+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 16th, 2002 Volume 3, Number 49n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Know Your Enemy - Learning with User-Mode Linux," "Buried By The Authentication Avalanche," "Secure Passwordless Logins with SSH," and "Six Basic Tips For Securing Wireless Networks." Network Security Audit - "Information for the right people at right time and from anywhere" has been the driving force for providing access to the most of the vital information on the network of an organization over the Internet. This is a simple guide on conducting a network security audit. http://www.linuxsecurity.com/feature_stories/feature_story-131.html LINUX ADVISORY WATCH: This week, advisories were released for nss_ldap, icecast, fileutils, imp, apache, groff, html2ps, im, gtetrinet, tcpdump, tetex, perl, python, canna, and wget. The distributors include Caldera, Debian, Mandrake, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-6367.html CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 Security: MySQL and PHP (3 of 3) - This is the third installation of a 3 part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a MySQL server to the basic level, one has to abide by the following guidelines. http://www.linuxsecurity.com/feature_stories/feature_story-130.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Know Your Enemy - Learning with User-Mode Linux December 13th, 2002 This paper will focus on building a Honeynet using a single computer and free, OpenSource software. This will be accomplished by building a Virtual Honeynet, using the OpenSource solutions User-Mode Linux (often called UML) and IPTables. http://www.linuxsecurity.com/articles/documentation_article-6370.html * Buried By The Authentication Avalanche December 13th, 2002 With identity theft on the rampage, network managers are being hit by an increasing barrage of software, hardware and services for user authentication. Organizations are implementing technologies ranging from traditional passwords/PINs to PKI and SSL certificates, tokens, fingerprint readers, and even voiceprints. http://www.linuxsecurity.com/articles/network_security_article-6374.html * Rooting Out Corrupted Code December 12th, 2002 Sometimes it's easy to tell when you're dealing with an imposter. That Mona Lisa at your neighbor's yard sale is unlikely to be the real thing. When you see Elvis at the mall, you can be pretty sure that he's a fake, too. http://www.linuxsecurity.com/articles/documentation_article-6361.html * Apache Suffers More Attacks December 12th, 2002 I report on a lot of software vulnerabilities, and I try to weed out the unimportant ones. But there's no real way to know in advance which ones will be exploited and which ones cybervandals will essentially ignore. http://www.linuxsecurity.com/articles/vendors_products_article-6359.html * Secure Passwordless Logins with SSH Part 1 December 11th, 2002 Many of my past newsletters have detailed configuration setups that required you to be able to execute commands on remote machines without interactively supplying a password. The next few articles will help show how you can set up such a system. http://www.linuxsecurity.com/articles/documentation_article-6358.html * IT users in password hell December 11th, 2002 Heavy users of technology now employ nearly two dozen passwords to gain access to various IT systems and Web sites--but are compromising security by writing them down. The 2002 NTA Monitor Password Survey found that the typical intensive IT user now has 21 passwords, and has two strategies to cope, neither of which is advisable from a security standpoint: they either use common words as passwords or keep written records of them. The survey found that some of these heavy users maintain up to 70 passwords. http://www.linuxsecurity.com/articles/network_security_article-6357.html +------------------------+ | Network Security News: | +------------------------+ * Network Vulnerability Rises Exponentially When Moving From Wired To Wireless December 12th, 2002 In international news at the end of last week, Richard Clarke, special advisor to the US president for cyberspace security, together with other experts labelled wireless networking technology as a potential terrorist target. http://www.linuxsecurity.com/articles/forums_article-6362.html * XML Encryption Specs Approved December 11th, 2002 The two specs, XML Encryption Syntax and Processing and Decryption Transform for XML Signature, will enable Web pages using Extensible Markup Language to encrypt parts of a document being exchanged between Web sites, the World Wide Web Consortium said. http://www.linuxsecurity.com/articles/cryptography_article-6351.html * Law may be updated to cover DoS attacks December 11th, 2002 The government is considering amending the Computer Misuse Act (CMA), amid concern within the Internet industry that denial of service (DoS) attacks may not be covered by the law.The Home Office, in consultation with groups such as the police and industry representatives, is currently examining ways of updating the CMA, according to a Home Office spokeswoman. http://www.linuxsecurity.com/articles/government_article-6356.html * Six Basic Tips For Securing Wireless Networks December 10th, 2002 Wireless networks offer opportunities for hackers. But it doesn't have to be that way The purpose of properly securing a wireless access point is to close off the network from outsiders who do not have authoristion to use your services. This is often easier said than done. http://www.linuxsecurity.com/articles/documentation_article-6346.html * Risk Assessment Essentials December 9th, 2002 We all claim to understand the importance of network security. We stand around water coolers chatting about this worm, that newly discovered security hole, this patch, and that hot fix. As IT managers, we know it's our job to ensure that all the latest patches are not only applied, but applied immediately. http://www.linuxsecurity.com/articles/security_sources_article-6339.html +------------------------+ | Cryptography News: | +------------------------+ * Crypto-Gram December 15th, 2002 December 15th, 2002 Crypto-Gram is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. This month, Comments on the Department of Homeland Security, Security Notes from All Over: Dan Cooper, Crime: The Internet's Next Big Thing, and more. http://www.linuxsecurity.com/articles/cryptography_article-6375.html +------------------------+ | General News: | +------------------------+ * IDC: Cyberterror to hit in 2003 December 13th, 2002 A major cyberterrorism event will occur in 2003, a technology research group predicted on Thursday, one that will disrupt the economy and bring the Internet to its knees for at least a day or two. http://www.linuxsecurity.com/articles/general_article-6368.html * Homeland Security Will Consolidate Software Licenses December 12th, 2002 Speaking at a Spy Museum breakfast today, Secret Service assistant director Steve Colo said the new Homeland Security Department will consolidate all its component agencies' software licenses "for the greater good," looking first at large contracts with vendors such as Microsoft Corp. and Oracle Corp. < http://www.linuxsecurity.com/articles/government_article-6364.html * Today's Pain Points Are Tomorrow's Vendor Opportunities December 11th, 2002 If you want to predict the most important information security tools for CSOs in the coming year, just look at the problems that CIOs are trying to resolve today. Whereas today's security tools are intrusive, clunky and require significant commitment from both staff and users alike, tomorrow's tools will increasingly be automatic and even autonomous. http://www.linuxsecurity.com/articles/security_sources_article-6353.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 13:14:29 PST