+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 28th, 2003 Volume 4, Number 30n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Testing Intrusion Detection Systems," "Using iptables Chains to Simplify Kernel ACL Management," "Best Network Port Scanners for Linux," and "CSOs Creating Cultural Change." LINUX ADVISORY WATCH: This week, advisories were released for apache, kernel, nfs-utils, cups, phpgroupware, fdclone, several, gnupg, phpgroupware, mpg123, mozilla, semi, ethereal, and xpdf. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Linux, Gentoo, Mandrake, Red Hat, Trustix, TurboLinux, and YellowDog Linux. http://www.linuxsecurity.com/articles/forums_article-7704.html INTRODUCING: Secure Mail Suite from Guardian Digital Unparalleled E-Mail Security. Secure Mail Suite is the most Dynamic, Rigorous Protection for Your Email System on the market today. It Clobbers Spam. Detects and Disables Viruses. And its Killer Firewall Keeps Your Data -- and Your System and Safe and Secure. All in an Easy-to-Manage Application that's Simple to Administer and Maintain. Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security. It's based on Open-Source Engineering, so it's constantly Improving. And with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard for You -- for Many Reliable Years. Secure Mail Suite. Sweet! From the First Name in Open-Source Security. Guardian Digital. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 FEATURE: Fun Things To Do With Your Honeypot Honeypots are a hot topic in the security research community right now. It seems everyone is starting up their own honeypot system. Most of the papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves. http://www.linuxsecurity.com/feature_stories/feature_story-146.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf -------------------------------------------------------------------- >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25 -------------------------------------------------------------------- REVIEW: Linux Security Cookbook There are rarely straightforward solutions to real world issues, especially in the field of security. The Linux Security Cookbook is an essential tool to help solve those real world problems. By covering situations that apply to everyone from the seasoned Systems Administrator to the security curious home user, the Linux Security Cookbook distinguishes itself as an indispensible reference for security oriented individuals. http://www.linuxsecurity.com/feature_stories/feature_story-145.html #### Concerned about the next threat? #### #### EnGarde is the undisputed winner! #### Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://store.guardiandigital.com/html/eng/products/software/esp_overview.shtml +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Oracle warns of security flaws July 25th, 2003 Oracle warned Thursday of two serious security vulnerabilities in its E-Business Suite product. If left unattended, the software vulnerabilities could enable an attacker to run malicious code on an E-Business Suite server or view product configuration information. http://www.linuxsecurity.com/articles/host_security_article-7708.html * Why Biometrics Is No Magic Bullet July 25th, 2003 In Afghanistan, the U.N. uses an iris-scanning system to identify refugees returning from Pakistan to ensure that they don't double-dip on one-time aid grants. In Pinellas County, Fla., police use facial-recognition technology to record the newly arrested so they can be more easily identified if they're nabbed again. http://www.linuxsecurity.com/articles/host_security_article-7709.html * Detecting SQL Injection in Oracle July 23rd, 2003 Last year I wrote a two-part paper about SQL Injection and Oracle. That paper explored which SQL injection techniques are possible with Oracle, gave some simple examples on how SQL injection works and some suggestions on how to prevent attackers and malicious employees using these methods. This paper takes the subject further and investigates the possibilities for the Oracle Database Administrator (DBA) to detect SQL injection in the wild against her Oracle database. http://www.linuxsecurity.com/articles/server_security_article-7694.html * Building a Linux Dial-up Server, Part 2 July 22nd, 2003 In part 1 we looked at a simple setup for creating and sharing a dial-up Internet connection. Today we'll learn how to build a dial-in server. A dial-in server is useful for remote system administration, remote user access, or building a low-cost WAN. A Linux dial-in server can serve as a gateway for both Linux and Windows boxes http://www.linuxsecurity.com/articles/documentation_article-7691.html +------------------------+ | Network Security News: | +------------------------+ * Peering Over the Firewall July 24th, 2003 When our home LAN graduated to a 24x7 Internet connection, my Linux box became the firewall and the router. I liked the ability to customize the firewall, and by using Snort I could keep an eye on the barbarians at the gates. However, I could not experiment much without disrupting the entire household's Internet access. http://www.linuxsecurity.com/articles/firewalls_article-7701.html * Testing Intrusion Detection Systems July 24th, 2003 In government and industry, intrusion detection systems (IDSs) are now standard equipment for large networks. IDSs are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems. Despite the expansion of IDS technology in recent years, the accuracy, performance, and effectiveness of these systems is largely untested, due to the lack of a comprehensive and scientifically rigorous testing methodology. http://www.linuxsecurity.com/articles/intrusion_detection_article-7687.html * Using iptables Chains to Simplify Kernel ACL Management July 23rd, 2003 Over the last two newsletters, we've created a simple firewall that prevents any inbound access. We'd like to make it possible to easily allow certain hosts to connect inbound with SSH, eventually making it an automated/dynamic process. http://www.linuxsecurity.com/articles/documentation_article-7693.html * Best Network Port Scanners for Linux July 23rd, 2003 Port scanning is a prosaic area of network security . For the network administrator, it is the equivalent of knocking on all the doors of a house to see if anyone is around. In an age when any open holes in a network are dangerous, however, a simple port scanner can be an invaluable tool. http://www.linuxsecurity.com/articles/network_security_article-7696.html * WLAN Security Apps Tighten IT's Net Control July 22nd, 2003 As Wi-Fi standards get sorted out and customers clamor for better security, two vendors this week are set to introduce WLAN security products that give IT staffs greater power and flexibility in locking down their networks. http://www.linuxsecurity.com/articles/network_security_article-7685.html * A Quick View at Proxy's July 21st, 2003 Proxy servers were originally developed to cache frequently accessed web pages for computersbehind a common Internet connection. In the early days of the Internet, wide area links were veryslow, the Web was relatively small, and web pages were static. http://www.linuxsecurity.com/articles/firewalls_article-7683.html +------------------------+ | General Security News: | +------------------------+ * Security experts question DOD cybersecurity July 25th, 2003 The U.S. Department of Defense (DOD) relies too much on commercial software, doesn't know who is creating the software, and faces other significant cybersecurity problems, witnesses told a U.S. House of Representatives subcommittee Thursday. http://www.linuxsecurity.com/articles/government_article-7707.html * Demonstrating ROI for Penetration Testing (Part One) July 25th, 2003 SecurityFocus.com writes, "This is the first in a series of articles demonstrating ROI (return on investment) for a Pen-Test (penetration test). I am going to take you down a little bit different path initially than you are probably used to, but I have a particular goal in mind of teaching security professionals how to demonstrate ROI for a Pen-Test." http://www.linuxsecurity.com/articles/general_article-7705.html * CSOs Creating Cultural Change July 24th, 2003 The convergence of physical and IT security is driving the appointment of chief security officers (CSOs) within the enterprise, a new title that is creating cultural change, the senior cybersecurity consultant at Pinkerton Australia Pty. Ltd., Atif Ahmad, said this week. http://www.linuxsecurity.com/articles/general_article-7703.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jul 29 2003 - 03:25:21 PDT