|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Linux Security Week, October 9th, 2000
newsletter-admins
linuxsecurity.com
Date: Mon Oct 09 2000 - 09:25:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 9, 2000 Volume 1, Number 23n |
| |
| Editorial Team: Dave Wreski davelinuxsecurity.com |
| Benjamin Thomas benlinuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.
This week, a few interesting papers were released: "Cryptography,
PGP and Pine," "Square one: Paring down your network services,"
and the humorous, "Top Ten Reasons Why You Shouldn't Log in as Root."
Each of these articles provide useful information that can help
you secure your system.
Effective today, CERT will now follow a new policy of disclosing
vulnerability information to the public 45 days after an initial
report, regardless of the availability of patches or workarounds.
The purpose of releasing vulnerability information is to better
inform the public while still giving vendors adequate time fix
problems.
Our feature this week, Dave Wreski conducted an interesting
interview with Paul Vixie and David Conrad, developers of BIND.
They discuss the Internet Software Consortium, the changes in the
latest major version of bind, the security features designed into
it, and the future of Internet security.
http://www.linuxsecurity.com/feature_stories/conrad_vixie-1.html
Webmasters, our advisory and news feed is now available in RDF
format. We invite you to use and customize our feed to provide
up-to-date security content on your website.
http://www.linuxsecurity.com/linuxsecurity_articles.rdf
http://www.linuxsecurity.com/linuxsecurity_advisories.rdf
** FREE Apache SSL Guide from Thawte **
Planning Web Server Security? Find out how to implement SSL! Get the
free Thawte Apache SSL Guide and find the answers to all your Apache
SSL security issues and more at:
http://ads.linuxsecurity.com/cgi-bin/thawte.pl
HTML Version available:
http://www.linuxsecurity.com/newsletter.html
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+
* Securing a default Linux installation
October 8th, 2000
This article is written for a linux newbie or anybody who cares, at
least a bit about the data stored on his hard drive. You'll notice
that it's aimed mainly for home-users, not for large network
administration or similar. You might wonder why would anybody want
to access your data?
http://www.linuxsecurity.com/articles/host_security_article-1714.html
* Top Ten Reasons Why You Shouldn't Log in as Root
October 3rd, 2000
I've had some requests in the past about access to the root password
on some systems. I understand the attraction of using the root
account; one gets instant access to any file on the system, without
the annoying access rights problems. It's also convenient to use
when installing new software, because those programs generally need
to go into directories where only root can write.
http://www.linuxsecurity.com/articles/host_security_article-1685.html
* Tutorial - Lesson 129: Proxy Servers
October 2nd, 2000
First, the proxy server acts as an intermediary, helping users on a
private network get information from the Internet when they need it,
while ensuring that network security is maintained. Second, a proxy
server may store frequently requested information in a local disk
cache, rapidly delivering it to multiple users without having to go
back to the Internet to get it.
http://www.linuxsecurity.com/articles/network_security_article-1678.html
* Hardening the BIND DNS Server
October 2nd, 2000
This paper presents the risks posed by an insecure DNS server and
walks through compiling, installing, configuring and optionally,
chroot'ing BIND 8. The test environment is Solaris 2.5, 2.6, 7 and 8.
Many configuration and troubleshooting tips are provided, along with
up-to-date references on BIND and alternatives for NT, Linux and
Solaris.
http://www.linuxsecurity.com/articles/server_security_article-1673.html
+------------------------+
| Network Security News: |
+------------------------+
* Square one: Paring down your network services
October 7th, 2000
Security experts recommend turning off all network services you don't
need in order to guard against possible attacks. But how do you know
which services you don't need -- and which ones you do?
http://www.linuxsecurity.com/articles/host_security_article-1712.html
* .comment: Are We Asking for It?
October 4th, 2000
The cable modem was configured and stable. The little black box was,
I assumed, protecting my machine from intrusion, at least reasonably
well. I'd dragged Cat 5 cable throughout the house, so that all the
machines would now have access to the cable and, to some degree,
each other. We were now online all the time.
http://www.linuxsecurity.com/articles/host_security_article-1692.html
* Why We Don't Need Perfectly Secure Systems
October 4th, 2000
Security is never black and white - rather it's one big ugly shade of
gray. A machine running ancient software with poor passwords that
is physically secured and not attached to any networks can be far
more secure then an up to date machine with all the latest security
software, on a public network. Security is about risk management.
http://www.linuxsecurity.com/articles/host_security_article-1695.html
* ICMP Stands For Trouble
October 2nd, 2000
The Internet Control Message Protocol (ICMP) is simple, as Internet
protocols go. Originally described in RFC 792 by Jon Postel, ICMP
provides a way for IP stacks to send simple messages containing
information or errors. ICMP is important for the Internet (and IP
networks) to function correctly; however, ICMP can also have a
negative effect on your network's security.
http://www.linuxsecurity.com/articles/network_security_article-1677.html
+------------------------+
| Cryptography News: |
+------------------------+
* Cryptography, PGP and Pine
October 5th, 2000
This article starts out with a nice description of cryptography then
goes into how to incorporate PGP for use with Pine. "Encryption is
the transformation of data into a form that is (hopefully) impossible
to read without the knowledge of a key."
http://www.linuxsecurity.com/articles/cryptography_article-1700.html
* FIPS 140-1: Security Requirements for Cryptographic Modules
October 4th, 2000
Federal Information Processing Standard 140-1(FIPS 140-1) is entitled
"Security Requirements for Cryptographic Modules". It's a standard
that describes government requirements that hardware and software
products should meet for Sensitive, but Unclassified (SBU) use.
http://www.linuxsecurity.com/articles/cryptography_article-1697.html
* AES (rijndael) support in NetBSD-current IPsec code
October 4th, 2000
NetBSD-current IPsec (from KAME) now supports rijndael algorithm for
ESP encryption, thanks to the integration work of Jun-ichiro itojun
Hagino. rijndael is the finalist of AES contest, and will be
standardized in FIPS standard suite, to replace DES.
http://www.linuxsecurity.com/articles/cryptography_article-1698.html
+-------------------------+
| Vendors/Tools/Products: |
+-------------------------+
* WatchGuard buys Qiave for Web security
October 7th, 2000
WatchGuard Technologies is beefing up its security offerings with
content-protection software from Qiave Technologies. WatchGuard
snapped up the Waltham, Mass., company for $66 million in stock and
plans initially to sell Qiave's QSecure software to current
WatchGuard customers.
http://www.linuxsecurity.com/articles/vendors_products_article-1713.html
* Carnivore FOIA Documents
October 5th, 2000
These documents have been released through a lawsuit EPIC filed
against the FBI and the Department of Justice. The next installment
of Carnivore documents is scheduled to be released to EPIC in
mid-November. More information on EPIC's lawsuit is available atCarnivore
FOIA
Litigation page.
http://www.linuxsecurity.com/articles/privacy_article-1704.html
* Secure SHell now in NetBSD mainline
October 4th, 2000
An OpenSSH-based Secure Shell is now available in the main NetBSD
sources. And it will be pulled into the netbsd-1-5 branch, so it
will be available in NetBSD 1.5. (ssh-1.2.27 and OpenSSH were
already available in the NetBSD packages collection.)
http://www.linuxsecurity.com/articles/network_security_article-1694.html
* TRUSTING BSD - Ultra-High Security for FrBSD
October 3rd, 2000
While most Freenix admins are used to the normal concerns of Unix
security, there is a higher world of security that has never been
touched by Freenixes. The realm of trusted operating systems, long
the province only of military and other ultra-secure environments,
represents a security level beyond that of all but a few commercial
operating systems.
http://www.linuxsecurity.com/articles/server_security_article-1683.html
+------------------------+
| General News: |
+------------------------+
* OpenBSD plugs a rare security leak
October 6th, 2000
For most open source projects, news of an overlooked security hole
is simply part of the debugging process. But for the developers of
OpenBSD, an operating system whose design motto is "secure by
default," it's nothing short of an affront.
http://www.linuxsecurity.com/articles/host_security_article-1711.html
* Clock ticking to fix security holes
October 6th, 2000
A leading security warning body will next week take the
controversial step of alerting the world to security vulnerabilities
in products whether or not vendors have corrected the problems.
All vulnerabilities reported to Cert will be disclosed to the public
45 days after the initial report, regardless of the existence or
availability of patches or workarounds from affected vendors.
http://www.linuxsecurity.com/articles/security_sources_article-1709.html
* The CERT Coordination Center Vulnerability Disclosure Policy
October 4th, 2000
Effective October 9, 2000, the CERT Coordination Center will follow a
new policy with respect to the disclosure of vulnerability
information. All vulnerabilities reported to the CERT/CC will be
disclosed to the public 45 days after the initial report, regardless
of the existence or availability of patches or workarounds from
affected vendors.
http://www.linuxsecurity.com/articles/security_sources_article-1699.html
* Computer security expert gives advice on protection from hackers
October 3rd, 2000
The driving force for hackers usually isn't malice, but rather
curiosity. Most hackers are young males, and some are harmless. It's
the so-called "crackers" who are more malicious. However, a
distinction between the two usually isn't made except in hacker
culture.
http://www.linuxsecurity.com/articles/hackscracks_article-1688.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-requestlinuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]