+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 8th, 2002 Volume 3, Number 14n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Server port 80 plagues Internet security," "XML Security Risks," "Taking a Stateful Approach to Firewall Design," and "Exploring XML Encryption, Part 1." --> Performance and Stability meet Security EnGarde has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end. EnGarde Secure Professional provides those features and more! http://store.guardiandigital.com/html/eng/promo1.shtml This week, advisories were released for the Linux kernel, openssh, cups, nscd, kde, squid, mod_ssl, XFree86, rsync, and zlib. The vendors include Caldera and Conectiva. http://www.linuxsecurity.com/articles/forums_article-4743.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Server port 80 plagues Internet security April 4th, 2002 THE INTERNET HAS become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems, which released its security incident figures for the first quarter of 2002 Wednesday. http://www.linuxsecurity.com/articles/server_security_article-4737.html * Dsniff 'n the Mirror -- PDF Version April 2nd, 2002 The popular article by Duane Dunston featured on LinuxSecurity.com recently has now been made available in the form of PDF, due to requests from users. "This is a practical step by step guide showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also provides a discussion of how and why we should monitor network traffic." You can read Duane's article in Dsniff 'n the Mirror.The PDF version is also now available. http://www.linuxsecurity.com/articles/network_security_article-4723.html * XML Security Risks April 2nd, 2002 Data contained in XML tags needs to be secured in transit over the Internet, just like any other transaction. SSL and HTTPS are sufficient for most transactions, and companies routinely add their own further encryption for the stuff that really needs it. But crooks are far less likely to target packets in motion than the XML data residing on your servers. http://www.linuxsecurity.com/articles/network_security_article-4719.html +------------------------+ | Network Security News: | +------------------------+ * On ProxyTunnel April 5th, 2002 Most of us have come across the following situation: you are working at your employer or at a customer location, and the local penny pinchers have decided that Internet access should be limited to sending mail (but only if it comes from the standard Exchange or Notes servers) and surfing the web. http://www.linuxsecurity.com/articles/host_security_article-4747.html * Network security tips for managers April 5th, 2002 Network Security has become an important part of today's IT staffs. However, there is a small part of it that needs to be a part of everybody's understanding that works with computers that attach to the Internet. I will review some basic ways to inventory your systems externally. http://www.linuxsecurity.com/articles/network_security_article-4751.html * Taking a Stateful Approach to Firewall Design April 5th, 2002 Security continues to be the biggest concern for IT managers and, in turn, design engineers developing firewall systems. With more viruses popping up and hackers attacking more often, corporations are looking for any approach possible to plug holes in their firewall architectures. < http://www.linuxsecurity.com/articles/firewalls_article-4744.html * RTFM: WLan security part 1 April 4th, 2002 In the first of a two-part series looking at security issues facing wireless Lan technology, David Ludlow looks into the lengths that crackers will go to when they are trying to infiltrate your network. We've all seen the reports and news stories proclaiming how insecure WLans are. http://www.linuxsecurity.com/articles/network_security_article-4735.html * Take these precautions against inside security attacks April 3rd, 2002 The biggest single threat to your IT operation is someone you probably know by name. Think about it. Who knows better how to penetrate your systems--a hacker or someone down the hall who already has access to your systems? http://www.linuxsecurity.com/articles/network_security_article-4728.html * Firestarter: Fast firewalls made simple April 1st, 2002 Firestarter is a graphical based firewall interface to the ipchains/Netfilter (iptables) firewalls that come with your Linux distribution, ipchains is used mostly for 2.2.x kernels and Netfilter is used on 2.4.x kernels. http://www.linuxsecurity.com/articles/firewalls_article-4713.html +------------------------+ | Cryptography: | +------------------------+ * Weak crypto casts shadow over ecommerce April 4th, 2002 US export restrictions and local legislation on cryptography still casts a shadow over the security of ecommerce site even years after regulations to permit the use of strong encryption. http://www.linuxsecurity.com/articles/cryptography_article-4739.html * Exploring XML Encryption, Part 1 April 3rd, 2002 XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications. http://www.linuxsecurity.com/articles/cryptography_article-4729.html +------------------------+ | General: | +------------------------+ * NIST guides target e-mail, patches April 7th, 2002 The National Institute of Standards and Technology released new draft guidance April 3 for dealing with two of the most common sources of security breaches: poorly configured e-mail servers and the failure to apply software patches. http://www.linuxsecurity.com/articles/security_sources_article-4752.html * Security in a World Without Secrets April 5th, 2002 Security and privacy are at a major turning point in our society. The events of September 11 catalyzed an already rapidly growing trend in the gathering of personal and enterprise information, made possible by advancing technologies. http://www.linuxsecurity.com/articles/privacy_article-4746.html * Watch out for snooping spam April 5th, 2002 Watch out--the spam choking your e-mail in-box may be loaded with software that lets marketers track your moves online, and you may not even be aware that you've been bugged. http://www.linuxsecurity.com/articles/privacy_article-4745.html * Why con artists are your biggest security threat April 4th, 2002 Bottom line: No product you can buy will protect you completely from the most serious threat to your network and your business. That's not what you want to hear after laying out six figures to arm yourself with firewalls, antivirus software, and intrusion-detection applications, is it? http://www.linuxsecurity.com/articles/hackscracks_article-4738.html * SSL encryption weaker in Europe than US April 3rd, 2002 Up to 18 percent of servers using SSL (Secure Sockets Layer) encryption technology for Web site encryption are potentially vulnerable to hackers, with the problem being far more pronounced in Europe than in the U.S., according to the latest monthly survey of Web server usage conducted by Netcraft Ltd. http://www.linuxsecurity.com/articles/cryptography_article-4732.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 04:12:29 PDT