flaw vulnerability is extra dangerous because it leaves company data vulnerable during specific types of operation that occurs at the program code level and it is not usually easy to find until after the software has been put into production and a skilled hacker could easily gain access of the computer network by exploiting this vulnerability.
The Buffer Overflow flaw is one of the most common type of vulnerability and it can be very difficult to detect since it is buried in software code. However, a good hacker will be able to take advantage of the buffer overflow and allow them to gain access to sensitive data before you are even aware of it.
Sensitive Data Exposure flaws can leave a companies data vulnerable when it is being transferred from place to place. Most data at rest (stored on servers) is highly protected, but it when the data is being moved it can be susceptible to compromise if you don’t have the right protection.
This type of vulnerability involves a flaw that allows the hacker or cyber attacker to impersonate a company employee and gain access to company data for nefarious reasons or to just cause mischief. This type of vulnerability is made more difficult to mitigate due to the large number of these types of system on the market.
This is where human error often is the culprit and good intentions can lead to even more serious vulnerabilities. Having too much of the wrong type of security software doesn’t make you more secure, it can actually leave you even more vulnerable. Not following sound security practices can also lead to serious company data vulnerabilities.
The post Computer Security Vulnerabilities to Cyberattacks appeared first on Hack Ware News.
]]>