+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 14th, 2003 Volume 4, Number 28n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "The Truth about Tapes, Backups, and Restores," "Securing Wireless Campus Networks," "Wi-Fi Users Still Don't Encrypt," and "Making Choices to Show ROI." LINUX ADVISORY WATCH: This week, advisories were released xpdf, ml85p, openldap, imp, php, semi, x-face-el, liece, mozart, skk, unzip, xbl, phpsysinfo, and teapop. The distributors include Conectiva, Debian, Mandrake, and TurboLinux. http://www.linuxsecurity.com/articles/forums_article-7614.html >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click here to download our Free guide: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25 FEATURE: Real-Time Alerting with Snort Real-time alerting is a feature of an IDS or any other monitoring application that notifies a person of an event in an acceptably short amount of time. The amount of time that is acceptable is different for every person. http://www.linuxsecurity.com/feature_stories/feature_story-144.html -------------------------------------------------------------------- * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 -------------------------------------------------------------------- LINSECURITY.COM FEATURE: Intrusion Detection Systems: An Introduction By: Alberto Gonzalez Intrusion Detection is the process and methodology of inspecting data for malicious, inaccurate or anomalous activity. At the most basic levels there are two forms of Intrusion Detection Systems that you will encounter: Host and Network based. http://www.linuxsecurity.com/feature_stories/feature_story-143.html #### Concerned about the next threat? #### #### EnGarde is the undisputed winner! #### Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://store.guardiandigital.com/html/eng/products/software/esp_overview.shtml +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * 'Brand Spoofing' a Growing E-Mail Scam July 11th, 2003 That e-mail may look like it's from a well-known company. But as more people have discovered in recent months, it could be an attempt to defraud you. http://www.linuxsecurity.com/articles/general_article-7622.html * Web-Application Security is Not an Oxymoron. July 11th, 2003 We all use Web applications every day--whether we know it or not. That is, all of us who browse the Web. That is all of us, right? When you go to cnn.com and the site auto-magically knows you are a US citizen and serves you US news and local weather it's all because of a Web application. http://www.linuxsecurity.com/articles/host_security_article-7623.html * The Truth about Tapes, Backups, and Restores July 11th, 2003 Backups and restores are crucial functions to the integrity of data at a site. And yet once an implementation is in place, except for babysitting, these functions tend to be ignored. Why? Well, backups are certainly not glamorous, and no one really likes to muck with them. http://www.linuxsecurity.com/articles/host_security_article-7616.html * Basic Hardening Linux July 9th, 2003 Linux is capable of high-end security; however, the out-of-the-box configurations must be altered to meet the security needs of most businesses with an Internet presence.This article shows you the steps for securing a Linux system called hardening the server using both manual methods and open source security solutions. http://www.linuxsecurity.com/articles/server_security_article-7602.html * The Fine Art of Password Protection July 7th, 2003 Passwords are both the universal language for network navigation and the weakest link in network security , as fraught with peril as they are essential. Experts say that because they are so closely linked to the ever-fallible human element, passwords cause the most headaches of any security mechanism. http://www.linuxsecurity.com/articles/security_sources_article-7589.html +------------------------+ | Network Security News: | +------------------------+ * Understanding Firewalls July 11th, 2003 There are literally hundreds of firewall products available, and there are different theories from different security experts on how firewalls should be used to secure your network. This article will explore the operation of a generic firewall in detail, outline the important features you need in a firewall, and discuss how firewalls should be deployed in networks of any size. http://www.linuxsecurity.com/articles/firewalls_article-7621.html * Securing Wireless Campus Networks July 11th, 2003 While no Ethernet-based network can be considered a "secure" communications medium, network operators take some solace that the exposure of traffic for a LAN is limited to those stations that have "physical access" to it. http://www.linuxsecurity.com/articles/network_security_article-7615.html * The ABCs of Network Security July 11th, 2003 It requires constant vigilance, with regular applications of available network patches. The ideal approach for most companies is to have a day-to-day scanning program along with patch management--done either internally or outsourced to a consultant. http://www.linuxsecurity.com/articles/network_security_article-7618.html * Connect Securely With SSH July 10th, 2003 You'll undoubtedly want to use ssh to work on your servers from remote sites, but it takes an assortment of tricks to keep progress rolling smoothly. MindTerm and socat and VNC, oh my! http://www.linuxsecurity.com/articles/documentation_article-7612.html * Attacks Exposed July 10th, 2003 How serious a particular attack type is depends on two things: how the attack is carried out, and what damage is done to the compromised system. An attacker being able to run code on his machine is probably the most serious kind of attack for a home user. http://www.linuxsecurity.com/articles/security_sources_article-7611.html * Hitting The Sweet Spot July 10th, 2003 Today, Honeypots are still in their infancy, developed and used primarily by researchers and security enthusiasts. A handful of commercial products are available, and organizations are beginning to deploy open-source honeypots and their more robust iterations, such as Honeyd. But honeypots are not widely deployed. http://www.linuxsecurity.com/articles/intrusion_detection_article-7608.html * Study: Wi-Fi Users Still Don't Encrypt July 7th, 2003 Think you've heard more than enough about war driving and Wi-Fi insecurity? Two days of electronic eavesdropping at the 802.11 Planet Expo in Boston last week sniffed out more evidence that most Wi-Fi users still aren't getting the message -- or are comfortable broadcasting their e-mail into the ether. http://www.linuxsecurity.com/articles/security_sources_article-7585.html * Book Review: Personal Firewalls for Administrators and Remote Users July 7th, 2003 >From the title it may seem that Personal Firewalls for Administrators and Remote Users was written for administrators and users of business networks. However, as more people take advantage of "always on" Internet connections, they are becoming de facto administrators. http://www.linuxsecurity.com/articles/firewalls_article-7587.html +------------------------+ | General Security News: | +------------------------+ * Security: Yes, It's Part of Your Job July 11th, 2003 Welcome to our annual issue about necessary information technology security tools for the enterprise, I mean sinister tools of massive repression. What's the difference? In most cases, only the use to which you put the tool. Security is a fascinating subject because it exercises both your logical, problem-solving side--what would an attacker have to compromise to get from point A to point B--and your conscience. http://www.linuxsecurity.com/articles/forums_article-7624.html * PDAs pose potential privacy problems July 11th, 2003 Companies are risking legal action by failing to protect data held on personal digital assistants (PDAs) and smartphones, according to a survey. While there are no official statistics about the number of these devices that have been stolen, as many as a quarter of staff surveyed on PDA usage by mobile security firm Pointsec Mobile Technologies claimed to have either lost or had their PDA stolen. http://www.linuxsecurity.com/articles/privacy_article-7619.html * Making Choices to Show ROI July 11th, 2003 Return on investment (ROI) is the reason for entering a business as well as the measure of that business' success. You know this; your board knows this; odds are that you're paying more attention to ROI today than you were a year ago. It's a good time to bring ROI front and center in discussions about information risk management. http://www.linuxsecurity.com/articles/general_article-7617.html * Information Security and the Public Sector-An Introduction to the National Security Law of Information Security July 9th, 2003 This is the last article in a four-part series looking at U.S. information security laws and the way those laws affect the work of security professionals. This installment continues the discussion of information security in the public sector and provides an overview of national security law in the United States as it pertains to information security. http://www.linuxsecurity.com/articles/government_article-7606.html * ISS Lists Security Risks July 8th, 2003 Internet Security Systems Inc. last week unveiled its first Catastrophic Risk Index, a compilation of the 31 most serious current vulnerabilities and attacks. The index is designed to give administrators a constantly updated quick-reference list of the issues that should be their top priorities in protecting networks. http://www.linuxsecurity.com/articles/hackscracks_article-7600.html * "Defacer's Challenge" Provides Argument for Self-Policing July 7th, 2003 A few years ago, web defacements were largely limited to individual sites, conducted by small groups of security enthusiasts with a bone to pick. Whether it was a political message, a technical statement or an expression of love to a girlfriend, the cracking of websites had a certain allure to them that made even the medium-level enthusiast raise his or her eyebrows. http://www.linuxsecurity.com/articles/hackscracks_article-7590.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 01:48:44 PDT