+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 2nd, 2002 Volume 3, Number 47n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include, "TcpServer: Secure, Flexible Daemon Management," "Enterprise Security: The Manager's Defense Guide," "Chart A Plan For Security," and "Open Source Insecurity - You Decide." Security: MySQL and PHP (3 of 3) - This is the third installation of a 3 part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a MySQL server to the basic level, one has to abide by the following guidelines. http://www.linuxsecurity.com/feature_stories/feature_story-130.html LINUX ADVISORY WATCH: This week, advisories were released for pine, samba, python, sendmail, kernel, and mod_php. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, Mandrake, Red Hat, Slackware, SuSE, and Trustix. http://www.linuxsecurity.com/articles/forums_article-6282.html --------------------------------------------------------------------- CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 --------------------------------------------------------------------- Feature: Security - Physical and Service The first installation of a 3 part article covering everything from physical security and service security to LAMP security (Linux Apache MySQL PHP). http://www.linuxsecurity.com/feature_stories/feature_story-128.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * How Did These Processes Get Here? November 27th, 2002 Every now and then I like to issue challenges to my readers. This week you have another chance to test your wits against a problem, but the rewards are higher. Instead of a measly postcard, the winner will get a copy of Hacking Linux Exposed, Second Edition. http://www.linuxsecurity.com/articles/documentation_article-6275.html * Internet Site Security November 26th, 2002 Internet Site Security - what a name for a book. When I first heard about it I was thinking: '1400 pages, 6 CDs,' but when the book came and I began to read through it, I realized how much good information the authors were able to fit into just over 400 pages. http://www.linuxsecurity.com/articles/general_article-6266.html * Open-Source Trojans: A Growing Problem? November 25th, 2002 Experts say the insertion of Trojans into two popular tools reinforces the need to run readily available programs, such as MD5 hashes, to ensure that code hasn't been altered. Experts recommend using MD5 hashes to expose Trojans. http://www.linuxsecurity.com/articles/projects_article-6256.html * tcpserver: Secure, Flexible Daemon Management November 25th, 2002 If you're still running inetd, it's time to move on. Either xinetd or tcpserver offer superior security and control. We're going to look at tcpserver. Note that there is one limitation: it manages only tcp. If you're using UDP or rpc services, tcpserver alone will not do the job. In that case, xinetd is the way to go. http://www.linuxsecurity.com/articles/server_security_article-6258.html +------------------------+ | Network Security News: | +------------------------+ * Enterprise Security: The Manager's Defense Guide November 29th, 2002 Mirko Zorz submits E-business, the buzzword of the second half of the '90s, has managed to survive and overcome problems that have occurred after the initial breakthrough, and is now facing a different kind of a problem. That is insufficient security that allows malicious users to take matters into their own hands, causing material damage not only to the companies, but also to individuals in form of their customers. http://www.linuxsecurity.com/articles/security_sources_article-6285.html * Intrusion detection tipped to grow November 28th, 2002 Better integration of simpler products will create surge in sales Intrusion detection system (IDS) hardware and software sales are set to rocket as technology shifts are completed, according to the latest figures from consulting firm Infonetics Research. http://www.linuxsecurity.com/articles/intrusion_detection_article-6280.html * OWASP CodeSeeker - An Open Source Application Firewall and IDS November 25th, 2002 The Open Web Application Security Project (OWASP) are pleased to annouce the imminent availability of CodeSeeker, an Application Level Firewall and Intrusion Detection System (AFWIDS) for Linux, Win32 and Solaris. http://www.linuxsecurity.com/articles/projects_article-6261.html * Chart A Plan For Security November 25th, 2002 I.T. departments are under pressure to cut their operating costs, but they're also being asked to improve and standardize information security. Because security doesn't come cheap or easy, technology managers need to chart a clear plan to effectively assess and strengthen security. http://www.linuxsecurity.com/articles/security_sources_article-6254.html * Combating Reverse Telnet Using OpenBSD Packet Filter (pf) November 25th, 2002 This article is meant for those who are going to implement firewall using OpenBSD. The main purpose for this article is to protect servers (such as web, mail, dns and others) within a firewalled network. This article is based on my personal experiences and I could not guarantee it will suit all system that you have. http://www.linuxsecurity.com/articles/documentation_article-6255.html +------------------------+ | General News: | +------------------------+ * Forensic Skill Needed To Bring Hackers To Justice November 29th, 2002 Most firms have strategies to prevent their systems being attacked, but they should also develop policies on what to do in the event of a security breach to preserve evidence and prosecute the culprits, according to experts. http://www.linuxsecurity.com/articles/hackscracks_article-6284.html * Working with the CSO November 29th, 2002 With security an increasing concern for most businesses, it's not surprising that many CTOs will soon find themselves working alongside a CSO (chief security officer), whose sole function is to safeguard the IT structure moving forward. But is this necessary, because many CTOs consider security one of their primary concerns? http://www.linuxsecurity.com/articles/forums_article-6287.html * Feds, Firms Unveil Test For Security Pros November 29th, 2002 A new certification program for entry-level computer-security professionals will officially get up and running Monday, said representatives of the combined industry-government group behind the exam. http://www.linuxsecurity.com/articles/government_article-6283.html * Open Source Insecurity - You Decide November 27th, 2002 In a study provided by the Aberdeen Group they cited some very interesting factoids that seem releveant at first glance. As reported in eWeek, the Aberdeen Group chose the following facts to reach their conclusion: "Of the 29 advisories issued through October by the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, 16 of them addressed vulnerabilities in open-source or Linux products. http://www.linuxsecurity.com/articles/forums_article-6270.html * A Tech Sector That's Set to Soar November 27th, 2002 Tech tracker IDC in Framingham, Mass., predicts that the global market will grow from $6 billion in 2001 to $14.6 billion 2006, IDC estimates. Those will be slower gains than in the mid and late '90s, but "nothing is growing as quickly as it used to, because of the economy," says Check Point President Jerry Ungerman. http://www.linuxsecurity.com/articles/security_sources_article-6276.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 04:26:41 PST