[ISN] Linux Security Week - February 18th 2002

From: InfoSec News (isnat_private)
Date: Mon Feb 18 2002 - 22:48:37 PST

  • Next message: InfoSec News: "[ISN] Message To Antivirus Industry: Only The Truth Shall Set You Free"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  February 18th, 2002                          Volume 3, Number 7n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "The SNMP fiasco:
    steps you need to take," "Explaining Virtual Private Networks,"
    "Administering Linux IPSec Virtual Private Networks," and "Dealing with
    External Computer Security Incidents."
    Also this week, there is a great deal of news surrounding the SNMP
    vulnerabilities. The CERT advisory states, "Numerous vulnerabilities have
    been reported in multiple vendors' SNMP implementations. These
    vulnerabilities may allow unauthorized privileged access,
    denial-of-service attacks, or cause unstable behavior. "
    The full text can be found here:
    A SNMP Advisory FAQ can be found here:
    FEATURE: Building a Virtual Honeynet - Hisham shares his experiences with
    building a virtual honeynet on his existing Linux box. He describes data
    capture and control techniques, the types of honeynets, and configuration
    changes to get one running on your system.
    This week, advisories were released for rsync, mutt, OpenLDAP, uccp,
    faqomatic, cupsys, ucd-snmp, and at.  The vendors include Caldera,
    Conectiva, Debian, FreeBSD, and Red Hat.
    ** FREE Apache SSL Guide from Thawte **    
    Planning Web Server Security? Find out how to implement SSL! Get the free
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security issues and more at:
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * The SNMP fiasco: steps you need to take
    February 14th, 2002
    Obviously, your quickest and surest fix is going to be disabling SNMP if
    you don't have to run it. Indeed, disabling unnecessary network services
    is a normal part of system hygeine, so this is a good opportunity to take
    the time and do a thorough job of it.
    * Crackdown on "spam" e-mail
    February 13th, 2002
    Federal regulators kicked off a crackdown on the junk e-mail known as
    "spam" on Tuesday with an announcement that they had settled charges
    against seven people accused of running an e-mail pyramid scheme.  The
    Federal Trade Commission said that the seven defendants had participated
    in a chain-letter scam that promised returns of up to $46,000 for a $5
    payment. Such chain letters are illegal in the U.S. The chain letter
    eventually drew in more than 2,000 participants from nearly 60 countries,
    the FTC said.
    * Free, dependable IDS
    February 12th, 2002
    Historically, any enterprise search for a host-based IDS
    (intrusion-detection system) to protect its Linux environment has found
    itself stymied by a lack of available solutions. Network-based IDSes such
    as Snort have been available for some time, but the host-based approach
    offers certain advantages, such as the capability to detect attacks that
    network-based solutions sometimes miss and greater flexibility for
    fine-tuning which activities should be monitored.
    * Security Quick-Start HOWTO for Linux Updated
    February 11th, 2002
    This document is a an overview of the basic steps required to secure a
    Linux installation from intrusion. It is intended to be an introduction.
    This document is intended to give the new user a starting point for
    securing their system while it is connected to the Internet.
    * Scanning for Rootkits
    February 11th, 2002
    Usually, the first sign that a server might be compromised is simple
    anomalies in the behavior of the server. One of the more common anomalies
    one might notice is a change in how one or more of the core system
    utilities behave.
    | Network Security News: |
    * What is a VPN? .. Explaining Virtual Private Networks
    February 15th, 2002
    As it is most commonly defined, a virtual private network (VPN) allows two
    or more private networks to be connected over a publicly accessed network.
    In a sense, VPNs are similar to wide area networks (WAN) or a securely
    encrypted tunnel, but the key feature of VPNs is that they are able to use
    public networks like the Internet rather than rely on expensive, private
    leased lines.
    * Preliminary SNMP Data
    February 14th, 2002
    At this point, we do not see a significant increase in SNMP scanning
    traffic. None of the SNMP sources reported lately scanned more than one
    target, which usually indicates either a mistake (someone entered the
    wrong IP into their network admin tool) or a false positive (someone is
    rejecting legitamate SNMP traffic).
    * Administering Linux IPSec Virtual Private Networks
    February 14th, 2002
    This article will discuss some of the more advanced features of FreeS/WAN
    that you can leverage to implement flexible and reliable IPSec VPNs. The
    ultimate source of information on FreeS/WAN is the official FreeS/WAN Web
    site. The Web site has links to virtually all the tools and information
    that you will need to implement IPSec on Linux.
    |   Cryptography News:   |
    * Crypto-Gram, February 15th, 2002
    February 15th, 2002
    This month's Crypto-Gram includes information on Oracle's "Unbreakable"
    claim, reader comments, and thoughts on Microsoft and Trustworthy
    Computing. "they're going to have to reverse their mentality of treating
    security problems as public-relations problems. I'd like to see honesty
    from Microsoft about their security problems."
    * E-Mail Encryption for the Masses
    February 13th, 2002
    By some estimates, well over 900 million people -- nearly one out of every
    seven people on Earth -- have access to e-mail. Most of them are, or
    should be, familiar by now with the saying, "Sending e-mail is like
    sending a postcard over the Internet."
    * AEP to ease encryption burden with new products
    February 13th, 2002
    Accelerated Encryption Processing (AEP) will show off two new
    encryption-processing products at the RSA Security conference to be held
    in San Jose, California next week (18 February). Web servers used for
    e-commerce, financial services and other tasks that make intensive use of
    SSL (secure sockets layer) encryption are often slowed by having to devote
    processor time to decrypt, interpret and process encrypted traffic.
    |  Vendors/Products:     |
    * EnGarde provides protection from SNMP attacks
    February 15th, 2002
    Recently the Computer Emergency Response Team (CERT) announced that many
    implementations of the Simple Network Management Protocol (SNMP) are
    susceptible to multiple remote vulnerabilities. More than 200 vendors
    implement this protocol in a manner that can be exploited.
    * Snort Sniffs Out a Commercial Future
    February 14th, 2002
    The creator of the popular open source intrusion detection system gets
    megabucks in venture capital for a Snort start-up. The commercial
    potential of open source security products won a financial vote of
    confidence last week when the author of the hacker-busting freeware
    program Snort pulled in $2 million in venture capital, and moved his
    year-old start-up company out of his suburban Maryland living room.
    * Aide Host Intrusion Detection v0.8 Released
    February 11th, 2002
    Atop Hamilton's multilayered defense system sits one of a new class of
    network forensics analysis tools (NFATs): Niksun's NetDetector
    |  General News:         |
    * Dealing with External Computer Security Incidents
    February 17th, 2002
    Dealing with computer security incidents is extremely difficult. There are
    many ways that incidents can occur and many types of impact they can have
    on an organization. There are no complete solutions, and the partial
    solutions that exist are expensive and resource intensive.
    * The Enemy Inside the Gates: Preventing and Detecting Insider
    February 14th, 2002
    It's nine in the evening in your office building. Most people have gone
    home long ago, many of the office lights are off, and the janitors are
    quietly making their rounds. From a single, solitary cubicle comes the
    familiar blue glow of a computer screen along with the rhythmic tippy-tap
    of a keyboard.
    * Federal computer security guidelines published
    February 13th, 2002
    The first guidelines for responding to attacks on computer systems to be
    endorsed by both the FBI and the Secret Service, the main federal agencies
    fighting such crimes, were published yesterday.  The guidelines were
    drafted by government and private security experts brought together by CIO
    magazine, a trade publication for information technology executives.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 02:52:06 PST