[ISN] Linux Security Week - May 7th 2001

From: newsletter-adminsat_private
Date: Mon May 07 2001 - 09:54:29 PDT

  • Next message: grepcat: "[ISN] Intelligence Complex Admits Need For Outside Technical Talent"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                         Weekly Newsletter        |
    |  May 7th 2001                             Volume 2, Number 18n      |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, some of the most interesting articles include "Secure Your
    Sockets with JSSE," "est Practices in Network Security," and "DNS and
    BIND, 4th Edition Online: Chapter 11: Security."  Also this week, take a
    look at our feature story, "Open Source Security Testing Methods."
    
    This week, advisories were released for NEdit, gftp, rpmdrake, kdelibs,
    gnupg, FreeBSD kernel, mount, and openssl.  The vendors include EnGarde,
    Immunix, FreeBSD, Mandrake, Progeny, and Red Hat.
    
    http://www.linuxsecurity.com/articles/forums_article-2976.html
    
    FEATURE STORY: Open Source Security Testing Methods
    
    The The Open-Source Security Testing Methodology Manual (OSSTMM) is an
    effort to develop an open standard method of performing security tests.
    Dave Wreski and Rich Jankowski interview Pete Herzog, the creator of the
    project to gain insight to the development efforts and the hope for
    adoption into the industry.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-85.html
    
    
    ### FREE Apache SSL Guide from Thawte ###
    
    Planning Web Server Security? Find out how to implement SSL!
    Get the free Thawte Apache SSL Guide and find the answers to all
    your Apache SSL security issues and more.
    
    Go to:  http://www.gothawte.com/rd8.html
    
    HTML Version available:
    http://www.linuxsecurity.com/newsletter.html
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-----------------+
    +---------------------+
    
    
    * Secure Your Sockets with JSSE
    May 4th, 2001
    
    In this column, I'll show you how to install JSSE and use it to implement
    HTTPS (i.e., HTTP over SSL). I'll provide you with an example of a
    mini-HTTPS server and Java clients that support SSL. I'll then show you
    how to setup a bi-directional SSL scheme where clients authenticate
    servers and servers authenticate clients.
    
    http://www.linuxsecurity.com/articles/cryptography_article-2975.html
    
    
    * Securing Java Code: Part 2
    May 3rd, 2001
    
    n this installment in our series, we further examine the elements
    that  should be part of a secure Java code policy, including such
    safeguards  as compartmentilization and cryptography.  In our last
    installment, we introduced policy and covered product  requirements,
    error handling, and object states.
    
    http://www.linuxsecurity.com/articles/server_security_article-2958.html
    
    
    * DNS and BIND, 4th Edition Online: Chapter 11: Security
    May 1st, 2001
    
    Chapter 11 of the new BIND book is now available online. This chapter
    covers securing your nameserver, transaction security, restricting
    queries and transfers, firewalls, and a number of security
    extensions.
    
    http://www.linuxsecurity.com/articles/server_security_article-2972.html
    
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Best Practices in Network Security
    May 6th, 2001
    
    This March 2000 article by Frederick M. Avolio is a great starting
    point for developing a network security policy, including developing
    ground rules as a starting point, planning, and more.
    
    http://www.linuxsecurity.com/articles/network_security_article-2980.html
    
    
    * Using an SSH Client through the Corporate Firewall on the telnet
    port
    May 3rd, 2001
    
    Most corporations allow users to access the outside world for HTTP,
    FTP & Telnet. However, access via "Secure Shell" is often blocked
    (as was my situation in Corporate America). There is a work-around
    that is pretty easy.
    
    http://www.linuxsecurity.com/articles/hackscracks_article-2970.html
    
    
    * Security: Not Just for SysAdmins
    May 2nd, 2001
    
    Book review: Real World Linux Security: Intrusion Prevention,
    Detection and Recovery. Upon opening this book for the first time, I
    was immediately impressed by the vast amount of information
    presented. Simply skimming through the book's table of contents, it
    is easy to appreciate the wide range of topics covered by Toxen.
    
    http://www.linuxsecurity.com/articles/documentation_article-2967.html
    
    
    
    
    +------------------------+
    | Books:                 |
    +------------------------+
    
    * Network Intrusion Detection. An Analyst's handbook, 2nd ed.
    May 4th, 2001
    
    This book is a typical New Riders production, well done, detailed,
    written for folks who know (or would like to know) what they are
    doing by folks who do know what they are doing.  It is not a large
    print, full of white space, over hyped book.
    
    http://www.linuxsecurity.com/articles/documentation_article-2977.html
    
    
    
    
    +------------------------+
    | General News:          |
    +------------------------+
    
    
    * FBI Details Carnivore Use
    May 5th, 2001
    
    The FBI has used Internet eavesdropping tools to track fugitives,
    drug dealers,  extortionists, computer hackers and suspected foreign
    intelligence agents, documents show.
    
    http://www.linuxsecurity.com/articles/government_article-2979.html
    
    
    * The mixture of hacker and activist is a myth
    May 3rd, 2001
    
    Hacktivism is a bastardization of the words hack and activism. In
    truth, it's  neither. Rather, it has become a cheapjack
    pseudo-politically hip moniker for the activities of  apolitical
    teenage miscreants devoid of talent, creativity and passion.
    
    http://www.linuxsecurity.com/articles/hackscracks_article-2969.html
    
    
    * Security at Any Cost
    May 2nd, 2001
    
    Spending on corporate network security remains strong even while
    corporations cut  their IT budgets during the economic downturn,
    analysts say. In fact, the demand  for security services is so strong
    a growing number of security companies have  sprung up to capitalize
    on corporate America's fears.
    
    http://www.linuxsecurity.com/articles/general_article-2966.html
    
    
    * Fighting the new electronic war
    May 2nd, 2001
    
    In 1992, Lance Spitzner joined the U.S. Army with a single goal  in
    mind: to become a tank officer. Ever since childhood, he  had loved
    learning about tanks, and the Army gave him an opportunity to get
    up-close and personal with gun turrets,  grease and mechanized
    warfare.
    
    http://www.linuxsecurity.com/articles/projects_article-2961.html
    
    
    
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Thu May 10 2001 - 23:39:26 PDT