+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 7th 2001 Volume 2, Number 18n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, some of the most interesting articles include "Secure Your Sockets with JSSE," "est Practices in Network Security," and "DNS and BIND, 4th Edition Online: Chapter 11: Security." Also this week, take a look at our feature story, "Open Source Security Testing Methods." This week, advisories were released for NEdit, gftp, rpmdrake, kdelibs, gnupg, FreeBSD kernel, mount, and openssl. The vendors include EnGarde, Immunix, FreeBSD, Mandrake, Progeny, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-2976.html FEATURE STORY: Open Source Security Testing Methods The The Open-Source Security Testing Methodology Manual (OSSTMM) is an effort to develop an open standard method of performing security tests. Dave Wreski and Rich Jankowski interview Pete Herzog, the creator of the project to gain insight to the development efforts and the hope for adoption into the industry. http://www.linuxsecurity.com/feature_stories/feature_story-85.html ### FREE Apache SSL Guide from Thawte ### Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more. Go to: http://www.gothawte.com/rd8.html HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Secure Your Sockets with JSSE May 4th, 2001 In this column, I'll show you how to install JSSE and use it to implement HTTPS (i.e., HTTP over SSL). I'll provide you with an example of a mini-HTTPS server and Java clients that support SSL. I'll then show you how to setup a bi-directional SSL scheme where clients authenticate servers and servers authenticate clients. http://www.linuxsecurity.com/articles/cryptography_article-2975.html * Securing Java Code: Part 2 May 3rd, 2001 n this installment in our series, we further examine the elements that should be part of a secure Java code policy, including such safeguards as compartmentilization and cryptography. In our last installment, we introduced policy and covered product requirements, error handling, and object states. http://www.linuxsecurity.com/articles/server_security_article-2958.html * DNS and BIND, 4th Edition Online: Chapter 11: Security May 1st, 2001 Chapter 11 of the new BIND book is now available online. This chapter covers securing your nameserver, transaction security, restricting queries and transfers, firewalls, and a number of security extensions. http://www.linuxsecurity.com/articles/server_security_article-2972.html +------------------------+ | Network Security News: | +------------------------+ * Best Practices in Network Security May 6th, 2001 This March 2000 article by Frederick M. Avolio is a great starting point for developing a network security policy, including developing ground rules as a starting point, planning, and more. http://www.linuxsecurity.com/articles/network_security_article-2980.html * Using an SSH Client through the Corporate Firewall on the telnet port May 3rd, 2001 Most corporations allow users to access the outside world for HTTP, FTP & Telnet. However, access via "Secure Shell" is often blocked (as was my situation in Corporate America). There is a work-around that is pretty easy. http://www.linuxsecurity.com/articles/hackscracks_article-2970.html * Security: Not Just for SysAdmins May 2nd, 2001 Book review: Real World Linux Security: Intrusion Prevention, Detection and Recovery. Upon opening this book for the first time, I was immediately impressed by the vast amount of information presented. Simply skimming through the book's table of contents, it is easy to appreciate the wide range of topics covered by Toxen. http://www.linuxsecurity.com/articles/documentation_article-2967.html +------------------------+ | Books: | +------------------------+ * Network Intrusion Detection. An Analyst's handbook, 2nd ed. May 4th, 2001 This book is a typical New Riders production, well done, detailed, written for folks who know (or would like to know) what they are doing by folks who do know what they are doing. It is not a large print, full of white space, over hyped book. http://www.linuxsecurity.com/articles/documentation_article-2977.html +------------------------+ | General News: | +------------------------+ * FBI Details Carnivore Use May 5th, 2001 The FBI has used Internet eavesdropping tools to track fugitives, drug dealers, extortionists, computer hackers and suspected foreign intelligence agents, documents show. http://www.linuxsecurity.com/articles/government_article-2979.html * The mixture of hacker and activist is a myth May 3rd, 2001 Hacktivism is a bastardization of the words hack and activism. In truth, it's neither. Rather, it has become a cheapjack pseudo-politically hip moniker for the activities of apolitical teenage miscreants devoid of talent, creativity and passion. http://www.linuxsecurity.com/articles/hackscracks_article-2969.html * Security at Any Cost May 2nd, 2001 Spending on corporate network security remains strong even while corporations cut their IT budgets during the economic downturn, analysts say. In fact, the demand for security services is so strong a growing number of security companies have sprung up to capitalize on corporate America's fears. http://www.linuxsecurity.com/articles/general_article-2966.html * Fighting the new electronic war May 2nd, 2001 In 1992, Lance Spitzner joined the U.S. Army with a single goal in mind: to become a tank officer. Ever since childhood, he had loved learning about tanks, and the Army gave him an opportunity to get up-close and personal with gun turrets, grease and mechanized warfare. http://www.linuxsecurity.com/articles/projects_article-2961.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Thu May 10 2001 - 23:39:26 PDT