Vulnerabilities & Penetrations Results!

Protecting your Linux box

Vulnerabilities & Penetrations Results!

Postby securitykid » Wed Oct 24, 2007 9:22 am

Hi Guys,

I know this a Linux Forum, BUT as I know the security is the buzz word now a days, everyone looking for something / anything that help them to fix there issues or give some understanding... I recommend if we can post vulnerabilities or Pen Test identified by ourself to this post, it will be very interesting and knowledgeable.

Any Comments!!!

Thanks

SecurityKID-ITdotCOM
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby wacky » Wed Oct 24, 2007 8:05 pm

We recently had an outside Security company run penetration tests against our internet banking site and these are some of the points raised by them along with the recommended remedial actions:

1. Vulnerable version of Apache web server
The remote host is running a version of Apache which is susceptible to several known vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or perform a denial of service attack.

Remedial Action: Upgrade to the latest version of Apache and ensure that most up-to-date security patches have been applied

2. Remote service encrypts traffic using a protocol with known weaknesses
The remote service accepts connections encrypted using SSL 2.0 which repotedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between service and clients

Remedial Action: Disable SSL 2.0 and use SSL 3.0 or TLS 1.0

There's lot more but this'll do for a start
wacky
Naik
 
Posts: 94
Joined: Thu Jun 10, 2004 7:42 pm
Location: London, UK

Nice Idea

Postby x2oxen » Wed Nov 07, 2007 5:16 pm

This will be a real good idea to improve security issues.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby securitykid » Wed Nov 14, 2007 11:54 am

Thanks Usman.
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 0 guests

cron