+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 22nd, 2003 Volume 4, Number 38n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "A Password Policy Primer," "Wireless Network Policy Development," "Demonstrating ROI for Penetration Testing," and "Have DoS Attacks Gone Out of Style?" ---- >> FREE Apache SSL Guide from Thawte << ---- Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache LINUX ADVISORY WATCH: Folks, there are a lot of advisories this week. Be sure to check your distribution carefully, as many of them are significant. This week, advisories were released for mana, pine, gtkhtml, openssh, sendmail, MySQL, xfree86, buffer, kernel, and KDE. http://www.linuxsecurity.com/articles/forums_article-7987.html --- FEATURE: A Practical Approach of Stealthy Remote Administration This paper is written for those paranoid administrators who are looking for a stealthy technique of managing sensitive servers (like your enterprise firewall console or IDS). http://www.linuxsecurity.com/feature_stories/feature_story-149.html --- Basic Intrusion Prevention using Content-based Filtering This article will discuss a very useful but seemingly overlooked functionality of Netfilter, a firewall code widely used in Linux, that provides content matching and filtering capabilities. http://www.linuxsecurity.com/feature_stories/feature_story-148.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Web Site Hackerproofing 101 September 19th, 2003 In recent weeks, high-profile arrests of hackers and malware authors have trained a spotlight on the sometimes-shadowy underworld of computer crime. The Internet may seem like a more dangerous place than ever before, but Web security administrators can greatly reduce the number of vulnerabilities that allow hackers to illegally enter, deface and destroy Web sites. http://www.linuxsecurity.com/articles/server_security_article-7986.html * A Password Policy Primer September 17th, 2003 We can build our fortress with towering fifty-foot high, four-foot thick walls. We can build a moat thirty feet wide to surround those walls. And we can even man the castellation with the finest archers. But all will be for naught if the enemy crosses the drawbridge in the guise of one of our fellows and gives a good password to the gatekeeper. http://www.linuxsecurity.com/articles/server_security_article-7972.html * Fine-Tuning Linux Administration with ACLs September 17th, 2003 Linux's venerable file and user permissions system is solid and dependable, but not very flexible, unfortunately. For users to share access to a particular document or resource, they must all be in the same group. It's an all-or-nothing deal, as all users within a group have all the same rights, which is most inconvenient when you wish to exclude someone, or include someone only on a limited basis. http://www.linuxsecurity.com/articles/host_security_article-7973.html +------------------------+ | Network Security News: | +------------------------+ * Four Questions To Ask To Stay Secure In An Anywhere, Anytime World September 19th, 2003 We live in an era that increasingly demands anywhere, anytime access to all of our business resources. What started with giving pagers to our most critical employees has evolved into ubiquitous use of cell phones and Wi-Fi access almost anywhere, even in McDonald's. http://www.linuxsecurity.com/articles/general_article-7985.html * SSH on Edge Routers September 18th, 2003 This is a paper describing security meassures one should take that are often overlooked at our Edge Routers. Securing routers with secure management protocols like SSH and filtering advise to prevent unwanted attacks. http://www.linuxsecurity.com/articles/network_security_article-7980.html * Wireless Network Policy Development (Part One) September 18th, 2003 The need for wireless policy has never been greater. 802.11/a/b/g wireless networks (WLANs) [1] have taken the Information Technology world by storm. With 35 million units expected to sell in 2003 and with a predicted growth rate of 50-200% compounded year over year through 2006, wireless is here to stay. http://www.linuxsecurity.com/articles/network_security_article-7978.html * SSH Security Glitch Exposes Networks, Patch Re-released September 17th, 2003 A critical security flaw in SSH has been revealed that threatens servers worldwide. SSH is a widely used encrypted remote management shell for Unix, Linux and BSD platforms. Experts say attackers have been exploiting the vulnerability to gain access to systems illegally for months. http://www.linuxsecurity.com/articles/security_sources_article-7967.html * Wireless Security: Preventing Your Data From Vanishing Into Thin Air September 16th, 2003 Despite its many exciting possibilities for new business opportunities, cost-savings, and user freedom, wireless technology presents serious challenges to information security. http://www.linuxsecurity.com/articles/network_security_article-7964.html +------------------------+ | General Security News: | +------------------------+ * Have DoS Attacks Gone Out of Style? September 19th, 2003 Less than two months after computer users sighed that the Year 2000 scare was only so much hubbub, the Internet world was racked by a series of attacks that made people question whether what had been touted as the most significant medium in history was as safe as they had thought. http://www.linuxsecurity.com/articles/forums_article-7983.html * Cybersecurity Forum Planned September 18th, 2003 The Homeland Security Department now has the foundation for addressing cybersecurity vulnerabilities and response, but the details will be filled in at a summit later this year, Robert Liscouski, assistant secretary of infrastructure protection, testified before a House subcommittee today. http://www.linuxsecurity.com/articles/government_article-7977.html * NSA, DOD Push Common Criteria For Civilians September 18th, 2003 If civilian agencies join the national security community in limiting technology purchases to items that have gone through independent evaluation, it could spur vendors to submit more products for certification, officials testified today before a House subcommittee. http://www.linuxsecurity.com/articles/government_article-7979.html * Survey Report: Taking Responsibility September 17th, 2003 Call it job security for information security: More organizations are making security a primary job function for IT professionals. It's all about adding accountability to the process of securing data. Over the next two years, organizations will add more dedicated security personnel and invest more on security, according to a survey conducted in June by Secure Enterprise of 431 technology managers at U.S. companies and government agencies. http://www.linuxsecurity.com/articles/forums_article-7969.html * Demonstrating ROI for Penetration Testing (Part Three) September 17th, 2003 Part one of this series provided a general discussion of ROSI (Return on Security Investment) and likened performing penetration testing to having a health physical. The key idea was to teach security professionals to think like business managers in regards to justifying expenditures for security initiatives and security investments. http://www.linuxsecurity.com/articles/security_sources_article-7970.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 23 2003 - 11:54:41 PDT