[ISN] Linux Security Week - May 6th 2002

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 01:49:23 PDT

  • Next message: InfoSec News: "RE: [ISN] Best Buy hit by WLAN snooping"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  May 6th, 2002                                Volume 3, Number 18n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
     
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Honeynet
    Project: The Reverse Challenge," "Network Forensics: Tapping the
    Internet," "Building an IDS Solution Using Snort," and "How a Virtual
    Private Network Works."
    
    
     * SECURE YOUR APACHE SERVERS WITH 128-BIT SSL ENCRYPTION *
    
     Guarantee transmitted data integrity, secure all communication 
     sessions and more with SSL encryption from Thawte- a leading global 
     certificate provider for the Open Source community. Learn more in 
     our FREE GUIDE--click here to get it now:
    
     --> http://www.gothawte.com/rd253.html
    
    
    This week, advisories were released for fileutils, imlib, sudo, webalizer,
    openssh, squid, docbook, modpython, nautilis, and radiusd-cistron.  The
    vendors include Caldera, Conectiva, EnGarde, Red Hat, SuSE, and Trustix.
    
    http://www.linuxsecurity.com/articles/forums_article-4921.html
    
    
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
     
     
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Honeynet Project: The Reverse Challenge
    May 2nd, 2002
    
    The Reverse Challenge is an effort to allow incident handlers around the
    world to all look at the same binary -- a unique tool captured in the wild
    -- and to see who can dig the most out of that system and communicate what
    they've found in a concise manner.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-4917.html
    
    
    * Challenging the Man-in-the-Middle
    May 1st, 2002
    
    When logging in, several users reported seeing themselves already logged
    in from strange locations or running funny processes. Most of these folks
    are generally security-conscious, use strong passwords, and don't fall for
    the standard social engineering tricks.
    
    http://www.linuxsecurity.com/articles/cryptography_article-4902.html
    
    
    * Network Forensics: Tapping the Internet
    April 29th, 2002
    
    Methods of archiving network data for forensic analysis. "Another approach
    to monitoring is to examine all of the traffic that moves over the
    network, but only record information deemed worthy of further analysis.
    The primary advantage of this approach is that computers can monitor far
    more information than they can archive -- memory is faster than disk.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-4895.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * When Hackers Attack
    May 5th, 2002
    
    What does it take to work in computer security? Beyond the basic math,
    science, and analytical skills, "you need tremendous patience and
    persistence--and you need to not have to sleep much," says Chet Hosmer,
    cofounder and chief executive officer of Wetstone Technologies Inc. (
    
    http://www.linuxsecurity.com/articles/hackscracks_article-4927.html
    
    
    * How a Virtual Private Network Works
    May 3rd, 2002
    
    For years, voice, data, and just about all software-defined network
    services were called "virtual private networks" by the telephone
    companies. The current generation of VPNs, however, is a more advanced
    combination of tunneling, encryption, authentication and access control
    technologies and services used to carry traffic over the Internet, a
    managed IP network or a provider's backbone.
    
    http://www.linuxsecurity.com/articles/network_security_article-4924.html
    
    
    * Good firewalls make good policy
    May 3rd, 2002
    
    A well-designed computer network, like well-designed policy in a
    federation like Canada, depends on good firewalls. In a computer network,
    a good firewall alerts users to potential harmful interactions between the
    computer and the local network, and also between the local network and the
    Internet.
    
    http://www.linuxsecurity.com/articles/firewalls_article-4925.html
    
    
    * TCP/ IP and tcpdump Flyer (PDF)
    May 1st, 2002
    
    Sans has provided a TCP/IP and tcpdump flyer guide. 
    
    http://www.linuxsecurity.com/articles/network_security_article-4904.html
    
    
    * Building an IDS Solution Using Snort
    April 29th, 2002
    
    This document provides a step-by-step guide to building an intrusion
    detection system using open-source software. The process involves
    Installing RedHat Linux 7.1, Compiling/Installing and configuration of
    MySql/Apache/ACID/Snort, Setup of Snort rules f Hardening of Machine The
    document assumes a basic level understanding of linux and computer
    technologies.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-4893.html
    
    
    
    +------------------------+
    |  Vendor/Products:      |
    +------------------------+
    
    * Biometric Security Not Quite Ready to Replace Passwords
    May 2nd, 2002
    
    Biometrics vendors are doing their best to supplant passwords as the chief
    form of computer security, but Government Computer News Lab tests indicate
    that many of their products are not quite ready. Some developers have
    continued to improve already good devices, but others need to go back to
    the drawing board.
    
    
    http://www.linuxsecurity.com/articles/vendors_products_article-4910.html
    
    
    
    +------------------------+
    |  General:              |
    +------------------------+
     
    * The Art of Misusing Technology
    May 3rd, 2002
    
    Hacking has been described as a crime, a compulsion, an often troublesome
    end result of insatiable curiosity run amok.  Rarely has anyone who is not
    a hacker attempted to portray the creation, exploration.
    
    http://www.linuxsecurity.com/articles/hackscracks_article-4922.html
    
    
    * Network Forensics: Tapping the Internet
    May 2nd, 2002
    
    During the Gulf War, computer hackers in Europe broke into a UNIX computer
    aboard a warship in the Persian Gulf. The hackers thought they were being
    tremendously clever -- and they were -- but they were also being watched.
    
    http://www.linuxsecurity.com/articles/server_security_article-4915.html  
    
    
    * Interior security flagged again
    May 2nd, 2002
    
    A month after getting permission to reconnect some of its sites to the
    Internet, the Interior Department's Minerals Management Service is back in
    the hot seat.  MMS has once again caught the attention of court-appointed
    Special Master Alan Balaran for failing to protect individual American
    Indian trust data.
    
    http://www.linuxsecurity.com/articles/government_article-4913.html
    
    
    * Security Agents Head For Cybercrime School
    April 29th, 2002
    
    Security agents from both sides of the Atlantic are being sent to school
    so they can trace and prosecute computer criminals.  The FBI, U.S.
    Customs, the High Technology Crime Investigation Association, Europol and
    the U.K.'s National High-Tech Crime Unit are among the agencies that have
    sent staff to learn about cybercrime, fraud, hacking and software bugs,
    according to the company, Massachusetts-based QinetiQ Trusted Information
    Management.
    
    http://www.linuxsecurity.com/articles/government_article-4890.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue May 07 2002 - 04:50:57 PDT