+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 19th, 2003 Volume 4, Number 20n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Securing Apache: Step-by-Step," "Who's listening on that port," "Wireless LANs Are Not Without Security Complications," and "Honeypots: Definitions and Value of Honeypots." LINUX ADVISORY WATCH: This week, advisories were released for kernel, mgetty, slocate, evolution, kernel, shadow, kopte, kopte, xinetd, mysql, kde, xinetd, kernel, tcpdump, and openssh. The distributors include SCO, Conectiva, Guardian Digital, Gentoo, Mandrake, Red Hat, and TurboLinux. http://www.linuxsecurity.com/articles/forums_article-7277.html -------------------------------------------------------------------- * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 -------------------------------------------------------------------- Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits, running a honeynet makes one acutely aware about "what is going on" out there. While placing a network IDS outside one's firewall might also provide a similar flood of alerts, a honeypot provides a unique prospective on what will be going on when a related server is compromised used by the intruders. http://www.linuxsecurity.com/feature_stories/feature_story-141.html #### Concerned about the next threat? #### #### EnGarde is the undisputed winner! #### Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. Read more about the award-winning EnGarde Secure Linux http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=engardecomm1 +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Securing Apache: Step-by-Step May 15th, 2003 This article shows in a step-by-step fashion, how to install and configure the Apache 1.3.x Web server in order to mitigate or avoid successful break-in when new vulnerabilities in this software are found. http://www.linuxsecurity.com/articles/documentation_article-7270.html * IPTables Overview May 15th, 2003 IPTables is a firewall program. It can restrict access by port, by IP address, or by the properties of packets. Firewalls aren't everything you need for security, but they're an excellent first step. http://www.linuxsecurity.com/articles/documentation_article-7271.html * Tripwire Overview May 14th, 2003 Tripwire isn't rocket science. It's a database of file checksums, and programs to update and report on that database. It also contains rules concerning the severity of various types of anomolies. These rules are contained in a policy file. http://www.linuxsecurity.com/articles/documentation_article-7263.html * In Search of the IT Patch Master May 14th, 2003 IT organizations have a new scalability problem to deal with, and it has nothing to do with network performance or how many servers it takes to run an application. It has everything to do with system security and how system administrators can protect against software vulnerabilities. http://www.linuxsecurity.com/articles/general_article-7268.html +------------------------+ | Network Security News: | +------------------------+ * Bugwatch: Secure wireless computing May 16th, 2003 Security is essential if you are to get the most out of wireless technology. Despite the hype it is perfectly possible to have secure wireless computing, but there are some common mistakes to avoid. This top 10 list of tips will help you to make your wireless environment more secure. http://www.linuxsecurity.com/articles/network_security_article-7281.html * Who's listening on that port? May 15th, 2003 IPTables is a firewall program. It can restrict access by port, by IP address, or by the properties of packets. Firewalls aren't everything you need for security, but they're an excellent first step. http://www.linuxsecurity.com/articles/documentation_article-7274.html * Wireless LANs Are Not Without Security Complications May 14th, 2003 Wireless technology has advanced noticeably lately and organisations are beginning to realise the tremendous potential the technology holds. Users are becoming more mobile than ever before. With the increasing demand to work on the move, wireless technology has an important role to play in facilitating this required mobility. http://www.linuxsecurity.com/articles/network_security_article-7264.html * Honeypots: Definitions and Value of Honeypots May 14th, 2003 Last year I attempted to define and describe what honeypots are in the paper "Honeypots: Definitions and Values". Since then, both honeypot technologies and our understanding of them has dramatically improved. http://www.linuxsecurity.com/articles/intrusion_detection_article-7261.html * VPN Questions Answered May 13th, 2003 A recent eSeminar showed that, while virtual private networks have been widely deployed, many questions about the technology remain, and many new questions are arising as the technology evolves. http://www.linuxsecurity.com/articles/security_sources_article-7258.html * Taking Aim At Denial-of-service Attacks May 13th, 2003 Graduate students from Carnegie Mellon University on Monday proposed two methods aimed at greatly reducing the effects of Internet attacks. In two papers presented at the IEEE Symposium on Security and Privacy here, the graduate students suggested simple modifications to network software that could defeat denial-of-service attacks and that could be implemented in the current protocol used by the Internet. http://www.linuxsecurity.com/articles/network_security_article-7259.html * Businesses 'unaware of basic on-line security' May 12th, 2003 Businesses and other organisations were paying dearly because they did not bother with basic security to protect their on-line dealings, a conference was told today.The AusCERT Asia-Pacific IT Security Conference on the Gold Coast was told most breaches of computer systems occurred because security was practically non-existent. http://www.linuxsecurity.com/articles/general_article-7249.html +------------------------+ | General Security News: | +------------------------+ * SPAM and Private Property May 16th, 2003 I agree with the recent Linux and Main editorial that one of the most misunderstood aspects of the spam debate is the confusion about how it should be defined. While I'm willing to admit that there needs to be some discussion about the definition included in any laws regarding spam, the essential definition is that unless a sender holds some specific, reasonable permission from me to send an email, it is always spam. http://www.linuxsecurity.com/articles/privacy_article-7284.html * Matrix runs Un*x May 15th, 2003 Ross Vandegrift explains that he "Made it into the showing last night at Newark shopping center. There's this scene where Trinity needs to crack into a system. So what does she use?" Read on to find out. http://www.linuxsecurity.com/articles/network_security_article-7272.html * Hackers Hack Script Kiddies May 15th, 2003 Script kiddies, those that typically use existing well known exploits to gain unauthorized access to computer systems with little regard for the actual code and how it works, be warned - examine what you execute. http://www.linuxsecurity.com/articles/general_article-7273.html * Information Security and the Public Sector-An Introduction to the Criminal Law of Information Security May 13th, 2003 This is the third part of a four-part series looking at U.S. information security laws and the way those laws affect security professionals. This installment begins the discussion of information security in the public sector. http://www.linuxsecurity.com/articles/government_article-7254.html * Governments are latching on to Linux May 12th, 2003 As Linux makes inroads into the servers of Asian businesses, governments are also climbing on the open-source bandwagon, but with varying degrees of interest. Some have been extremely vocal about their support for Linux and even formed alliances to customize and promote the open-source operating system (OS), while others have opted for a more quiet, wait-and-see approach. http://www.linuxsecurity.com/articles/government_article-7252.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue May 20 2003 - 02:12:18 PDT