+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 18th, 2002 Volume 3, Number 7n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "The SNMP fiasco: steps you need to take," "Explaining Virtual Private Networks," "Administering Linux IPSec Virtual Private Networks," and "Dealing with External Computer Security Incidents." Also this week, there is a great deal of news surrounding the SNMP vulnerabilities. The CERT advisory states, "Numerous vulnerabilities have been reported in multiple vendors' SNMP implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior. " The full text can be found here: http://www.linuxsecurity.com/articles/network_security_article-4431.html A SNMP Advisory FAQ can be found here: http://www.linuxsecurity.com/articles/security_sources_article-4433.html FEATURE: Building a Virtual Honeynet - Hisham shares his experiences with building a virtual honeynet on his existing Linux box. He describes data capture and control techniques, the types of honeynets, and configuration changes to get one running on your system. http://www.linuxsecurity.com/feature_stories/feature_story-100.html This week, advisories were released for rsync, mutt, OpenLDAP, uccp, faqomatic, cupsys, ucd-snmp, and at. The vendors include Caldera, Conectiva, Debian, FreeBSD, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-4453.html ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://www.gothawte.com/rd182.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * The SNMP fiasco: steps you need to take February 14th, 2002 Obviously, your quickest and surest fix is going to be disabling SNMP if you don't have to run it. Indeed, disabling unnecessary network services is a normal part of system hygeine, so this is a good opportunity to take the time and do a thorough job of it. http://www.linuxsecurity.com/articles/network_security_article-4443.html * Crackdown on "spam" e-mail February 13th, 2002 Federal regulators kicked off a crackdown on the junk e-mail known as "spam" on Tuesday with an announcement that they had settled charges against seven people accused of running an e-mail pyramid scheme. The Federal Trade Commission said that the seven defendants had participated in a chain-letter scam that promised returns of up to $46,000 for a $5 payment. Such chain letters are illegal in the U.S. The chain letter eventually drew in more than 2,000 participants from nearly 60 countries, the FTC said. http://www.linuxsecurity.com/articles/general_article-4432.html * Free, dependable IDS February 12th, 2002 Historically, any enterprise search for a host-based IDS (intrusion-detection system) to protect its Linux environment has found itself stymied by a lack of available solutions. Network-based IDSes such as Snort have been available for some time, but the host-based approach offers certain advantages, such as the capability to detect attacks that network-based solutions sometimes miss and greater flexibility for fine-tuning which activities should be monitored. http://www.linuxsecurity.com/articles/intrusion_detection_article-4428.html * Security Quick-Start HOWTO for Linux Updated February 11th, 2002 This document is a an overview of the basic steps required to secure a Linux installation from intrusion. It is intended to be an introduction. This document is intended to give the new user a starting point for securing their system while it is connected to the Internet. http://www.linuxsecurity.com/articles/documentation_article-4422.html * Scanning for Rootkits February 11th, 2002 Usually, the first sign that a server might be compromised is simple anomalies in the behavior of the server. One of the more common anomalies one might notice is a change in how one or more of the core system utilities behave. http://www.linuxsecurity.com/articles/host_security_article-4423.html +------------------------+ | Network Security News: | +------------------------+ * What is a VPN? .. Explaining Virtual Private Networks February 15th, 2002 As it is most commonly defined, a virtual private network (VPN) allows two or more private networks to be connected over a publicly accessed network. In a sense, VPNs are similar to wide area networks (WAN) or a securely encrypted tunnel, but the key feature of VPNs is that they are able to use public networks like the Internet rather than rely on expensive, private leased lines. http://www.linuxsecurity.com/articles/cryptography_article-4454.html * Preliminary SNMP Data February 14th, 2002 At this point, we do not see a significant increase in SNMP scanning traffic. None of the SNMP sources reported lately scanned more than one target, which usually indicates either a mistake (someone entered the wrong IP into their network admin tool) or a false positive (someone is rejecting legitamate SNMP traffic). http://www.linuxsecurity.com/articles/network_security_article-4440.html * Administering Linux IPSec Virtual Private Networks February 14th, 2002 This article will discuss some of the more advanced features of FreeS/WAN that you can leverage to implement flexible and reliable IPSec VPNs. The ultimate source of information on FreeS/WAN is the official FreeS/WAN Web site. The Web site has links to virtually all the tools and information that you will need to implement IPSec on Linux. http://www.linuxsecurity.com/articles/network_security_article-4449.html +------------------------+ | Cryptography News: | +------------------------+ * Crypto-Gram, February 15th, 2002 February 15th, 2002 This month's Crypto-Gram includes information on Oracle's "Unbreakable" claim, reader comments, and thoughts on Microsoft and Trustworthy Computing. "they're going to have to reverse their mentality of treating security problems as public-relations problems. I'd like to see honesty from Microsoft about their security problems." http://www.linuxsecurity.com/articles/cryptography_article-4455.html * E-Mail Encryption for the Masses February 13th, 2002 By some estimates, well over 900 million people -- nearly one out of every seven people on Earth -- have access to e-mail. Most of them are, or should be, familiar by now with the saying, "Sending e-mail is like sending a postcard over the Internet." http://www.linuxsecurity.com/articles/cryptography_article-4434.html * AEP to ease encryption burden with new products February 13th, 2002 Accelerated Encryption Processing (AEP) will show off two new encryption-processing products at the RSA Security conference to be held in San Jose, California next week (18 February). Web servers used for e-commerce, financial services and other tasks that make intensive use of SSL (secure sockets layer) encryption are often slowed by having to devote processor time to decrypt, interpret and process encrypted traffic. http://www.linuxsecurity.com/articles/cryptography_article-4437.html +------------------------+ | Vendors/Products: | +------------------------+ * EnGarde provides protection from SNMP attacks February 15th, 2002 Recently the Computer Emergency Response Team (CERT) announced that many implementations of the Simple Network Management Protocol (SNMP) are susceptible to multiple remote vulnerabilities. More than 200 vendors implement this protocol in a manner that can be exploited. http://www.linuxsecurity.com/articles/vendors_products_article-4458.html * Snort Sniffs Out a Commercial Future February 14th, 2002 The creator of the popular open source intrusion detection system gets megabucks in venture capital for a Snort start-up. The commercial potential of open source security products won a financial vote of confidence last week when the author of the hacker-busting freeware program Snort pulled in $2 million in venture capital, and moved his year-old start-up company out of his suburban Maryland living room. http://www.linuxsecurity.com/articles/vendors_products_article-4451.html * Aide Host Intrusion Detection v0.8 Released February 11th, 2002 Atop Hamilton's multilayered defense system sits one of a new class of network forensics analysis tools (NFATs): Niksun's NetDetector (www.niksun.com). http://www.linuxsecurity.com/articles/intrusion_detection_article-4420.html +------------------------+ | General News: | +------------------------+ * Dealing with External Computer Security Incidents February 17th, 2002 Dealing with computer security incidents is extremely difficult. There are many ways that incidents can occur and many types of impact they can have on an organization. There are no complete solutions, and the partial solutions that exist are expensive and resource intensive. http://www.linuxsecurity.com/articles/security_sources_article-4460.html * The Enemy Inside the Gates: Preventing and Detecting Insider Attacks February 14th, 2002 It's nine in the evening in your office building. Most people have gone home long ago, many of the office lights are off, and the janitors are quietly making their rounds. From a single, solitary cubicle comes the familiar blue glow of a computer screen along with the rhythmic tippy-tap of a keyboard. http://www.linuxsecurity.com/articles/general_article-4452.html * Federal computer security guidelines published February 13th, 2002 The first guidelines for responding to attacks on computer systems to be endorsed by both the FBI and the Secret Service, the main federal agencies fighting such crimes, were published yesterday. The guidelines were drafted by government and private security experts brought together by CIO magazine, a trade publication for information technology executives. http://www.linuxsecurity.com/articles/government_article-4436.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 02:52:06 PST