|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Linux Security Week - April 2nd 2001
newsletter-admins
linuxsecurity.com
Date: Mon Apr 02 2001 - 11:16:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 2nd, 2001 Volume 2, Number 13n |
| |
| Editorial Team: Dave Wreski davelinuxsecurity.com |
| Benjamin Thomas benlinuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.
The Lion worm is a concerning topic among many Linux users. SANS has
written a good paper discussing the problem in great detail. It is
available in the Network Security section of this newsletter. Also this
week, a few of the interesting articles include "Network Security
Essentials: Applications and Standards," "filtering Packets with
iptables," and "Ten Key Steps to Protection from Denial Of Service
Attacks."
This week advisories were released for licq, sgml-tools, openssh,
kerberos, vim, joe, and eperl. The vendors include Conectiva, Immunix,
Mandrake, Red Hat, SuSE, and Trustix. Please take the necessary time to
patch your system. Security requires persistence.
http://www.linuxsecurity.com/articles/forums_article-2770.html
### FREE Apache SSL Guide from Thawte ###
Planning Web Server Security? Find out how to implement SSL! Get the
free Thawte Apache SSL Guide and find the answers to all your Apache
SSL security issues and more at:
http://www.thawte.com/ucgi/gothawte.cgi?a=n322405480022000
EnGarde Secure Linux is now available for download:
http://www.engardelinux.org
This EnGarde Quick Start guide is designed to help you quickly set up
EnGarde Secure Linux, change user passwords, and manage certificates.
Although this document is sufficient, we recommend you read the
complete user manual for a full understanding of the system.
http://ftp.engardelinux.org/pub/engarde/1.0.1/docs/ESLQuick-1.0.1.pdf
HTML Version available:
http://www.linuxsecurity.com/newsletter.html
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+
* Reviewing your X Window security
March 29th, 2001
You can impress your boss by showing him how easy it is to view
somebody's X session. In order to do this, you only need the native X
Window utilities that come with the standard Solaris distribution.
Start by identifying your target machine. Let's suppose you want to
check to see whether any user on a machine named unixbox has an
unprotected X terminal.
http://www.linuxsecurity.com/articles/host_security_article-2764.html
* Batten down the hatches and plug open ports for security
March 28th, 2001
In order to surf the World Wide Web, you need some open TCP/UDP ports on
your PC. HTTP Web pages use port 80, SMTP e-mail passes through port 25,
and various other assigned TCP/UDP ports exist within a range from 0 to
65535. But what if you install a firewall and discover open TCP/UDP ports
you didn't even know about?
http://www.linuxsecurity.com/articles/network_security_article-2758.html
* Understanding and Working with Network Services
March 27th, 2001
Now that you have Linux installed you may have the urge to configure
some of your services. For instance, you may not need to have an FTP
(File Transfer Protocol) server running if you don't plan on letting
people download files from your computer over the Internet, or you
may want to make sure your Web server is running.
http://www.linuxsecurity.com/articles/host_security_article-2753.html
+------------------------+
| Network Security News: |
+------------------------+
* SANS Lion Worm Protection
April 1st, 2001
Lion is a new worm that is very similar to the Ramen worm. However,
this worm is much more dangerous and should be taken seriously. It
infects Linux machines with the BIND DNS server running. It is known
to infect BIND version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px. BIND
8.2.3-REL and BIND 9 are not vulnerable.
http://www.linuxsecurity.com/articles/intrusion_detection_article-2782.html
* Network Security Essentials: Applications and Standards
March 30th, 2001
Network Security Essentials is a skinny book by computer publishing
standards. At 366 pages, it is hardly noticeable amid the Stonehenge
of 900-1100 page tree killers on the high tech shelf. At that
length, it is thoroughly impossible to cover every nuance of computer
security, and the author is refreshingly unabashed about not
bothering with topics he hasn?t the space to cover well.
http://www.linuxsecurity.com/articles/documentation_article-2774.html
* EnGarde Secure Linux Quick Start
March 30th, 2001
This EnGarde Quick Start guide is designed to help you quickly set up
EnGarde Secure Linux, change user passwords, and manage certificates.
Although this document is sufficient, we recommend you read the
complete user manual for a full understanding of the system.
http://ftp.engardelinux.org/pub/engarde/1.0.1/docs/ESLQuick-1.0.1.pdf
http://www.linuxsecurity.com/articles/documentation_article-2779.html
* Filtering Packets with iptables
March 30th, 2001
This month and next month, I'm going to take a look at filtering
packets with iptables, the replacement for ipchains in the 2.4 Linux
kernel. This month, I will deal with the basics of getting iptables
up and running, and next month I'll explore using iptables in detail.
The iptables modules can handle filtering and management of incoming
and outgoing IP packets.
http://www.linuxsecurity.com/articles/firewalls_article-2775.html
* Considerations of a firewall: Part 1
March 29th, 2001
If you're upgrading your firewall, or installing one on your network
for the first time, you'll discover that firewall technology has
changed a lot in the last several years. How do you select one
that's appropriate for your business? Before you meet with
firewall vendors, assess the needs of your organization.
http://www.linuxsecurity.com/articles/firewalls_article-2766.html
* Remote users need firewalls too
March 28th, 2001
Last December, a bank in Southern California received a call from an
online customer asking why one of the bank's computers was trying to
hack into his system. It turned out that the machine doing the
hacking belonged to the bank's president and had been remotely
commandeered by an employee. The president called Conqwest Inc., a
Holliston, Mass.-based IT security services firm, which is now
rolling out firewall software across the bank's 125 internal desktop,
laptop and remote computers.
http://www.linuxsecurity.com/articles/firewalls_article-2755.html
* Ten Key Steps to Protection from Denial Of Service Attacks
March 28th, 2001
DoS and DDoS (denial-of-service and distributed denial-of-service)
attacks, which prevent legitimate users from accessing and using a
site or particular service, have become a growing concern as more and
more businesses move onto the Internet.
http://www.linuxsecurity.com/articles/network_security_article-2756.html
+------------------------+
| Vendors/Products: |
+------------------------+
* Solar's Openwall Patch for 2.2.19
March 27th, 2001
If you wonder about safely allowing a user to run a program on your
Unix box requiring root privileges and feel uneasy about options like
sharing the root password or using setuid bits then sudo is the
program for you. A common problem faced is allowing non root users
to dial and establish a connection to the Internet.
http://www.linuxsecurity.com/articles/host_security_article-2748.html
+------------------------+
| General News: |
+------------------------+
* Does open source mean an open door?
March 30th, 2001
To some, closed source means hidden, secret -- and more secure. In
reality, many of the most secure systems available today are based on
the open source model. Traditionally, secrecy has meant security.
You lock up your house, your automobile, your valuables. In the
software community, you "lock up" the programming source code as a
means of securing it against hackers and competitors.
http://www.linuxsecurity.com/articles/host_security_article-2772.html
* Cryptography is not the Ultimate Solution
March 29th, 2001
The use of encryption and authentication can improve network and host
security. But there are many steps that must be taken, and done
correctly, before cryptography becomes part of a secure
solution.The history of cryptography goes back almost as far
as the beginning of written history itself.
http://www.linuxsecurity.com/articles/cryptography_article-2769.html
* Security Solutions In The Real World
March 29th, 2001
The most secure computer system is the one that's unplugged and
buried 10 feet underground, according to security expert Paul Raines.
But there are specific steps a company can take to reduce security
threats to their live systems--whether from external hackers or
disgruntled IT workers
http://www.linuxsecurity.com/articles/general_article-2765.html
* Lessons in laptop security
March 27th, 2001
The laptop is not only a teleworker's power tool. It's a thief
magnet. Securing confidential or proprietary data when you're on the
road or you work beyond the enterprise is a pressing issue. Keep the
laptop close at hand when in public. Stay especially keen when
passing through airport security or while manning a tradeshow booth.
http://www.linuxsecurity.com/articles/general_article-2749.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-requestlinuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]