[ISN] Linux Security Week - July 22nd 2002

From: InfoSec News (isnat_private)
Date: Tue Jul 23 2002 - 00:05:07 PDT

  • Next message: InfoSec News: "[ISN] U.S. Cyber-Security Efforts Faulted"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  July 22nd, 2002                              Volume 3, Number 29n  |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Linux Security
    Modules: General Security Support for the Linux Kernel," "Securing the
    Mail: Lock Spam and Viruses Out of Sendmail," and "Intrusion Detection:
    Knowing when Someone is Knocking on your Door."
    ** Guardian Digital Combats Proprietary Software Licensing Deadline ** 
    Guardian Digital, Inc., the first full-service open source Internet server
    security company, has announced a special incentive program designed to
    provide companies with an alternative to Windows-based servers and
    applications as the July 31st deadline for Microsoft's new licensing
    program approaches.
    Receive up to 30% off the award-winning EnGarde Secure Linux.  Act Today!
    --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde3 
    FEATURE: Assessing Internet Security Risk, Part Two: an Internet
    Assessment Methodology
    This article is the second in a series that is designed to help readers to
    assess the risk that their Internet-connected systems are exposed to. In
    the first installment, we established the reasons for doing a technical
    risk assessment. In this installment, we'll start discussing the
    methodology that we follow in performing this kind of assessment.
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Don't ignore Linux, Unix GUI holes
    July 19th, 2002
    Late last week, the CERT Coordination Center at Pittsburgh-based Carnegie
    Mellon University released an advisory about two vulnerabilities in CDE
    (Common Desktop Environment) ToolTalk, a common GUI that runs on a host of
    Linux and Unix flavors.
    * Help Net Security: Linux Security Modules: General Security Support
    for the Linux Kernel
    July 18th, 2002
    "The access control mechanisms of existing mainstream operating systems
    are inadequate to provide strong system security. Enhanced access control
    mechanisms have failed to win acceptance into mainstream operating systems
    due in part to a lack of consensus within the security community on the
    right solution.
    * Secret password to a headache
    July 17th, 2002
    Modern consumers are suffering "password burnout" because they have to
    remember so many different codes and number combinations, according to a
    new report.  PIN numbers and passwords are now used every day for the
    likes of cash machines, burglar alarms, mobile phones, car radios, taxi
    services, cable TV and telephone banking.
    * Report: Linux hack attacks on the rise
    July 16th, 2002
    Hackers are increasingly targeting Web servers based on the Linux
    operating system, while the number of successful attacks on Windows
    systems decreases, according to a new report from U.K. system integrator
    * Securely Installing Linux
    July 15th, 2002
    It's important to be aware that when you're installing Linux, you're
    installing a powerful server operating system. As a home user, you
    probably won't use much of what's installed by default, and anything you
    don't use is a security risk you don't have to take.
    * Securing the Mail: Lock Spam and Viruses Out of Sendmail
    July 15th, 2002
    Repeat after me: "Spam and viruses bad. Locked down mail servers good.
    Leaving relaying open bad. Locked down mail servers good. Leaving virus
    avoidance for the end user to deal with bad.
    | Network Security News: |
    * Audit Your LAN Before the Bad Guys Do with nmap
    July 18th, 2002
    nmap is the most powerful, most flexible network exploration tool and
    security scanner. It's the tool of choice for auditing your network for
    vulnerabilities. Search for the same weaknesses intruders are looking for.
    nmap's slogan is "audit your network before the bad guys do."
    * Justifying the Expense of IDS, Part One: An Overview of ROIs for
    July 18th, 2002
    A positive return on investment (ROI) of intrusion detection systems (IDS)
    is dependent upon an organization's deployment strategy and how well the
    successful implementation and management of the technology helps the
    organization achieve the tactical and strategic objectives it has
    * Security Scanning is not Risk Analysis
    July 16th, 2002
    Many information technology (IT) decision makers assume that performing a
    security vulnerability assessment is the same thing as risk analysis.
    However, these two processes are very different. Performing a security
    vulnerability assessment helps you determine what the existing holes and
    vulnerabilities are in your systems and networks at single moment in time.
    * Use Snort for Lightweight Intrusion Detection
    July 15th, 2002
    Designed to fill the gap left by expensive, heavy-duty network intrusion
    detection systems, Snort is a free, cross-platform packet sniffer, logger,
    and intrusion detector for monitoring smaller TCP/IP networks. It runs on
    Linux/UNIX and Win32 systems. It takes mere minutes to install and start
    using it.
    * Intrusion Detection: Knowing when Someone is Knocking on your Door
    July 15th, 2002
    Your network is being scanned for vulnerabilities. This may happen only
    once a month or twice a day, regardless, there are people out there
    probing your network and systems for weaknesses.
    |  Cryptography:         |
    * Encryption Market Heats Up But PGP Still on Ice
    July 19th, 2002
    Demand is growing for desktop and wireless encryption but Network
    Associates (NAI) says it has no plans to resurrect its Pretty Good Privacy
    (PGP) range, despite requests from users. The IT security firm announced
    it was suspending the development of its PGP series of products last
    * Team demos 'first quantum crypto prototype machine'
    July 18th, 2002
    Boffins have moved one step closer to a practical implementation of the
    Holy Grail of encryption - quantum cryptography - by exchanging keys
    across a 67km fibre optic network. Until recently, the idea of quantum key
    distribution has been tested only in the physics laboratory.
    * Crypto-Gram July 2002
    July 16th, 2002
    Crypto-Gram is a free monthly newsletter providing summaries, analyses,
    insights, and commentaries on computer security and cryptography. This
    month Embedded Control Systems and Security, Cryptico's in the Doghouse,
    and comments on Microsoft's Palladium system.
    |  General:              |
    * Study: Web Security Spending To Surge
    July 19th, 2002
    Spending on Web security efforts is expected to triple in the next four
    years, according to a new report released by research firm IDC. The report
    noted that it is not uncommon for Web sites to add so much new code daily
    that operators are unable to maintain patches or fix holes in systems.
    * Survey: Are Security Professionals Wasting their Time?
    July 18th, 2002
    Today one of the most heard complaints among security professionals is
    that there just isnt enough time to stay current on the latest,
    increasingly sophisticated threats to their organizations or to test and
    install patches and fixes for the record number of security
    vulnerabilities in vendor software this year.
    * IT security spending disappoints
    July 17th, 2002
    Investors who had hoped that increased security concerns after Sept. 11
    would yield an immediate bonanza in the information security sector have
    been sorely disappointed, according to two new analyses.  The reports come
    as high-tech companies in the middle of a painful contraction eagerly seek
    out security-related work, particularly if it involves government
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 02:42:57 PDT