+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 22nd, 2002 Volume 3, Number 29n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Linux Security Modules: General Security Support for the Linux Kernel," "Securing the Mail: Lock Spam and Viruses Out of Sendmail," and "Intrusion Detection: Knowing when Someone is Knocking on your Door." ** Guardian Digital Combats Proprietary Software Licensing Deadline ** Guardian Digital, Inc., the first full-service open source Internet server security company, has announced a special incentive program designed to provide companies with an alternative to Windows-based servers and applications as the July 31st deadline for Microsoft's new licensing program approaches. Receive up to 30% off the award-winning EnGarde Secure Linux. Act Today! --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde3 FEATURE: Assessing Internet Security Risk, Part Two: an Internet Assessment Methodology This article is the second in a series that is designed to help readers to assess the risk that their Internet-connected systems are exposed to. In the first installment, we established the reasons for doing a technical risk assessment. In this installment, we'll start discussing the methodology that we follow in performing this kind of assessment. http://www.linuxsecurity.com/feature_stories/feature_story-114.html Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Don't ignore Linux, Unix GUI holes July 19th, 2002 Late last week, the CERT Coordination Center at Pittsburgh-based Carnegie Mellon University released an advisory about two vulnerabilities in CDE (Common Desktop Environment) ToolTalk, a common GUI that runs on a host of Linux and Unix flavors. http://www.linuxsecurity.com/articles/host_security_article-5363.html * Help Net Security: Linux Security Modules: General Security Support for the Linux Kernel July 18th, 2002 "The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win acceptance into mainstream operating systems due in part to a lack of consensus within the security community on the right solution. http://www.linuxsecurity.com/articles/host_security_article-5356.html * Secret password to a headache July 17th, 2002 Modern consumers are suffering "password burnout" because they have to remember so many different codes and number combinations, according to a new report. PIN numbers and passwords are now used every day for the likes of cash machines, burglar alarms, mobile phones, car radios, taxi services, cable TV and telephone banking. http://www.linuxsecurity.com/articles/host_security_article-5345.html * Report: Linux hack attacks on the rise July 16th, 2002 Hackers are increasingly targeting Web servers based on the Linux operating system, while the number of successful attacks on Windows systems decreases, according to a new report from U.K. system integrator Mi2g. http://www.linuxsecurity.com/articles/general_article-5338.html * Securely Installing Linux July 15th, 2002 It's important to be aware that when you're installing Linux, you're installing a powerful server operating system. As a home user, you probably won't use much of what's installed by default, and anything you don't use is a security risk you don't have to take. http://www.linuxsecurity.com/articles/documentation_article-5324.html * Securing the Mail: Lock Spam and Viruses Out of Sendmail July 15th, 2002 Repeat after me: "Spam and viruses bad. Locked down mail servers good. Leaving relaying open bad. Locked down mail servers good. Leaving virus avoidance for the end user to deal with bad. http://www.linuxsecurity.com/articles/privacy_article-5322.html +------------------------+ | Network Security News: | +------------------------+ * Audit Your LAN Before the Bad Guys Do with nmap July 18th, 2002 nmap is the most powerful, most flexible network exploration tool and security scanner. It's the tool of choice for auditing your network for vulnerabilities. Search for the same weaknesses intruders are looking for. nmap's slogan is "audit your network before the bad guys do." http://www.linuxsecurity.com/articles/intrusion_detection_article-5357.html * Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS July 18th, 2002 A positive return on investment (ROI) of intrusion detection systems (IDS) is dependent upon an organization's deployment strategy and how well the successful implementation and management of the technology helps the organization achieve the tactical and strategic objectives it has established. http://www.linuxsecurity.com/articles/intrusion_detection_article-5359.html * Security Scanning is not Risk Analysis July 16th, 2002 Many information technology (IT) decision makers assume that performing a security vulnerability assessment is the same thing as risk analysis. However, these two processes are very different. Performing a security vulnerability assessment helps you determine what the existing holes and vulnerabilities are in your systems and networks at single moment in time. http://www.linuxsecurity.com/articles/network_security_article-5336.html * Use Snort for Lightweight Intrusion Detection July 15th, 2002 Designed to fill the gap left by expensive, heavy-duty network intrusion detection systems, Snort is a free, cross-platform packet sniffer, logger, and intrusion detector for monitoring smaller TCP/IP networks. It runs on Linux/UNIX and Win32 systems. It takes mere minutes to install and start using it. http://www.linuxsecurity.com/articles/intrusion_detection_article-5323.html * Intrusion Detection: Knowing when Someone is Knocking on your Door July 15th, 2002 Your network is being scanned for vulnerabilities. This may happen only once a month or twice a day, regardless, there are people out there probing your network and systems for weaknesses. http://www.linuxsecurity.com/articles/intrusion_detection_article-5328.html +------------------------+ | Cryptography: | +------------------------+ * Encryption Market Heats Up But PGP Still on Ice July 19th, 2002 Demand is growing for desktop and wireless encryption but Network Associates (NAI) says it has no plans to resurrect its Pretty Good Privacy (PGP) range, despite requests from users. The IT security firm announced it was suspending the development of its PGP series of products last October. http://www.linuxsecurity.com/articles/cryptography_article-5362.html * Team demos 'first quantum crypto prototype machine' July 18th, 2002 Boffins have moved one step closer to a practical implementation of the Holy Grail of encryption - quantum cryptography - by exchanging keys across a 67km fibre optic network. Until recently, the idea of quantum key distribution has been tested only in the physics laboratory. http://www.linuxsecurity.com/articles/projects_article-5349.html * Crypto-Gram July 2002 July 16th, 2002 Crypto-Gram is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. This month Embedded Control Systems and Security, Cryptico's in the Doghouse, and comments on Microsoft's Palladium system. http://www.linuxsecurity.com/articles/cryptography_article-5341.html +------------------------+ | General: | +------------------------+ * Study: Web Security Spending To Surge July 19th, 2002 Spending on Web security efforts is expected to triple in the next four years, according to a new report released by research firm IDC. The report noted that it is not uncommon for Web sites to add so much new code daily that operators are unable to maintain patches or fix holes in systems. http://www.linuxsecurity.com/articles/security_sources_article-5365.html * Survey: Are Security Professionals Wasting their Time? July 18th, 2002 Today one of the most heard complaints among security professionals is that there just isnt enough time to stay current on the latest, increasingly sophisticated threats to their organizations or to test and install patches and fixes for the record number of security vulnerabilities in vendor software this year. http://www.linuxsecurity.com/articles/general_article-5353.html * IT security spending disappoints July 17th, 2002 Investors who had hoped that increased security concerns after Sept. 11 would yield an immediate bonanza in the information security sector have been sorely disappointed, according to two new analyses. The reports come as high-tech companies in the middle of a painful contraction eagerly seek out security-related work, particularly if it involves government contracts. http://www.linuxsecurity.com/articles/general_article-5344.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 02:42:57 PDT