IT Security Blog

Hardening Slackware

By

Transmarit is a guide to hardening Slackware Linux 10.2.0. It was written by Jeffrey Denton in January 2006, and covers most of the steps you’d want to take to securely lock down a Slackware server.

Locking down a system this much is probably unsuitable for home users, or on most workstations, but in the server environment, most of the security precautions mentioned make sense.

Of course, locking down a system brings with it inconvenience as well as security, and most sites will want to find a balance between security and usability. The document does lean somewhat more toward security, though.

There are actually some interesting tricks in there, such as checking if a user with UID zero is in fact root, and, if not, killing their processes and e-mailing the real root.

For those wishing to secure their Slackware servers, this makes an excellent read. In fact, even if you’re just looking to slightly increase the security of your home system, I’d say that reading this document would be a good place to start getting some ideas as to what you can and can’t do, and what sort of thing makes for good security.

Hardening a Linux system is the topic of many books and documents. Some try to be generic and cover the things you can do regardless of distribution, but many are written for the “popular” enterprise distributions such as RedHat and SuSE. It’s nice to see a Slackware one out there, and with such sound security information in it, Slackware should keep its reputation for security as well as speed and stability.

Virtual Private Networking: What Is Tunneling?

By


Tunneling is a method of using an internetwork infrastructure to transfer data for one network over another network. The data to be transferred (or payload) can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate internetwork.

The encapsulated packets are then routed between tunnel endpoints over the internetwork. The logical path through which the encapsulated packets travel through the internetwork is called a tunnel. Once the encapsulated frames reach their destination on the internetwork, the frame is decapsulated and forwarded to its final destination. Tunneling includes this entire process (encapsulation, transmission, and decapsulation of packets).

MSN Messenger Censorship

By

It turns out that MSN are blocking the word “download.php” in MSN Messenger conversations. According to SourceForge, and verified by myself, messages containing those words simply do not get through. In addition, the conversation link is closed (but the chat window itself remains open).

I shouldn’t need to point out that many legitimate sites use download.php as a means for accessing files. Linking a less computer-savvy friend to a download page for AntiVirus software may now be impossible, thanks to MSN.

This is a totally pointless censorship, and serves no purpose whatsoever, other than to inconvenience the user.

Perhaps it is time to switch to another protocol, Jabber, for instance, built on the open XMPP protocol.