Let's Discuss Technology - with Nick Martin @technickmartin - Tumblr Blog

Posts

As far back as the ascent of web use and its significance in the every-day living of a great many people, a ton of families are worried about the materials and…

#web content filtering software #Filtering Software #internet

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

An intrusion prevention system is an impeccable detached security arrangement that is particularly intended to screen all inbound and outbound system movement.…

#Intrusion Detection System #Intrusion Prevention System #IDS #IDS Update #IDS software

Plex Media Server for Linux Operating System

The Plex Media Server is a backend application to help you manage and stream media to almost any network connected device. This app has been integrated to ClearOS's Network Map app that allows you to restrict when users/devices on the LAN can access the media server.

#Plex Media Server

IDS Signatures can be a great tool to protect your system from known exploits, but you need proper IDS Updates to maximize its functionality and system protection.

Intrusion Detection System (IDS) is designed to monitor an entire network activity, traffic and identify network and system attack with only a few devices. ClearOS IDS Signatures and Update app provides over 12,000 additional signatures and continual weekly updates.

#IDS Signatures

Dynamic DNS works with ClearCenter's SDN to continually update a system's IP address to a static hostname and provides an easy remote access to your system.

Dynamic DNS provides an easily remembered and constantly updated hostname to access your system remotely. Whenever any change or updation takes place in the DNS than the Dynamic DNS services take notice and automatically update itself on the records.

#Dynamic DNS

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

IDS Signatures can be a great tool to protect your system from known exploits, but you need proper IDS Updates to maximize its functionality and system protection.

Intrusion Detection System (IDS) is designed to monitor an entire network activity, traffic and identify network and system attack with only a few devices. ClearOS IDS Signature and Update app provides over 12,000 additional signatures and continual weekly updates.

#IDS Signature #IDS Update

#plex media server

How Firewall act as a Layer of Protection (Infography)

The primary approach of using a Firewall is to deal with numerous point regarding security of your Server or Host. A firewall imposes restrictions on incoming and outgoing packets to and from the private network. All the traffic, whether incoming or outgoing, must pass through the firewall, and only authorized traffic is allowed to pass through it. Apart from it a Firewall imposes certain benefits.

Some of the segments that covers under these benefits are:

1. Overall controlled Access to site systems

2. Concentrated Security

3. Enhance system privacy

4. Providing shield from network misuse, Policy enforcement etc.

5. Defending vulnerable services

Overall controlled Access to site systems

A firewall act as a barrier to control access over to a site system. This can be explained by the example that if some host can be made reachable from outside networks, whereas others can be effectively sealed off from unwanted access. A site could prevent outside access to its hosts except for special cases such as mail servers or information servers. Thus providing a filtering system which enables only those that meet the access policy

Concentrated Security

A firewall remains the better choice for organizations willing to cut costs on their security mechanism, because it allows them to implement a parallel software on all hosts instead of implementing one individually. Simply put, it becomes easier to set unique security credentials on the firewall itself, and it works on all systems accessing the network. Firewall is also a better option because it requires less installation and maintenance costs, unlike other solutions like Kerberos [NIST94C] that demands individual modification on each host. Despite of the fact that Kerberos and other security mechanisms have their added benefits over Firewall, the letter one remains more popular due to its simplicity, specialization and less costs.

Enhance system privacy

Privacy is one of the crucial factors that must be taken care as innocuous information might contain clue that termed to be very helpful to hackers or attackers. Since to overcome these factors and grab a much effective security value, a firewall comes in action. They help in blocking services that can be helped in leaking this information such as finger and Domain Name Service. finger displays information about users such as their last login time, whether they've read mail, and other items. These Firewalls can also be used to block DNS information about site systems, thus the names and IP addresses of site systems would not be available to Internet hosts

Providing shield from network misuse, Policy enforcement etc.

A firewall can be very beneficial if it was used as a filter towards all of the internet access to and from the system passes through it. The firewall can log accesses and provide valuable statistics about network usage. In today’s era all of the major firewall are enabled with notification system such as the appropriate alarms that sound when suspicious activity occurs can also provide details on whether the firewall and network are being probed or attacked. It is very beneficial to collect network usage statistics and evidence of probing for a number of reasons. One of the primary importance is knowing whether the firewall is withstanding probes and attacks, and determining whether the controls on the firewall are adequate thus helping in maintaining risk factors.

Defending vulnerable services

A firewall can enhance network security and reduce risks to hosts by filtering inherently insecure services. As a result, the subnet gets shield from all of the risks, as only selected protocols will be able to pass through the firewall. For example, a firewall could block any vulnerable services such as NFS from entering or leaving a subnet. This provide the benefit of preventing the services from being exploited by outside attackers, but at the same time permits the use of these services with greatly reduced risk to exploitation. A firewall could reject all source-routed packets and ICMP redirects and then inform administrators of the incidents.

A Linux firewall acts as a shield for your system through five different stages, from the time it's installed on your computer to the appearance of the ransom warning on your screen. You can download our step by step infography to learn about the stages of an attack, and get tips on staying safe.

#Linux firewall #Linux #Firewall policies #layered security #Security #software #scam #threats #web malware

Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits

Whether you need to monitor your own network or Host by connecting them to identify any latest threats, there are some great open source intrusion detection systems (IDSs) one need to know.

So before coming over to the actual topic, let’s gain some knowledge about what an IDS software is?

I won't bore you with the complete brief Blahh... Blahh.. IDS is. It’s simply a security software which is termed to help user or system administrator by automatically alert or notify at any case when a user tries to compromise information system through any malicious activities or at point where violation of security policies is taken.

Network IDS - These Detection are operated by inspecting traffic that occurs between hosts.

These mechanisms are basically prorated into two major forms.

1. IDS signature detection 2. Anomaly detection

1. IDS Signature Detection- This type of detection work well with the threads that are already determined or known. It implicates searching a series of bytes or sequence that are termed to be malicious. One of the most profitable point is that signatures are easy to apply and develop once you will figure out the sort of network behaviour to be find out.

For example, you might use a signature that looks for particular strings that detects attacks that are attempting to exploit a particular system database. Therefore, at this instance the events generated by a signature-based IDS can communicate what caused the alert. Also, pattern matching can be performed very quickly on modern systems so the amount of power needed to perform these checks is minimal.

Disadvantages

1. Firstly, it's easy to fool signature-based solutions by changing the ways in which an attack is made.

2. Secondly, the more advanced the IDS Signature database, the higher the CPU load for the system charged with analysing each signature

3. Novel attacks cannot be detected as the only execute for known attacks

2. Anomaly detection- The anomaly detection technique is a centralized process that works on the concept of a baseline for network behaviour. This baseline is a description of accepted network behaviour, which is learned or specified by the network administrators, or both. It’s like a guard dog personally interviewing everyone at the gate before they are let down the drive.

Its integral part of baselining network is the capability of engine's to dissect protocols at all layers. For every protocol that is being monitored, the engine must possess the ability to decode and process the protocol in order to understand its goal and to carry out IDS Update much batter way.

Disadvantages

1. One of the major drawbacks of anomaly-detection engines is the difficultly of defining rules. Each protocol being analyzed must be defined, implemented and tested for accuracy which is not always an easy task

2. Other of the perils including that if any malicious activity that falls within normal usage patterns is not detected. An activity such as directory traversal on a targeted server doesn't triggered out of protocol, payload or bandwidth limitation flag if complies with network protocol.

3. Anomaly testing requires more hardware that must be spread across the network. Thus go well with only larger networks and, with high bandwidth connections.

#IDS Signature #IDS Update #signature detection #anomaly detection #intrusion detection system

Content Filtering: Choose What Content You Want to Display

Content Filters are an evoking methodology used in the field of security technology. Essentially, these are set of tools that are intended to monitor all of the traffic carries out on a network and compare it to a set of rules that define any unacceptable activity. These tools works as a Centralized Monitored platform handled by any system administrator with a predefined set of rules by filtering or blocking the objectionable traffic from entering the network. As valuable an internet is in growing a business, thereby companies of all sizes, schools, government agencies and libraries face the need to control access to inappropriate materials or objectionable websites to attain maximum ROI form a business or to maintain network performance in much compelling manner.

How do content monitoring tools work? How well do they monitor outbound traffic?

One feature many Firewalls, either windows or Linux Firewall, have been pushing recently is content filtering proxies, whether transparent or authenticated. The technology used here is much simple. These are carries out in various method such as if the tool is set to be a monitor then with the help of a technician one can simply attach it to the networking LAN either by using a network tap, span port or similar replication technology. One point to be ensure is that the network through which the monitor is attached must consist with copy of all traffic.

In order to monitor the rate of outbound traffic, one must choose a Content Filter accordingly to their business requirement, such that which type of traffic to be enable or disabled. A content filter must not follow the hit and trial case. It must be enabled with whitelist/blacklist technology. It was basically a formation of list which represent a combination of content to be pass or bypass in the presence of the filter tools.

This monitoring is not that much effective if we scroll down time a bit in the past where you need to manually enter each URL into the gateway. This approach is not only time consuming, it limits the filter's effectiveness as millions of websites or those unusual contents are created or accessed through alternative methods. Thus making it impossible to achieve.

Now-a-days, Content filtering usually works by implying a complete new smarter technology that is specifying character strings. In this method if the string got matched with the undesirable content, that is to be screened out. This content is typically screened for pornographic content and sometimes also for violence or hate-oriented content. Thus monitoring the outbound traffic to be enabled or disabled.

#Content Filtering #Internet Content Filtering #Web Filtering #Content Filter #Linux Firewall #technology

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Understanding the Background of Dynamic DNS

What is the first thing that comes into everyone's mind when we hear the word DNS or Domain Name Server? Yeah, you are right. A lot of people know a bit or have zero knowledge about it. Well we all have things on our home network we want to access from outside: music collections, game servers, file stores, and more. Dynamic DNS makes it easy to give your home network a memorable and easy to use address.

Dynamic DNS Introduction

Basically it is related to the IP address such that every computer attached to the Internet has an IP address. Name Translation is the process of relating a name (like 'www.google.com') to any IP address (like '74.124.56.163') so that a website that is running locally on a computer can be accessed using an easily remembered name, rather than remembering the IP address number of the computer. Name Translation is implemented via a distributed database known as the Domain Name System.

A Dynamic DNS (DDNS or DynDNS) is a term used to denote the updation that is carried out automatically on Name server in the Domain Name System (DNS). These updation are carried out in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

The term is used to describe two different concepts. The first is "dynamic DNS updating" which mainly focus on carry out updation the traditional DNS records without manual editing. All of these mechanisms are explained in RFC 1236 and use the TSIG mechanism to provide a much more security factor. The second kind of dynamic DNS provides a lightweight and immediate updates often using an update client, which do not use the RFC2136 standard for updating DNS records.

#Dynamic DNS #DNS #Domain Name #Dynamic Ip Address #Ddns #Technology #What is DNS

Beginner's Guide To ClearOS - Linux Firewall

ClearOS Firewall is one of the best Open Source Linux firewall distribution. It is an extremely flexible Firewall App build to configure mainly for Open source platform. This firewall is mainly designed to prevent unauthorized access to or from a private network that uses range from one hardware to multiple sharing. Here we provide you with the complete guide to access all features of Linux Firewall.

ClearOS firewall as the best source

Works as a command-line firewall, designed by ClearFoundation team. These Firewalls are divided mainly into Incoming and Custom firewalls. These Apps always come pre-installed on our ClearOS Platform. To update/install it, just retrieve the App:

Custom Firewall

While carrying out the deep process as an administrator one will be able to accomplish all their firewall needs using the standard ClearOS web interface, though it may be necessary to add custom firewall rules in some scenarios. The Custom Firewall tool provides a way to create advanced firewall rules. Thus to carry out all of the modules, one has to first install it from the ClearCenter Marketplace.

MarketPlace

The ClearCenter Marketplace is a service that allows administrators to browse and search for apps compatible with the platform/version and install them. Apps are applications that have been specifically developed and integrated into the ClearOS webconfig user-interface that extends or enhances the functionality and/or security of a system.

Your Marketplace can be customised by clicking on the 'Settings' button found among the cluster of buttons/links used for paginating the Marketplace apps and beginning the install process. To enhance the process more simply let’s take an example for the same with all of the possible IP Cases.

Custom Firewall Module Examples

This is an example to show all of the cases that exist for Custom firewall in ClearOS. This guide contains examples of some useful rules. Such that how it was used to protect your server or network from being unauthorized used.

For these examples we will use the network WAN network of 1.2.3.0/28 with .1 as the target router of our ISP, .4 is our ClearOS server. The DMZ network is 5.6.7.0/27 with 5.6.7.8 as the ClearOS DMZ IP address. The HotLAN network is 172.22.22.0/24 with ClearOS as 172.22.22.22. The is 192.168.1.0/24 with 192.168.1.1 as the ClearOS server and 192.168.1.10 as a third party web/file server.

Firewalling

Port Forwarding Restricted to Specific Public IPs

Case: 1. This case is relative to the port forwarding which is restricted to a specific Public Ips.. The example below allows connections to a MySQL server (TCP port 3306) on the at 192.168.4.109 from the remote IPs 1.2.3.4 and 5.6.7.8

iptables -t filter -I FORWARD -d 192.168.4.109 -p tcp --dport 3306 -j DROP iptables -t filter -I FORWARD -s 1.2.3.4 -d 192.168.4.109 -p tcp --dport 3306 -j ACCEPT iptables -t filter -I FORWARD -s 5.6.7.8 -d 192.168.4.109 -p tcp --dport 3306 -j ACCEPT

Still the Port forwarding is not working. The next step goes like, is to use the Port forwarding app to generate a port forwarding rule for the above example: TCP port 3306 to IP 192.168.4.109. Here both Custom Firewall and port forward comes into action by handling the restriction to specific public Ips and at the same time handling the rest.

Port-based Filtering

Case: 2. This example is relative to Port bases filtering. Based on passing traffic to bypass content filter it usually singles out all of the ports and drop them at a certain host or a range of them. For example, you can block SMTP for your entire DHCP range of addresses if your DHCP scope goes from 192.168.1.128-254

iptables -t nat -I PREROUTING -s 192.168.1.128/25 -p tcp --dport 25 -j DROP

Managing LAN-to-LAN Traffic

Case: 3. By default, the generated traffic between multiple LANs is permitted. If one like to block it between LANs, you can use the following example.

eth1: LAN1 eth2: LAN2 # Block traffic between eth1 and eth2

iptables -I FORWARD -i eth1 -o eth2 -j DROP iptables -I FORWARD -i eth2 -o eth1 -j DROP

# Allow reply traffic

iptables -I FORWARD -i eth1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -i eth2 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow traffic to web server on LAN2 network iptables -I FORWARD -i eth1 -o eth2 -p tcp --dport 80 -j ACCEPT

Logging Specific Network Traffic

Case: 4. At various circumstances, you may want to log certain types of network traffic. Then the very first thing that you need to do is to create up a special logging firewall rule:

iptables -N log-traffic iptables -I log-traffic -j LOG --log-prefix "Traffic log: "

Next, you can add rules that can be directed to the logger. Here are some examples:

# Log traffic destined to 1.2.3.4 iptables -I FORWARD -d 1.2.3.4 -j log-traffic

# Log traffic destined to port 12345 iptables -I FORWARD -p tcp --dport 12345 -j log-traffic

The information is stored to the /var/log/messages log which can be viewed using the Log viewing app.

Gateway Services

Case: 5. To bypass all gateway services except for NAT, you can use a rule like this: iptables -t nat -I PREROUTING -s 192.168.1.99 -j ACCEPT

This rule will bypass all filtering of all types for this IP address. If you want to limit it to bypass for TCP only services, you the following:

iptables -t nat -I PREROUTING -s 192.168.1.99 -p tcp -j ACCEPT

HotLAN to LAN

Case: 6. HotLan to Lan. This is similar to a Pinhole method in the DMZ app. For this example, your network is 10.1.1.0/24 and your HotLAN network is 192.168.1.0/24. In this example the service is port 25 SMTP on the server 10.1.1.10. You can even add a forwarding rule using the Custom Firewall app:

iptables -I FORWARD -p tcp -s 192.168.1.0/24 -d 10.1.1.110 --dport 25 -j ACCEPT

Port Forwarding from selected hosts

Case: 7. This case exist such that Let us say that you want to allow only certain hosts to access your SMTP service behind your firewall. You normally could use the Port Forwarding module for this but you want to get restrictive to a single IP address.

In this example, our internal server is 10.1.1.110 and is running SMTP. We want to make it so that 3.2.1.0/24 can get to it but only this range.

You will need to add two rules:

iptables -t nat -A PREROUTING -p tcp -i eth0 -s 3.2.10/24 --dport 25 -j DNAT --to-destination 10.1.1.110:25 iptables -A FORWARD -p tcp -s 3.2.1.0/24 -d 10.1.1.110 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Limit SSH/Webconfig Access to Specific IP Addresses

The following entries would restrict remote SSH (port 22) an Webconfig (port 81) access to specific IP address that you define (i.e. allow remote login from office, home, datacenter etc.).

# Deny all SSH connections iptables -I INPUT -p tcp --dport 22 -j DROP

# All connections from address xyz iptables -I INPUT -p tcp --source 1.2.3.4 --dport 22 -j ACCEPT iptables -I INPUT -p tcp --source 5.6.7.8 --dport 22 -j ACCEPT

# Deny all webconfig connections iptables -I INPUT -p tcp --dport 81 -j DROP

# All connections from address xyz iptables -I INPUT -p tcp --source 1.2.3.4 --dport 81 -j ACCEPT iptables -I INPUT -p tcp --source 5.6.7.8 --dport 81 -j ACCEPT

Incoming Firewall

The Firewall Incoming feature is mainly used for two primary purposes. Other following the same Marketplace feature as used in Custom Firewall

To allow external connections to your ClearOS system

To permanently block a particular IP address or entire networks from accessing ClearOS

Installation

This feature is part of the core system and installed by default

Configuration

Incoming Connections

Whenever a firewall is enabled on your ClearOS system, the default behaviour that comes into action is to block all external traffic coming to your server. But what on the case if one wants to use if for other running services on your ClearOS system that can be accessed out from the Internet either it is for Dynamic DNS or Dynamic VPN. Thus in such cases you will need to add the firewall policy. For example, the Open VPN Feature requires UDP port 1194 to be open on the firewall.

You can also open up ports to allow for remote management of your ClearOS system. For example, you can open up TCP port 81 to give access to Webconfigure.

There are three ways to add an incoming firewall rule:

select a standard service in the Standard Services drop down input a protocol and single port number in the Port Number box. input a protocol and multiple consecutive ports in a port range in the Port Range box.

#linux firewall #linux server #small business server #Dynamic VPN

Trending Blogs

Last Seen Blogs

Let's Discuss Technology - with Nick Martin