[ISN] Linux Security Week - September 24th 2001

From: InfoSec News (isnat_private)
Date: Tue Sep 25 2001 - 01:06:03 PDT

  • Next message: InfoSec News: "[ISN] Resolving Windows Insecurities"

    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "How to install
    GnuPG," "10 minutes to an iptables-based Linux firewall," and "Anonymizing
    with Squid Proxy."
     Are you tired of rebuilding servers hit by NIMDA?
     EnGarde Secure Linux was designed from the ground up as a secure
     solution, starting with the principle of least privilege, and carrying it
     through every aspect of its implementation.
    * http://www.engardelinux.org 
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    This week, advisories were released for most, apache, and windowmaker.  
    The vendors include Debian, Mandrake, and SuSE.
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * How to install GnuPG
    September 21st, 2001
    There is a standard list of reasons why you might want to consider the use
    of encryption to ensure the privacy of your business and/or personal data.
    In the Resources section below, I've provided links to half a dozen sites,
    each explaining why such protection is a good thing.
    * 10 minutes to an iptables-based Linux firewall
    September 21st, 2001
    The 2.2 version of the Linux kernel used the ipchains application to
    control the firewall. For standard firewalling, ipchains is a decent
    solution. We still use it on some of our machines, and there is still a
    positive argument for 2.2 kernel-based firewalls, because the 2.4 kernel
    still has some stability issues under heavy load.
    | Network Security News: |
    * Protect Your Network from the Nimda worm
    September 21st, 2001
    The Nimda worm has spread wildly, infecting many Microsoft Windows 9x, ME,
    NT 4.0, and 2000 machines, and its network scans have brought some
    networks to their knees. It was first reported on September 18th in the
    morning almost one week after the terrorist attack on the World Trade
    Center and the Pentagon.
    * Anonymizing with Squid Proxy
    September 21st, 2001
    The debate over the ethics of using an employer's system to surf the Net
    is ongoing. Employee privacy rights and whether or not the company owns
    the contents of employees' machines are just two facets of it. The
    opportunity for system administrators to view personal information
    disclosed through Web surfing may also pose serious security concerns.
    * Nimda Snort Rules
    September 20th, 2001
    Everyone and their brother has put out an advisory on NIMDA, the latest
    worm to thrash IExplore, Outlook Express, and IIS. This worm does a number
    of cute things that are well documented in the SANS advisory available
    * A Perl Package for Monitoring Traffic
    September 17th, 2001
    The rtr-graph package described in this article is a set of Perl scripts
    for polling routers (or other SNMP-enabled devices)  for information about
    traffic in and out of specified interfaces. You can set up "rtr-traff" as
    a cron job to poll the interface at a specified interval, then use a CGI
    script for a Web front end to the finished graphs.
    | Cryptography News:     |
    * Lawmaker: More encryption needed
    September 22nd, 2001
    A U.S. lawmaker well versed in technology issues said Friday that
    government bodies and citizens should use more encryption, not less, to
    increase security on the Internet. In the wake of last Tuesday's
    hijackings that left more than 6,500 Americans dead or missing,
    policy-makers have called for limits on popular encryption software that
    allows users to scramble Internet communications for privacy
    | Vendors/Products:      |
    * vsFTPd Includes Bandwidth Control!
    September 23rd, 2001
    With yet another Linux-based vulnerability hitting last week, Mark Read,
    network security analyst at MIS Corporate Defence Solutions, delves into
    an age-old debate that fuels many a discussion.  Yes, it's the same old
    story of Microsoft versus Linux in the race for optimum IT security.
    | General Security News: |
    * Security takes centre stage at conference
    September 23rd, 2001
    The Information Security Solutions Europe (ISSE) 2001 conference in London
    next week will attract many companies eager to improve computer security.  
    The conference, which runs from this Wednesday until Friday at the QEII
    conference centre, will bring together government ministers, European
    commissioners, legal experts and security specialists, who will debate
    current IT security concerns and suggest possible solutions.
    * Attrition: Commentary on Patriotic Hacking
    September 21st, 2001
    Attrition staff have been getting several mails warning of impending
    "patriotic hacking" in retaliation for the terrorist attacks on September
    11. Some are from the usual opportunists, exploiting world-wide attention
    on the recent terrorist attacks to further their own agenda. Others are
    from people who just want to do -something- to feel like they are striking
    back at those responsible, even if it's the wrong thing
    * Concern Over Proposed Changes in Internet Surveillance
    September 21st, 2001
    Significant and perhaps worrisome changes in the government's Internet
    surveillance authority have been proposed by legislators in the wake of
    the attacks on the World Trade Center and the Pentagon. Indeed, so much is
    happening so quickly it's hard to keep track of the legislative process,
    let alone follow the ongoing debate between fast-moving law enforcement
    experts and more cautious civil libertarians.
    * NIST: Final security guide arrives
    September 19th, 2001
    The National Institute of Standards and Technology on Sept. 10 released
    the final version of a step-by-step guide for agencies to measure the
    effectiveness of their information security programs and plans. The
    special publication, "Security Self-Assessment Guide for Information
    Technology Systems," is a how-to guide that complements the CIO Council's
    Federal IT Security Assessment Framework.
    * Is Linux secure enough?
    September 19th, 2001
    Although proponents argue that Linux is at least as secure-and perhaps
    more secure-than Unix, Microsoft Corp.'s Windows NT or Novell Corp.'s
    NetWare, there is still concern at many federal agencies about the
    operating system's safety.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 07:23:01 PDT