C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Security
FOREFRONT
Hardware
Networking
Patch Management
PKI
Web
Windows
Wireless
On this page:
Apache Installation
Apache Security
Anti-virus
Bastille hosts
BIND & DNS
Service configuration
E-Mail and File Sharing
Encryption
Firewalls
File Hash management
Laptops
LIDS (Linux Intrusion Detection System)
Logging
MySQL
Networking
NIS
Password protection
Patches
PHP
Remote access
SELinux
SSH, VNC
VPN
Wireless
Related Links
Micrsoft Midsize Business: Security
Use the resources below to find security solutions geared toward midsize businesses with 25 — 500 PCS.
linux-wlan project
The goal of the linux-wlan project is to develop a complete, standards based, wireless LAN system using the GNU/Linux operating system.
Cerberus
Cerberus, an IPsec implementation from NIST. This implementation contain many different encryption cypher (including all the AES finalists), but is subject to US export controls.
File encryption
Free open-source disk encryption software for Windows XP/2000/2003 and Linux.
Benefits of Linux
If you are undecided on what OS to use, see some of the added value of Linux.

Linux

Print view

Linux is growing in popularity. Depending on the specific publisher, it is free and there is an expanding pool of expertise. Vendors are also benefiting from the alternative functionality and capabilities of the platform. There are many applications, especially scientific and academic, that exist only in the Linux arena. Couple that with the scalability (at press, the most powerful machine in the world, it terms of computations per second, is a 64,000 CPU IBM machine running Linux) and the greater breadth of CPU architecture support, and it is easy to see why it is gaining market share.

Linux, in its many flavors, is a robust and adaptable operating system. Many argue it is at least the equivalent of the Windows family, although they do have additional technical challenges specific to their architecture. Although there are many brands they have certain core components in common. Whilst it is not possible to comprehensively explore all the variants, C3SC has experience integrating specifically Fedora, SUSE, Ubunktu, and Mandriva into Windows environments.

If you are utilizing a distribution not mentioned here, please contact C3SC and discuss the specifics of your environment. There are many overlapping technologies and we would like the opportunity to explore your requirements and discuss options.

Similarly to Windows, all the required networking functions of a business environment can be found in Linux. To optimally benefit from the diversity of available operating systems, it is key that they are fully integrated. Fortunately, current implementations of both Windows and Linux are adept at exchanging information and can usually leverage shared infrastructure.

If you have Linux in your environment, some of the ways C3SC can help you are with the configuration and integration of:

Anti-virus. Yes, there are several anti-virus applications for Linux, and most are free. We can show you how to implement, update and monitor an anti-virus solution for Linux.

Apache Installation. The most widely used web server on the WWW. It's free, powerful, scalable and readily supportable. We can show you how to implement and run an Apache server farm.

Apache Security. A web server that is not secure is simply a gaping hole in your network security. We can show you how to secure Apache, monitor and maintain it. See also..

Bastille hosts. A great way of minimizing your exposure to the Internet, but a little known (or understood) configuration. We can show you the benefits and work with you to determine if it is right for your environment.

BIND & DNS. Linux performs very well as a DNS server and provides a very realistic alternative to Windows. Like all software it has weaknesses and the security level of the server can frequently be dependent upon the version, source, and configuration. We can plan, configure and implement a DNS application for your environment.

E-Mail and File Sharing. Most current distributions have an E-mail server as part of their core suite of applications. There is no doubt that recent incarnations of Windows Exchange far out rank them in terms of functionality. However, the question is "how many bells and whistles do I need?". Depending on your requirements, if you already have a Linux machine, one of the available open source servers is well worth considering. C3SC will work with you to define your requirements and select the best option for you. If that is a Linux-based system (or, for that matter a Windows-based one) we will install, configure, and integrate both server and clients.

Selecting the right application is key and C3SC will help you make the right choice.

Encryption. Linux supports SSL, PPTP, and certificate base communications. The base file system is natively different to NTFS and is more resistant to access by third party systems (mounting an NTFS partition or booting into an alternative operating system can make NTFS systems readable).

C3SC can help you secure Linux systems, applications, and communication.

File Hash management. Functionality that, although it is available in Windows environments, is far less widely utilized, and checks the integrity of system and application files. This is a process of generating a numeric string (hex or decimal) that is the result of a cryptographic check-sum algorithm. The same process can be applied to new files or existing ones. The objective is to compare the resultant check-sum against a historical one. If the two are identical, the integrity of the file is guaranteed.

Frequently, files or application software distributed by Linux-based developers will be accompanied by the check-sum numeric, generated by a publicly available algorithm. MD5 is a commonly used cryptographic algorithm for this purpose.

To be of value, a process, and possibly training, is necessary to utilize the check-sums and validate the integrity of files before applying them to a production system. C3SC can provide both process and training necessary to make best use of this safeguard.

Firewalls. There is a plethora of firewall applications available in the Linux domain. Where low volumes of Internet traffic exist, utilizing older/slower machines for this function is common place and practical way of maximizing end-of-life equipment. We can assess your environment and make recommendations based on available resources and requirements.

Laptops. Not yet a common application for Linux, but with greater support for wireless technology, it is a growing one. If you already have a Linux infrastructure, older machines, or no longer have sufficient licenses for Windows operating systems, a Linux platform might make better use of an existing machine. We can help you with break-even decision points and recommend appropriate solutions.

LIDS (Linux Intrusion Detection System). An add-on to the Linux kernel. Extremely useful in securing your account control. If you are using public facing and/or multi-user Linux machines, this is definitely something to think about. To learn more, contact C3SC and find out if it is right for your network.

Logging. The Linux operating system, and associated applications, make great use of logs but they can sometimes be hard to find and regulate. We can help you develop processes for making maximum use of this functionality.

MySQL. A Linux database; it is free, powerful and well supported. It is particularly suited to low transaction volume applications. If you are looking for a back-end to an ERP, E-commerce site, or assembly line function, you need to look at MS SQL or Oracle. However, if you have an application for 1,000 transactions/hour, or less, it is something you should consider. (Note: this site is generated from MySQL databases).

Networking. Like Windows, Linux supports IPSec and can be integrated with a Windows-based IPSec environment for data security during transmission.

NIS. Network Information System (also known as Sun Yellow Pages). A way of centralizing identity management in a Linux environment. If your identity is defined on a NIS server you will be able to log on to any machine in the same realm with the NIS daemon running.

We can help setup, configure, and harden a NIS for your Linux environment. We can also integrate it with a Windows environment for ease of maintenance and administration.

Password protection. We will secure your password file and enforce a complex password policy.

Patches. Patching Linux systems can be a chore. Let C3SC configure automated updates and perform patch vulnerability tests.

PHP. PHP security is a constant battle between hackers and security officers. Let C3SC configure a secure PHP installation and provide processes to maintain that security.

Remote Access. Remote access is a very powerful feature of Linux. With the ability to "export" both GUI and command line functions, together with VNC capabilities, Linux is just as capable as a remote server, as it is a local machine. However, this level of remote operability comes at a price. To make the most of this functionality the machine must have the necessary gateways open, with their inherent security risks.

C3SC will work with you to define your requirements and create secure remote access solutions.

SELinux. A more recent innovation is Security Enhanced Linux. If you have an existing Linux infrastructure and are not using this functionality, let C3SC harden your machine(s) by implementing this development. This is a direct add-on and comes under your existing licensing umbrella - so it is free to you!

Service configuration. Running only the services specific to your needs is a must for securing your systems. Although many services are secure, the more you have reduce your surface area, the lower the likelihood of a successful attack. If you are not using it, why have it running?

We can work with you and/or your application providers to define your service requirements and lock down your machines accordingly.

SSH, VNC. See remote access

VPN. If you connect remotely, especially from outside your physical network, you simply must be running a VPN. Linux has an abundance of solutions. At C3SC we can define your requirements, select and implement the solution that is best for you.

Wireless. Wireless functionality has been, until recently, a black art. Many wireless devices had drivers created not by hardware manufacturers but by devotees, and had the corresponding support levels. To configure and implement they were a headache, and frequently did not support even the most basic of security functionality. However, the manufactures are becoming increasingly aware of the growing Linux market and are correspondingly producing more OEM drivers and support.

If you have an existing wireless network, or you plan to implement one in the near future, talk to C3SC for a security assessment..

If you need help with existing or planned Linux integration, C3SC has the experience and expertise to help.

See also..

▲Top of page
Did you know?
Windows XP and beyond include firewall technology.
If you have a gateway to the internet or are just using Windows XP Internet Connection Sharing, Windows has a great firewall, but you need to tune it to get the best from it.
Email is a hackers gateway to your network.
Make sure you have adequately trained your employees in good email hygiene to reduce virus attacks.
Who is using your computer?
Don't leave your computer whilst you are logged on. It only takes a moment for someone to send an email with your account. Always shut down at night and set a password for your screen saver so your PC will remember even if you don't.
Only and estimated 25% of companies report computer intrusions to law enforcement.
They site bad publicity and loss of credibility as major concerns.
Folder views.
If you want all your files and folders to be listed the same way in Explorer, display the format you want in the right pane, e.g. details view, sorted by file type. Then Tools>Folder Options and the Views tab. Hit the Apply to All Folders button and the next time you traverse to a folder it will be in your "standard " display format.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com