September 18, 2012 wags007

How CloudFlare dealt with a 65Gbps DDOS Attack…

Abraham Williams on Google+ pointed us to an article over on the CloudFlare blog about how they dealt with a recent 65Gbps attack. The article titled “How to launch a 65Gbps DDOS attack and how to stop one” gives some high level details about how they deal with such attacks and how someone can get 65 Gbps of bandwidth to even start one. The article does a great job of explaining one method using Open Unrestricted DNS Resolver. The basic idea is that since DNS can be done with UDP packets you can easily forge the from address and cause the Open Unrestricted DNS Resolver to reply to the targeted computers or network. This is exploiting two flaws in the internet. The first that UDP is a fire and forget protocol which doesn’t require any proof of where you are coming from. The second is that Open Unrestricted DNS Resolver exist or at the least allow UDP requests. DNS can and should be required to be done over TCP which makes forging the information much harder and less reliable.

They have an article they wrote before this one that talks about and apologizes to their customers for the disruption in the first place. It’s found here and called “Post Mortem: What Yesterday’s Network Outage Looked Like” . It is a shinning example of what a company should do when an event like this happens. It is very transparent, clear and easy to understand and most of all genuine. While I know it’s great PR it’s not something I see a lot of companies like them doing.

Let us know if you have ever dealt with something like this in your job?

Do you think they took the proper response?

What do you think of the post mortem?

Update: Changed Open to Unrestricted becuase as pointed out in the comments below it seemed to imply the awesome DNS service by a similar name. They, to our knowledge, were not part of the problem.

April 3, 2012 wags007

One of the simplest ways to tunnel your traffic securely…

So the folks over at LinuxJournal.com wrote up a great tutorial for tunneling through SSH. What’s so great about that? Well it’s an easy way to do simple stuff securely on your home or office network. You only need to open up port 22 for SSH and point it to an SSH Server. Then you can point to a local port and use SSH to get it to your destination server securely.

Wait…Can’t someone just login to my machine that way? If you take percausions like using only SSH Keys and not passwords and use a gawk script like this one over at everythingbash.com. This script will create and send you a cool list of everyone who has and has tried logging in.

WARNING!!!! I have had several customers and friends notice that their SSH Servers just get pounded with people trying to connect using default or bogus accounts. So be sure to disable, remove or set the shell to /bin/false any account you aren’t using.

September 21, 2011 wags007

Is linux really more secure?

With the recent breaches at Kernel.org and the Linux Foundation several people have started asking is Linux really more secure? Our assesment of the sitution is that any OS is only as secure as the users and Admin’s make it. A weak user password or failing to keep up with system patches both can end with the same result as the Kernel.org breach showed. Others like Leo Leporte’s Twit Network website were caused by missed updates. So whether it’s Windows, Linux or the Mac poor choices will always lead to insecurity. Protect your data and that of your fellow users and use long, safe and secure pass phrases. if your a system admin or Developer push hard to maintain your systems to a reasonable patch level for your company.

September 21, 2011 wags007

Security breaches just keep on coming…

According to several reports both kernel.org and linux.org were hacked over the last few weeks. Showing that both linux isn’t perfect and that users are the weakest link in any operating systems armour. In both cases nothing super secert from the users was stolen. The kernel.org attack is not an issue, as no one can update the kernel code or other software hosted at the site without a large nuber of contributors being told about the update. So with everything safe and the users passsword changed we can all breath a sigh of relief and walk away remembering that even simple things like password policies are important.

July 13, 2011 wags007

Please make us accountable for security..

This post is a direct plea to any C level managers or other managers that control what IT people do. We at LinuxInstall.net are tired of reading about companies like yours getting hacked. We feel comfortable saying this because while not every industrial market has seen a break in, it’s only a matter of time before they all confess. So what can you do?

First you should hold everyone accountable for their part of your IT Security, even if they don’t work for that department. By this we mean that your developers should be held accountable to write secure code. Your administrators should be expected to follow strict hardening standards. Everyone else in the company should use strong passwords and be smart about what they click on while visiting a web page.

So how do you verify that this is all being done? Start with an audit of every one’s processes which you have performed by outside security experts. They will be able to accurately evaluate that your standards are both secure enough and being enforced. With internally developed websites, the cost of outside code reviews should save you from having to spend the money on fraud protection for all of your customers or users. Read the audits and ask both the auditors and internal staff enough questions to let them know you really did look at it and want more detail or clarifications. It doesn’t make you look stupid and you will earn more respect this way. This process will also very likely end with a request for more staff, so be prepared.

For everyone, including IT, forced training about good web surfing habits and passwords are a must for every company. Regular checks by your security team for weak passwords inside your company will help to scare people straight about the policy.

Finally, listen to your staff. You pay them to be the experts on this. Let them be experts. They are the ones that should be focused on reading about the latest trends and maintaining their skills. To keep up their skills they need to go to both local and remote conferences on coding, security and things of this nature. That means that you need to spend money on it. The volume of knowledge around the entire security world is now beyond one person. Your teams should be both generalists and specialists. This will let them learn the basics and then focus on their area of interest. When you get the request to spend money, just review and approve it on the condition of cross training their teammates.

Remember security is every ones concern. If the company is breached bad enough, going out of business is a real possibility. With everyone working together and working securely you can take a large step towards securing the net.

March 27, 2011 wags007

Have you ever wondered what a root kit was?

Bill Keys on LInuxSecurity.com does a really good job of both explaining what they are and some tips on how to avoid, remove, and detect them. It is a nice easy read that will help you get a good understanding of the topic. Check it out.

March 15, 2011 wags007

TrendMicro reports Virus attack targeted at Routers…

TrendMicro is reporting that they have uncovered a virus targeting D-Link routers which are Linux based. Once infected the router starts listening to IRC for botnet commands and can also start brute force atacking the Username and Password combinations it finds on the router. They are still looking into what else the code may do. They are identifing it as ELF_TSUNAMI.R and will be posting updates as they have them. No mention of whether D-Link has posted an update to address the issue. Since D-Link and TrendMicro are partners the solution may already be in place. This is identified as a Low Risk, High Damage Poritential and Low threat for being spread.

Are you running Antivirus software on your Linux machines?

January 31, 2011 wags007

Fedora Project and others have been hacked recently…

We found an article that discusses the fact that the Fedora Project was hacked on 1/22. It seems that they aren’t alone in the problem here of late. Both the Free Software Foundation and Proftpd have also recently been hacked into. To our knowledge no real damage has been done but it is a great reminder to change your passwords and make the tough. Also updating/changing SSH Keys also helps since the Fedora hack used the users SSH Key.

May 27, 2010 wags007

Episode 25 – The Experimental Nature of Linux

Running Time:36:46

Found Here

1) Introduction

2) News

Advice about choosing OpenSource Products to use for your business

Doing IT Security doesn’t have to be expensive

7 Great CMS Tools

Linux Cares comes back to life

3) Topic of the night – The Experimental Nature of Linux

4) Conclusion

E-Mail us at podcast@linuxinstall.net

Go to the WebSite to call us via Google Voice

Look for us and comment on iTunes, odeo

May 19, 2010 wags007

Doing security right doesn’t have to be expensive….

I found this article over on the Datamation Blog that lists 50 great opensource and freeware security solutions. It’s an impressive list of tools that fill almost every security need you might have. One of the cool things about the article is that they tell you what the software is a possible replacement for. The tools on the list are at varying levels of maturity so be sure to do more research before replacing a key piece of your security infrastructure with them.