Building

SLES 11 Hardening Guide

SUSE Linux Enterprise Server (SLES) has been around since 2000. As it is designed to be used in an enterprise environment the security of these systems must be kept at a high level. SLES implements a lot of basic security measures that are common in most Linux systems, but are these enough to protect your business? We think that with a little effort you can raise the security of your SLES installation a lot.

We have compiled the most relevant security settings in a SLES 11 hardening guide for you. The guide is supposed to provide a solid base of hardening measures. It includes configuration examples and all necessary commands for each measure. We have split the measures into three categories: Authentication, System Security and Network Security. These are the relevant parts to look for when hardening a system. The hardening guide also includes lists of default services that will help to decide which services to turn off, which is an essential step to minimize the attack surface of your system.

See all of the steps that we compiled for you in our hardening guide for SLES 11: ERNW_Checklist_SLES11_Hardening.pdf

Continue reading
Events

Summary of Talks Held at HITB 2013 – Day 2

This is a short summary of some selected talks from the second day of this year’s Hack in the Box conference in Amsterdam.

 
Rethinking the Front Lines by Bob Lord

Bob Lord is currently the Director of Information Security at Twitter. He has worked at numerous companies in the area of security and software engineering.

In his keynote for the second day of HITB13AMS he tackled a topic that has raised a lot of discussions in the past months. His talk was a summary of what twitter does internally to ensure the security of the company and a plea to implement so called security awareness trainings for employees in a sustainable way. Continue reading “Summary of Talks Held at HITB 2013 – Day 2”

Continue reading
Events

Summary of Talks Held at HITB 2013 – Day 1

This is a short summary of some selected talks from the first day of this year’s Hack in the Box conference in Amsterdam.

 
Abusing Twitter’s API and OAuth Implementation by Nicolas Seriot

Nicolas Seriot (https://twitter.com/nst021) is an iOS Cocoa developer with an interest in privacy and security. He is currently a mobile applications developer and project manager in Switzerland. Nicolas focused his talk on the extraction of consumer tokens that are needed for OAuth to authenticate a consumer to a service provider. These tokens can then be used by rogue applications to gain access to a victims twitter account. Continue reading “Summary of Talks Held at HITB 2013 – Day 1”

Continue reading