[ISN] Linux Security Week - May 20th 2002

From: InfoSec News (isnat_private)
Date: Tue May 21 2002 - 02:27:36 PDT

  • Next message: InfoSec News: "[ISN] Infosec research bill amended"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  May 20th, 2002                               Volume 3, Number 20n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "PortSentry for
    Attack Detection," "Tips on basic Linux server security," "Suid programs,
    getting to the root of the problem," and "Enhancing VPN Security with
    Digital Certificates."
    This week, advisories were released for icecast, shareutils, fileutils,
    imapd, shadow/pam modules, lukemftp, openssh, tcpdump, and mpg123.  The
    Vendors include Caldera, Mandrake, Red Hat, and SuSE.
    Security & Simplicity, Finally!
      - Are you looking for a solution that provides the applications
      necessary to easily create thousands of virtual Web sites, manage
      e-mail, DNS, firewalling database functions for an entire
      organization, and supports high-speed broadband connections all
      using a Web-based front-end? EnGarde Secure Professional provides
      those features and more!
      --> http://www.guardiandigital.com/features-professional.html
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * PortSentry for Attack Detection, Part One
    May 16th, 2002
    Portsentry by Psionic Technologies is a component of their TriSentry suite
    of attack detection tools: portsentry, hostsentry, and logsentry. This
    article is the first of a two-part series that will describe in detail how
    Portsentry works from both a theoretical and a technical point of view.The
    second article will discuss installing, configuring, and tailoring
    PortSentry for individual systems.
    * Securing Linux
    May 16th, 2002
    This article covers various aspects of securing and running linux. By
    combining different utilities and aspects of keeping your system secure
    you'll reap multiple benefits, and keep your nerves in a good shape.
    * Tips on basic Linux server security
    May 14th, 2002
    If you just put your Apache web server online, and are thinking into
    making the first step in your system security, this brief article will
    help you do that. By having your own server, you must understand the
    responsibility behind it.
    * Suid programs, getting to the root of the problem
    May 13th, 2002
    There are always some little touches left to make your linux even a bit
    more secure, involving suid, nouser, sudo and etc. Now, this article is
    newbie friendly, but it also requires some small amount of knowledge. Fear
    not, for I shall explain everything as painfully as I can. So sit back,
    grab yourself your favorite drink, some peanuts and relax. 3,2,1...
    | Network Security News: |
    * The hidden costs of systems downtime
    May 14th, 2002
    Businesses are increasingly concerned by the devastating effect of hacking
    and viruses, but many still do not allocate funds directly for responding
    to premeditated attacks or system downtime.  Forrester Research
    interviewed security managers at 50 blue chip companies.
    * Enhancing VPN Security with Digital Certificates
    May 13th, 2002
    Corporations large and small are embracing virtual private networks (VPNs)
    as a means to build networks that provide secure access for remote and
    mobile employees.
    |  Cryptography:         |
    * Crypto-Gram May 15, 2002
    May 15th, 2002
    This month's crypto-gram talks about the principles of Secrecy, Security,
    and Obscurity, fingerprint readers, general industry news, and
    commentaries from Bruce Schneier.
    |  Vendor/Products:      |
    * OpenSSH 3.2.2 Released
    May 16th, 2002
    This month's crypto-gram talks about the principles of Secrecy, Security,
    and Obscurity, fingerprint readers, general industry news, and
    commentaries from Bruce Schneier. The Crypto-Gram is a free monthly
    newsletter providing summaries, analyses, insights, and commentaries on
    computer security and cryptography.
    |  General:              |
    * Web privacy bill sent to Senate
    May 17th, 2002
    A Senate committee Friday sent an online privacy protection bill to the
    full Senate, but business lobbyists vowed to keep trying to derail the
    measure before it becomes law.  "It's time Congress acted on privacy,"
    declared South Carolina Democrat Sen. Ernest Hollings, chairman of the
    Senate Commerce Committee that voted 15-8 to approve his bill/
    * Shades of gray
    May 17th, 2002
    Recently, "Gray Hat" crackers have been garnering a fair amount of
    publicity, exposing holes for nothing more than notoriety and a sense of
    self-fulfillment. These individuals seek out corporate networks and
    servers to pick them apart, find weaknesses the site administrators might
    have missed and make them public.
    * Privacy: Are you aware of the trade-offs?
    May 16th, 2002
    Online privacy isn't the issue it once was, if indeed people really ever
    cared about it.  Oh sure, everyone's in favor of privacy in the same way
    that they're in favor of Mom and apple pie, but exactly how software
    should preserve privacy is a more controversial issue.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue May 21 2002 - 05:12:26 PDT