[ISN] Linux Security Week - March 11th 2002

From: InfoSec News (isnat_private)
Date: Mon Mar 11 2002 - 22:44:27 PST

  • Next message: InfoSec News: "[ISN] New Attack Intercepts Wireless Net Messages"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  March 11th, 2002                             Volume 3, Number 10n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Snort-Setup for
    Statistics HOWTO," "Ad Zapping With Squid," "Modular Authentication for
    Linux," and "Implementing a Bridging Firewall."
    This week, advisories were released for php, cfs, cvs, xsane, openssh,
    apache, ntop, squid, and radiud-cistron.  The vendors include Conectiva,
    Debian, EnGarde, FreeBSD, Red Hat, Slackware, SuSE, and Yellow Dog.
    FEATURE: Linux 802.11b and wireless (in)security - In this article,
    Michael talks about Linux and background on wireless security, utilities
    to interrogate wireless networks, and the top tips you should know to
    improve wireless security of your network.
    Security & Simplicity, Finally! - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
      --> http://store.guardiandigital.com 
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * OpenSSH Local User Privilege Escalation Vulnerability
    March 7th, 2002
    A week ago, on Feb. 26, Network Associates (NAI) sent an e-mail to some of
    its customers announcing that it had killed the PGP Desktop Security
    product line. This, ladies and gentlemen, is very grim news indeed. Why do
    I care about PGP Desktop? Because it's a critical software package for me,
    and presumably for many of you as well.
    * Building a CD Bootable Firewall
    March 6th, 2002
    This document covers the basic steps I took in building a bootable CD
    containing a live FreeBSD filesystem with a couple of security features
    enabled and configured. With this CD, it is possible to transform a PC
    from a mediocre workstation into a VPN Gateway or firewall or both without
    touching the hard drive.
    * Multi-Layered Security
    March 5th, 2002
    In this article I discuss generalized ways to increase system and network
    trust. While my examples are somewhat FreeBSD-centric, they can be
    abstracted to almost any platform.  There is a popular misconception
    floating around the corporate sector. Many individuals tout, UNIX is not
    as secure as other operating systems.
    * CERT: Vulnerabilities in Various Implementations of the RADIUS
    March 5th, 2002
    Two vulnerabilities in various implementations of RADIUS clients and
    servers have been reported to several vendors and the CERT/CC. They are
    remotely exploitable, and on most systems result in a denial of service.
    VU#589523 may allow the execution of code if the attacker has knowledge of
    the shared secret.
    * Snort-Setup for Statistics HOWTO
    March 4th, 2002
    This HOWTO describes how to configure Snort version 1.8.3 to be used in
    conjunction with the statistical tools ACID (Analysis Console for
    Intrusion Databases) and SnortSnarf. It also intends to get some internal
    statistics out of snort, e.g. if there are packets dropped.
    | Network Security News: |
    * Ad Zapping With Squid
    March 10th, 2002
    For some time at my workplace we've been running an ad-zapping service on
    our web proxy. This page documents how it works, how to use it yourself,
    how to join the mailing list for updates of the pattern file, and the
    weirdnesses of our local setup (which you need not duplicate yourself).
    * Drive-by hackings a myth?
    March 7th, 2002
    The wireless networking industry is being hamstrung by a myth that it is
    peddling an insecure product, according to a principal analyst at Gartner.  
    Speaking at NetEvents in Montreux Andy Rolfe said that, for all the high
    profile news about the potential for drive-by hackings, he is yet to see
    an actual case reported.
    * Wireless: In the Air Tonight
    March 7th, 2002
    So what has this taught us? Once again, the lesson is Security in Depth.
    Different teachers, different textbook, same lesson. More and more
    wireless networks are being deployed everyday, but I don't think that
    there is a corresponding increase in security training.
    * SwitchSniff
    March 5th, 2002
    For those who think switched Ethernet environments are sniff-proof, the
    author offers this warning. Switches may be difficult to sniff, but they
    are certainly not immune. As is clear from the above sections, one method
    of sniffing in a switched environment is using ARP spoofing, and the
    machine that will most probably be ARP spoofed is the gateway.
    * Implementing a Bridging Firewall
    March 4th, 2002
    What is the difference between a bridging firewall and a conventional
    firewall? Usually a firewall also acts as a router: systems on the inside
    are configured to see the firewall as a gateway to the network outside,
    and routers outside are configured to see the firewall as the gateway to
    the protected network.
    * Modular Authentication for Linux
    March 4th, 2002
    You can set up your systems so Linux users can gain secure authentication
    against a Windows NT Domain.  That way they won't need a Linux account and
    a separate NT Domain account. It'll make life easier for you as a network
    administrator and make your power users happier.
    * Network Security with /proc/sys/net/ipv4
    March 4th, 2002
    David Lechnyr submitted a paper he wrote on how to use /proc to tune
    network security settings. "In additional to firewall rulesets, the /proc
    filesystem offers some significant enhancements to your network security
    |  Cryptography:         |
    * $100,000 prize in 'unbreakable' crypto challenge
    March 6th, 2002
    A company called Bodacion Technologies is offering $100,000 to anyone who
    can crack their biomorphic number generator and predict the final,
    one-thousandth, number in a sequence of 999. The company is dong this to
    promote its Hydra server, which uses biomorphic computation for crypto
    * PGP is dead! Long live PGP? Maybe
    March 5th, 2002
    A week ago, on Feb. 26, Network Associates (NAI) sent an e-mail to some of
    its customers announcing that it had killed the PGP Desktop Security
    product line. This, ladies and gentlemen, is very grim news indeed. Why do
    I care about PGP Desktop? Because it's a critical software package for me,
    and presumably for many of you as well.
    |  Vendors/Products:     |
    * PHP Audit Project
    March 10th, 2002
    Because PHP is a critical piece of the hosting service puzzle, the PHP
    audit project was started in order to harden the PHP interpreter against
    known and unknown vunlerabilities. We are also trying to add some
    enhancements for the OpenBSD operating system, without breaking the
    portability to other systems.
    * PGP Encryption Will Survive, Inventor Says
    March 8th, 2002
    Pretty Good Privacy will go on, despite a move by Network Associates to
    shelve the encryption product after it couldn't find a buyer, PGP inventor
    Phil Zimmermann says.  Although Zimmermann sold PGP to Santa Clara,
    California-based NAI in 1997, the protocols for the encryption code are
    open to all on the Internet.
    |  General News:         |
    * Davis reinforces security rules
    March 8th, 2002
    Rep. Tom Davis (R-Va.) introduced a bill March 6 that would update and
    extend the Government Information Security Reform Act, as members of
    Congress expressed concern over current legislation.
    * Configuring Amanda
    March 8th, 2002
    Amanda is the Advanced Maryland Automatic Network Disk Archiver, developed
    at the University of Maryland in the 1990s. While it is now maintained at
    SourceForge and support is provided only through mailing lists and a
    FAQ-O-MATIC, it is still a highly useful, stable network backup utility
    with a wide range of features.
    * Best Computer Security Method Overlooked By Industry
    March 8th, 2002
    A team of Penn State and Iowa State researchers has tested and rated three
    "smart" classification methods capable of detecting the telltale patterns
    of entry and misuse left by the typical computer network intruder. They
    found that one, called "rough sets," currently overlooked by the industry,
    is the best.
    * New British standard can improve security
    March 6th, 2002
    Information is an important asset, and keeping it safe from hackers,
    crashes, viruses or simply prying eyes has become a top priority.  For
    online trading to take off - either business-to-consumer or
    business-to-business - confidence in the security of money and data needs
    to be guaranteed.
    * Curious employees are biggest security risk
    March 5th, 2002
    Forget about Internet crackers, employees are the biggest security problem
    for most businesses.  That's the main conclusion of a survey of UK IT
    managers which suggests that most firms are prepared for the threats posed
    by viruses and hackers, but are still struggling to secure data on their
    own networks.
    * The Myth of Open Source Security Revisited
    March 4th, 2002
    The author revisits a debate begun here recently on the nature of security
    in Open Source projects:  do 'lots of eyeballs' insure secure code? It is
    a common misconception amongst users of Open Source software that it is a
    panacea when it comes to creating secure software.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 01:53:04 PST