+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 15th, 2003 Volume 4, Number 37n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "A Password Policy Primer," "Simplify Enterprise Java Authentication With Single Sign-on," "Inside The Network Intrusion-Prevention Hype," and "Hardening the TCP/IP Stack to SYN Attacks." ---- >> FREE Apache SSL Guide from Thawte << ---- Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache LINUX ADVISORY WATCH: This week advisories were released for pam_smb, exim, stunnel, wu-ftpd, mah-jong, sane-backends, pine, GtkHTML, and inetd. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, Red Hat, Slackware, and SuSE. http://www.linuxsecurity.com/articles/forums_article-7939.html --- FEATURE: A Practical Approach of Stealthy Remote Administration This paper is written for those paranoid administrators who are looking for a stealthy technique of managing sensitive servers (like your enterprise firewall console or IDS). http://www.linuxsecurity.com/feature_stories/feature_story-149.html --- Basic Intrusion Prevention using Content-based Filtering This article will discuss a very useful but seemingly overlooked functionality of Netfilter, a firewall code widely used in Linux, that provides content matching and filtering capabilities. http://www.linuxsecurity.com/feature_stories/feature_story-148.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * A Password Policy Primer September 13th, 2003 In general, passwords must be unpredictable, and the policy that protects them should be as unpredictable as possible. This being so, your friend's policy is probably not the one you want for yourself, and thus one that I might suggest is probably no better. http://www.linuxsecurity.com/articles/security_sources_article-7949.html * Linux Server Hacks September 12th, 2003 There are a number of system administrators out there that provide a different level of care for their penguin powered server stations. For those wanting to broad their administration horizons, O'Reilly's "Linux Server Hacks" should come quite handy. http://www.linuxsecurity.com/articles/documentation_article-7942.html * Simplify Enterprise Java Authentication With Single Sign-on September 11th, 2003 As you add more and more password-protected applications to your organization's computing environment, you add authentication complexity that will burden both developers and users. Most enterprise application integration projects include single sign-on (SSO) functionality, which allows users to log in once to use a range of different applications. http://www.linuxsecurity.com/articles/documentation_article-7935.html * Case-Harden Your Physical Security September 8th, 2003 Nothing says there's a hole in your security like someone walking off with your servers. You could spend millions of dollars on access lists, firewalls, USB tokens, virus scanners, VPNs, passwords and patches to secure your network from online invasions, but none of those will protect you from offline attacks. http://www.linuxsecurity.com/articles/server_security_article-7916.html * Protecting Databases September 8th, 2003 One of the more recent evolutions in network security has been the movement away from protecting the perimeter of the network to protecting data at the source. The reason behind this change has been that perimeter security no longer works in today's environment. Today, more than just your employees need access to data. http://www.linuxsecurity.com/articles/server_security_article-7920.html * BSD Heap Smashing September 8th, 2003 The first section of this document gives a taste of what this allocator is made of. The constants and data structures used to reference several kinds of resources (namely: memory pages, large chunks, tiny chunks, and medium-sized chunks) are then presented. The data structures used internally by the allocator are then explained. http://www.linuxsecurity.com/articles/documentation_article-7918.html +------------------------+ | Network Security News: | +------------------------+ * ISPs Should Block Net Attack Ports September 11th, 2003 Internet service providers should take security matters into their own hands by blocking access to communications ports on their customers' computers which are commonly exploited by Internet worms and other malicious programs, according to a SANS Institute report. http://www.linuxsecurity.com/articles/forums_article-7934.html * Inside The Network Intrusion-Prevention Hype September 10th, 2003 Battle lines have been drawn, and volleys are being lobbed between the analyst and vendor camps. In dispute: Whether intrusion prevention is out of commission or the next network security salvation. On one side, Gartner has cast intrusion detection into its "Trough of Disillusionment," saying the tech has stalled and calling for these functions to move into firewalls. http://www.linuxsecurity.com/articles/intrusion_detection_article- 7929.html * Hardening the TCP/IP Stack to SYN Attacks September 10th, 2003 Most people know how problematic protection against SYN denial of service attacks can be. Several methods, more or less effective, are usually used. In almost every case proper filtering of packets is a viable solution. In addition to creating packet filters, the modification of the TCP/IP stack of a given operating system can be performed by an administrator. http://www.linuxsecurity.com/articles/network_security_article-7932.html * Information Security Checklist September 9th, 2003 Today's heightened awareness of the need to secure IT infrastructures and protect mission critical data is leading more and more organizations to reevaluate their security practices. http://www.linuxsecurity.com/articles/security_sources_article-7922.html +------------------------+ | General Security News: | +------------------------+ * IEEE Begins Standard to Create Baseline for More Secure Operating Systems September 13th, 2003 The ability to enhance security in information systems and networks is limited by the operating systems that underpin them. Recognizing this, the Institute of Electrical and Electronics Engineers (IEEE) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems. http://www.linuxsecurity.com/articles/organizations_events_article-7947.html * Best Practices: Handheld Security September 10th, 2003 Handheld computers are an evolving security threat. Where once the devices were widely ignored or blocked by IT and security managers, now more organizations have embraced them. Experts warn that organizations still largely ignore PDA security, and at their peril. d devices at $3,000 per year for organizations in the United States. http://www.linuxsecurity.com/articles/host_security_article-7928.html * Security Forces--Act Before You Must React September 10th, 2003 Information security is a reactive world. The next intrusion, vulnerability or worm is always right around the corner. With critical issues arising everywhere, the typical CISO and IT security organization spend most of their time reacting to outside forces and not nearly enough time getting ahead of the curve. http://www.linuxsecurity.com/articles/security_sources_article-7926.html * Issue 8 of ISO 17799 September 9th, 2003 Here is Issue 8 of the ISO 17799 Newsletter. This quarterly publication covers news and developments with respect to the international information security standard. http://www.linuxsecurity.com/articles/security_sources_article-7925.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 16 2003 - 07:17:05 PDT