Preventing SSH Dictionary Attacks With DenyHosts

 Linux/Unix相关  没有评论 »
11月 232010
 

Version 1.0
Author: Falko Timme
Last edited: 02/07/2006

In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon. In this tutorial I will run DenyHosts as a daemon.

From the DenyHosts web site:

“DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks.

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc…) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above… “

This tutorial is based on a Debian Sarge system, however, it should apply to other distributions with almost no modifications.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you! Continue reading »

Godaddy上支持哪些域名的DNSSEC部署?

 DNSSec and DNS  1条评论 »
11月 122010
 

狗爹目前支持.org, .eu, .biz 和 .us域名的DNSSEC安全扩展. com 和 net域名估计还要再等等啊,至少是2011年下半年了.

by GoDaddy Employee JacqueM on August 17th, 2010

We currently support DNSSEC for .org, .eu, .biz., and .us domain name extensions. The registry for .com and .net, VeriSign (R), doesn’t support DNSSEC for these extensions yet, but they’re working on it. As soon as they make DNSSEC possible for .com and .net, we plan to be right there with them to support it!

第3方软件在黑莓中切换上网方式时遭遇防火墙 IT Policy问题的解决方法

 智能手机-黑莓-android  没有评论 »
11月 142009
 

问题描述:

1. 在启用firewall的情况下, 程序第一次使用cmnet上网后,不能使用wifi来上网; 程序第一次使用wifi上网后,不能使用cmnet来上网.

2. 关闭firewall后才可以上. 黑莓自带浏览器不受影响.Goonuu不受影响.

3. 现象,不能连接时提示: The application has attempted to open a connection to a location inside the firewall and outside the firewall.

原因剖析:

1. 在黑莓出厂的默认设置中, 为保持手持设备的网络安全,禁止了第三方程序的private和public两种类型连接方式的共存,以保护内部网络数据不被第三方程序传送到public网络. 例如黑莓企业服务器的MDS输入private类型,而wap和cmnet属于public类型.

2. 此项控制是通过手机IT Policy中 “ALLOW_SPLIT_PIPE_CONNECTIONS” 这一条策略来调整,出厂默认为False.需将其设置为True才可以使用多种类型上网方式.

解决方法: Continue reading »

Blackberry security checklist

 智能手机-黑莓-android  没有评论 »
9月 132009
 

      Is a quality device password set to control access to the Blackberry?

      Is content protection(encryption) enabled on the Blackberry?

      Does the Blackberry contain the latest RIM operating system?

      Are you regularly educating yourself on potential new Blackberry vulnerabilities and exploits?

      Is an antivirus/antimalware program installed on the Blackberry?

      Are you on the lookout for third-party Blackberry personal firewalls?

      Is the Blackberry firewall-enabled?

      Are the Blackberry firewall default setting configured as securely as possible for how the Blackberry will be utilized?

      Are specific applications installed on the Blackberry configured with the least amount of access to other portions of the Blackberry?

      Are users educated on the potential risks to Blackberry?

      Are external interfaces that will not be utilized disabled?

      Is the bluetooth Discoverable option disabled?

      Are bluetooth options, such as acess to the address book,configured as securely as possible?

Things to Remember

      Blackberry devices are susceptible to exactly the same types of threats as any other type of computer system. These threats include the following: Continue reading »

如何安全的删除alidevice.sys

 网络学院  没有评论 »
4月 112009
 

关于alidevice键盘监听是不是流氓软件就不讨论了,起码淘宝不给卸载alidevice键盘监听的方法,就此一点已经足够流氓。

我验证过10台机器,以下方法可干净卸载。
1. 修改HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters键值,把alidevice删除,注意kbdclass保留,不要删除,否则重启机器你的键盘可能失效。

2. 删除HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0303\4&5289e18&0,这里直接删除会报错,用icesword这个软件删除4&5289e18&0(icesword V1.22绿色版可以在华军软件http://www.newhua.com/soft/53325.htm下载)

3. 删除HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alidevice

4. 删除Windows\System32\Drivers\AliDevice.sys文件

5. 重启系统

6. 部分电脑可能出现”发现新硬件”的提示,继而要求重启系统,这是由于干净删除alidevice以后,键盘恢复初始状态,在系统重新注册的缘故。

开车听音乐什么情况下容易引发车祸?

 音乐欣赏  没有评论 »
9月 262008
 

喜欢什么样的音乐,一百个车主会有一百个答案。比如有人喜欢小野丽莎,有人着迷悠扬的萨克斯,也有人只听“歌神”张学友。但注意哦,并不是任何音乐都适合开车时听。如果选择不恰当,可能会分散驾车者的注意力,降低判断的准确率,影响安全驾驶。

开车不可听之一:开车千万别戴着耳塞

英国老牌歌星乔治·迈克尔就犯过一次错,两只耳朵堵着耳塞听iPod。结果越听越困,半梦半醒地就开上行人安全岛,出了车祸。
医学人士认为,戴耳塞听音乐本身就对耳朵有损伤,开车戴耳塞后果更严重。不仅耳朵对外界声音不敏感,长此以往还会造成耳部血管弹性失调,引发神经紊乱。

开车不可听之二:75分贝是极限

许多司机喜欢开车时把音量放大,跟着强劲节奏,身子也会不由自主地摇摆。适当劲爆的音乐可以让驾驶者振奋精神,赶走疲劳,但“高调”过了头容易引发车祸。

医学实验证明,开车时如果音量过大,就会加重听觉的负担,分散注意力,降低判断情况的准确性。平常说话的声音是四五十分贝,实验表明,当音量为75分贝(相当于在闹市区的感觉)时,司机判断的失误率为24%;当音量为95分贝时,判断的失误率超过40%。 Continue reading »

缺陷微处理器成为又一攻击焦点 无法被发现的后门

 网络学院  没有评论 »
4月 162008
 

多年来,黑客一直在集中精力寻找计算机软件的黑洞,以让他们在未经授权的情况下使用电脑系统.

但是上周二,伊利诺伊大学的研究人员却展示了他们如何改变计算机芯片,让攻击者打开后门进入电脑,这一技术虽然十分繁杂,但是至少在现实世界没有任何防御的可能,甚至连发现都是很难的事情.

该小组利用一种特别的可编程处理器,注入恶意的固件到芯片记忆体中就可以实现让攻击者直接登录机器.

这意味着不需要找出任何软件缺陷就可以让攻击者大踏步进入系统而不被任何基于软件的入侵检测系统发觉.更可怕的是,这些可编程的芯片在Sun的中高端服务器中非常常见. Continue reading »

 下一页  上一页