[ISN] Linux Security Week - June 30th 2003

From: InfoSec News (isnat_private)
Date: Tue Jul 01 2003 - 04:10:40 PDT

  • Next message: InfoSec News: "[ISN] A Push From Homeland Security"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  June 30th, 2003                               Volume 4, Number 26n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Invisibly
    Protecting your Digital Assets with Public Key Infrastructure," "Securing
    PHP: Step by Step," "Stumbler Mapping Networks For Future Attacks," and
    "TCP/IP Connection Cutting on Linux Firewalls and Routers."
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for buzilla, ethereal,
    tcptraceroute, Netscape, ypserv, XFree86, xpdf, orville-write,
    eldav, xbl, webfs, osh, and foomatic. The distributors include
    Conectiva, Debian, Mandrake, RedHat, TurboLinux, and YellowDog.
    
    http://www.linuxsecurity.com/vuln-newsletter.html
    
    
    
    >> FREE Apache SSL Guide from Thawte <<
    Are you worried about your web server security?  Click here to get
    a FREE Thawte Apache SSL Guide and find the answers to all your Apache
    SSL security needs.
    
     Click here to download our Free guide:
     http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte24
    
    FEATURE: Real-Time Alerting with Snort
    Real-time alerting is a feature of an IDS or any other monitoring
    application that notifies a person of an event in an acceptably short
    amount of time. The amount of time that is acceptable is different
    for every person.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-144.html
    
    
    --------------------------------------------------------------------
    
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
    unparalleled in security, ease of management, and features. Open source
    technology constantly adapts to new threats. Email firewall, simplified
    administration, automatically updated.
    
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    --------------------------------------------------------------------
    
    LINSECURITY.COM FEATURE:
    Intrusion Detection Systems: An Introduction
    By: Alberto Gonzalez
    
    Intrusion Detection is the process and methodology of inspecting data for
    malicious, inaccurate or anomalous activity. At the most basic levels
    there are two forms of Intrusion Detection Systems that you will
    encounter: Host and Network based.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-143.html
    
    
     #### Concerned about the next threat?  ####
     #### EnGarde is the undisputed winner! ####
    
     Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
     Editor's Choice Award, EnGarde "walked away with our Editor's Choice
     award thanks to the depth of its security strategy..." Find out what
     the other Linux vendors are not telling you.
    
     http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    
    * Sorting The Ham From The Spam
    June 26th, 2003
    
    Would you use the phone if you had to listen to a 10-second brothel
    advertisement every time you made a call? That is the size of the
    challenge that confronts email: beat spam, or the medium will forever fall
    short of its potential.
    
    http://www.linuxsecurity.com/articles/privacy_article-7545.html
    
    
    * Invisibly Protecting your Digital Assets with Public Key
    Infrastructure
    June 24th, 2003
    
    http://store.guardiandigital.com/html/eng/products/software/esp_overview.shtml
    
    
    Your company is negotiating a big deal with a partner, making you a bit
    nervous about the security of exchanging documents via email. There is a
    non-disclosure agreement in place, but you'd like to be absolutely certain
    that only the recipients can see the plans for your company's new product
    initiative.
    
    http://www.linuxsecurity.com/articles/cryptography_article-7529.html
    
    
    * Securing PHP: Step by Step
    June 24th, 2003
    
    In my previous article ("Securing Apache: Step-by-Step") I described the
    method of securing the Apache web server against unauthorized access from
    the Internet. Thanks to the described method it was possible to achieve a
    high level of security, but only when static HTML pages were served.
    
    http://www.linuxsecurity.com/articles/server_security_article-7532.html
    
    
    * A Dictionary For Vulnerabilities
    June 24th, 2003
    
    If you ever read security vulnerabilities you eventually run into a
    notation looking like "CVE-2002-0947." This is a standard naming
    convention for vulnerabilities called Common Vulnerabilities and Exposures
    (CVE). CVE is administered by a company called Mitre, a non-profit company
    that operates governmental research facilities and other such cool things.
    
    http://www.linuxsecurity.com/articles/forums_article-7530.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Stumbler Mapping Networks For Future Attacks
    June 26th, 2003
    
    The recently discovered Stumbler network-mapping tool represents a variety
    of malware that leaves enterprises with little in the way of defense,
    other than to lock down networks and employ intrusion detection, experts
    said.
    
    http://www.linuxsecurity.com/articles/network_security_article-7542.html
    
    
    * TCP/IP Connection Cutting on Linux Firewalls and Routers
    (Introducing "Cutter 1.02")
    June 25th, 2003
    
    Network security administrators sometimes need to be able to abort TCP/IP
    connections routed over their firewalls on demand. This would allow them
    to terminate connections such as SSH tunnels or VPNs left in place by
    employees over night, abort hacker attacks when they are detected, stop
    high bandwidth consuming downloads - etc.
    
    http://www.linuxsecurity.com/articles/firewalls_article-7539.html
    
    
    * Doing It All with OpenSSH, Part 2
    June 24th, 2003
    
    Welcome back to the Sysadmin's Corner and the continuing saga of secure
    communications, SSH-style. Logging in to an SSH server is easy enough and
    provides you with secure communications, while still opening you up to the
    whole world. You could set up a firewall that allows in certain IP
    addresses only to port 22, but that presents another problem.
    
    http://www.linuxsecurity.com/articles/network_security_article-7534.html
    
    
    * Taming Wi-Fi
    June 24th, 2003
    
    Wi-Fi networks have, up until this point, been a bit like the Wild West:
    exciting, but difficult to control and keep safe. Now, a host of new
    management and security options are springing up as Wi-Fi penetrates
    corporate environments. Read on to find out what's in store.
    
    http://www.linuxsecurity.com/articles/network_security_article-7535.html
    
    
    * RIP Linux Router Project
    June 23rd, 2003
    
    It seems as though the operating system that helped to create the embedded
    Linux marketplace, the Linux Router Project (LRP), is dead. The website
    provides more details.
    
    http://www.linuxsecurity.com/articles/firewalls_article-7523.html
    
    
    * Wireless Security Entangles HIPAA
    June 23rd, 2003
    
    Although most health organizations still have another 22 months to comply
    with new federal security standards, securing wireless networks may pose a
    problem as they near the deadline.
    
    http://www.linuxsecurity.com/articles/general_article-7525.html
    
    
    * Tracking Down the Phantom Host
    June 23rd, 2003
    
    Most information systems security professionals are familiar with the
    procedures for identifying malicious traffic among their routine data, and
    many of the same professionals are familiar with the forensic procedures
    required once you have identified a compromised host.
    
    http://www.linuxsecurity.com/articles/security_sources_article-7522.html
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * How To Hire a Security Guru
    June 26th, 2003
    
    As software flaws, wireless network holes and data thieves continue to
    make companies vulnerable to technological bad guys, a growing need for
    security experts has driven more IT workers toward this constantly
    changing field.
    
    http://www.linuxsecurity.com/articles/general_article-7544.html
    
    
    * Federal Government Has A Ways To Go To Secure Systems
    June 25th, 2003
    
    Since January, the State Department has wiped out more than 155,000
    viruses on its IT systems. Between Oct. 1 and May 31, the first eight
    months of fiscal year 2003, the department recorded more than 700 attempts
    to hack its IT systems.
    
    http://www.linuxsecurity.com/articles/government_article-7538.html
    
    
    * House Questions Federal IT Security
    June 25th, 2003
    
    Members of a House panel expressed frustration Tuesday over the progress
    of federal agencies in securing their IT systems. Agency heads and other
    officials responded by saying progress was being made but significant
    problems remain.
    
    http://www.linuxsecurity.com/articles/government_article-7540.html
    
    
    * Setting The Rules For ISPs and Spammers
    June 23rd, 2003
    
    Peter Hall's troubles with spam began the week of Aug. 5, 1997, when the
    New York-based independent film producer learned that his EarthLink
    account had been shut off without warning.
    
    http://www.linuxsecurity.com/articles/privacy_article-7524.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jul 01 2003 - 06:27:49 PDT