Source NAT changes the source address in IP header of a packet. It may also change the source port in the TCP/UDP headers. The typical usage is to change the a private (rfc1918) address/port into a public address/port for packets leaving your network.
Destination NAT changes the destination address in IP header of a packet. It may also change the destination port in the TCP/UDP headers.The typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.
Masquerading is a special form of Source NAT where the source address is unknown at the time the rule is added to the tables in the kernel. If you want to allow hosts with private address behind your firewall to access the Internet and the external address is variable (DHCP) this is what you need to use. Masquerading will modify the source IP address and port of the packet to be the primary IP address assigned to the outgoing interface. If your outgoing interface has a address that is static, then you don’t need to use MASQ and can use SNAT which will be a little faster since it doesn’t need to figure out what the external IP is every time.
It appears that there’s a bug in Ubuntu distributions which lets malicious users to locally exploit sudo and gain access to the user’s account without knowing their password. The bug was submitted to Canonical’s Launchpad back in September 2013 by user Mark Smith.
Shortly after this article was posted, WordPress released version 4.2.1, flagging it as a critical update. Website owners are encouraged to update immediately, and automatic updates have started to roll out. More information is here. However, the release advisory from WordPress still suggests that no prior notification was received from Klikki Oy, something the research firm disputes.
Read this full article at CSO Online
To be sure, many major Web companies like Google and Yahoo have been leveraging open-source dynamics aggressively and contribute back to the community. My aim is not to single out Facebook, except that it was during the F8 conference I had the opportunity to reflect on the drivers behind Facebook’s actions and why other technology providers may be wise to learn from them.
Security specialist CloudFlare today announced a new Virtual DNS service with the goal of helping to mitigate denial-of-service (DoS) attacks and improving Domain Name System (DNS) security overall.
It’s possible to overdo security and end up damaging productivity. Many years ago, when helping to organize a security conference, I noted that the idea that a system wrapped in a waterproof safe and dropped into the deepest part of the seas was not as “secure” as it was useless. What most of us want are systems that will both be reliable and available. The CIA (confidentiality, integrity, and availability) model is a good reminder that what we’re protecting is not systems but productivity.
As 2014 winds down, the breach of Sony Pictures Entertainment is clearly the biggest data breach of the year and among the most devastating to any corporation ever.
Attackers broke in and took whatever they wanted, exfiltrating gigabytes and gigabytes of documents, emails and even entire movies, apparently at will for months and months on end.
Relying on a DMZ to protect your network and data is like putting money in a bank that depends on one guard and a single gate to secure its deposits. Imagine how tempting all those piles of money would be to those who had access — and how keen everyone else would be to obtain access. But banks do not keep cash out on tables in the lobby, they stash it in security boxes inside vaults, behind locked doors, inside a building patrolled by a guard and secured by a gate. Likewise, network segmentation offers similar security for an organization’s assets.
Read this full article at Network World
On-screen virtual keyboard is an alternative input method that can replace a real hardware keyboard. Virtual keyboard may be a necessity in various cases. For example, your hardware keyboard is broken; you do not have enough keyboards for extra machines; your hardware does not have an available port left to connect a keyboard; you are a disabled person with difficulty in typing on a real keyboard; or you are building a touchscreen-based web kiosk.
The Chinese government is promoting China Operating System, a closed source, Linux-based OS that it hopes will supplant Microsoft Windows and Google Android.