+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 3rd, 2003 Volume 4, Number 5n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "rsync: A Backup Strategy for Modern Times," "Network Security: Best Practices," "Developing A Security Policy," and "Rule Definition For Anomoly Based Intrusion Detection." LINUX ADVISORY WATCH: This week, advisories were released for kdeutils, noffle, dhcp3, tomcat3, courier, mysql, fetchmail, vim, webalizer, postgresql, and cvs. The distributors include Debian, Guardian Digital's EnGarde Secure Linux, Mandrake, and Yellow Dog. http://www.linuxsecurity.com/articles/forums_article-6644.html Patching It Up - Patching and upgrading software requires more than running a few commands. Having a patch recovery plan, communicating with developers on that server, and knowing who to contact in case of a botched patch job is critical. http://www.linuxsecurity.com/feature_stories/feature_story-135.html --------------------------------------------------------------------- CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 --------------------------------------------------------------------- LINUXSECURITY.COM FEATURE: Newest Members of the Team Just to give everyone an idea about who writes these articles and feature stories that we spend so much of our time reading each day, I have decided to ask Brian Hatch and Duane Dunston, the newest members of the LinuxSecurity.com team, a few questions. http://www.linuxsecurity.com/feature_stories/feature_story-134.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Interview with Donald L. Pipkin January 31st, 2003 I am an Information Security Architect at Hewlett-Packard. I've been with HP eighteen years; most of that time I have spent in the area of information security. I help customers before a security incident by evaluating their security and, after there has been a security breach. I help them in recovering their systems. http://www.linuxsecurity.com/articles/security_sources_article-6646.html * Cryptography Contest: Cracking an Algorithm bit by bit. January 29th, 2003 This week, we begin to reverse engineer the home-grown encryption algorithm discussed last week. Last week I offered you five examples of "encrypted" text that were generated by a home-grown crypto system. Your job was to reverse engineer the algorithm. http://www.linuxsecurity.com/articles/cryptography_article-6634.html * MPEG-4 Consortium Keys on Security January 29th, 2003 A streaming-media consortium set a schedule this week for finalizing technical specs for MPEG-4 security and rights management--components that are key to the open standard's adoption among content owners. The Internet Streaming Media Alliance (ISMA)--a global group of companies including Apple Computer, Cisco Systems and Sun Microsystems http://www.linuxsecurity.com/articles/vendors_products_article-6631.html * rsync: A Backup Strategy for Modern Times January 27th, 2003 The use of hard drives for backups is outpacing other forms of backup media by a country mile. The largest IDE drive available right now is 200 gigabytes (Western Digital's Drivezilla, which gets my vote for best name). Tape backup has valiantly attempted to keep pace. http://www.linuxsecurity.com/articles/documentation_article-6613.html +------------------------+ | Network Security News: | +------------------------+ * DNS Cache Poisoning - The Next Generation January 31st, 2003 The old problem of DNS cache poisoning has again reared its ugly head. While some would argue that the domain name system protocol is inherently vulnerable to this style of attack due to the weakness of 16-bit transaction IDs, we cannot ignore the immediate threat while waiting for something better to come along. http://www.linuxsecurity.com/articles/documentation_article-6649.html * Developing A Security Policy January 30th, 2003 Ever since the provision of internet connections became a must-have for the vast majority of businesses, the threat from malicious hackers and viruses has been growing exponentially. http://www.linuxsecurity.com/articles/security_sources_article-6639.html * Network Security: Best Practices January 30th, 2003 Believe it or not, best practices in network security begin with a top-down policy. Policy begins with understanding what it is you need to protect and what it is you need to protect against. The levels of responsibility need to be understood, and that implies that security is everyone's job, as each employee understands how he or she contributes to the organization. http://www.linuxsecurity.com/articles/security_sources_article-6641.html * Firewall Geeks Meet the Night Watchmen January 30th, 2003 As the information-technology director for Indianapolis Motor Speedway, Jon Koskey keeps a close eye on computer security at the venerable Brickyard, home to the Indy 500. His three-person staff monitors 450 networked devices including servers, desktops, and printers. http://www.linuxsecurity.com/articles/network_security_article-6638.html * FAA Technologist Urges Better Security In Network Boxes January 29th, 2003 In a keynote address at the Comnet 2003 conference here Tuesday (Jan. 28), the chief information officer of the U.S. Federal Aviation Administration urged networking equipment designers to add security capabilities to their systems earlier in the design process. http://www.linuxsecurity.com/articles/general_article-6629.html * Remote Gkrellm Over SSH Mini-HOWTO January 29th, 2003 It's nice to have a server, router or firewall tucked away in a closet or in a dark corner of a room and still be able to access it over your local network. But what about monitoring it? Keeping an eye on a local computer is easy with Gkrellm, so why not a remote computer? http://www.linuxsecurity.com/articles/documentation_article-6625.html * Wireless Warriors Discover Cracks in Calgary's Corporate Security Systems January 28th, 2003 In his green Honda CRV, Jason Kaczor looks like any other commuter navigating his way through Calgary's downtown streets in the early hours of the morning. Few realize he is a participant in a bizarre electronic scavenger hunt known as "war driving" -- a real life "game" that exposes companies and consumers who are vulnerable to a mobile hacker attack http://www.linuxsecurity.com/articles/network_security_article-6619.html * What to look for when buying a VPN January 28th, 2003 Virtual private networking is becoming an integral part of today's data networks. Virtual private network (VPN) drivers range from securing corporate communications to reducing costs by replacing leased lines. But for those who have not yet deployed a VPN, the options can be daunting. There are several approaches and dozens of products and services from which to choose, each with its own pros and cons. http://www.linuxsecurity.com/articles/cryptography_article-6623.html * Rule Definition For Anomoly Based Intrusion Detection January 27th, 2003 Intrusion Detection Systems are one of the fastest growing technologies in the security space. Unfortunately, many companies find it hard to put it to use due to the complexity of deployment and or lack of information about it possible use. http://www.linuxsecurity.com/articles/documentation_article-6611.html +------------------------+ | General News: | +------------------------+ * Bush Approves Cybersecurity Strategy January 31st, 2003 President Bush has approved the White House's long-awaited national cybersecurity strategy, a landmark document intended to guide government and industry efforts to protect the nation's most critical information systems from cyberattack. http://www.linuxsecurity.com/articles/government_article-6650.html * DOD Looking Ahead On Security January 31st, 2003 The Defense Department already is considering how to protect information in a network-centric environment, according to the department's deputy chief information officer. Priscilla Guthrie, DOD's deputy CIO, said a white paper is circulating within the department that attempts to lay out the department's information assurance (IA) requirements in the envisioned network-centric environment, in which data would be made available as quickly as possible to those in the organization or on the battlefield who need it. http://www.linuxsecurity.com/articles/government_article-6647.html * Techie Rethinks Disclosing Flaws January 30th, 2003 The British computer expert whose research was linked to the weekend's damaging Internet attack pledged Wednesday to reconsider publishing blueprints for attack programs that exploit flaws he discovers in popular software. http://www.linuxsecurity.com/articles/forums_article-6642.html * ID Management Takes A Leap Into Privacy Protection January 30th, 2003 Identity management is more than just granting and revoking user access to business systems. With the introduction of new auditing practices and regulations by the federal government, businesses are being held accountable for the security of their users' personal information. http://www.linuxsecurity.com/articles/privacy_article-6637.html * Net Security Chief to Quit January 29th, 2003 Cybersecurity czar Richard Clarke will step down next month after he finishes a comprehensive Internet-security plan, industry and government sources said Tuesday. Clarke, a longtime White House aide who has led efforts to combat terrorism and bolster the security of the nation's computer systems, will look for work in the private sector rather than take a position in the new Department of Homeland Security, people close to the situation said. http://www.linuxsecurity.com/articles/government_article-6627.html * Dept. of Homeland Security site switches to Linux from Windows 2000 January 29th, 2003 The United States Department of Homeland Security (www.dhs.gov) changed its servers over to Oracle on Linux last week, after running on Windows 2000 for several months. http://www.linuxsecurity.com/articles/government_article-6630.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 05:39:53 PST