+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 29th, 2003 Volume 4, Number 39n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Fit best practice with your security software," "Linux Security: Good Enough," "Comparison Review: Network Intrusion-Prevention Systems," and "Test your data recovery plan." ---- >> FREE Apache SSL Guide from Thawte << ---- Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache LINUX ADVISORY WATCH: This week, advisories were released for vnc, krb5, php4, ipmasq, ssh, ARP, openssh, wu-ftpd, ipmasq, sendmail, proftpd and perl. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, FreeBSD, Gentoo, Red Hat, Slackware, SuSE, and TurboLinux. http://www.linuxsecurity.com/articles/forums_article-8016.html --- FEATURE: R00ting The Hacker Dan Verton, the author of The Hacker Diaries: Confessions of Teenage Hackers is a former intelligence officer in the U.S. Marine Corps who currently writes for Computerworld and CNN.com, covering national cyber-security issues and critical infrastructure protection. http://www.linuxsecurity.com/feature_stories/feature_story-150.html --- FEATURE: A Practical Approach of Stealthy Remote Administration This paper is written for those paranoid administrators who are looking for a stealthy technique of managing sensitive servers (like your enterprise firewall console or IDS). http://www.linuxsecurity.com/feature_stories/feature_story-149.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Creating Trustworthy Archives September 25th, 2003 The efficient and secure storage of business records is fundamental to the insurance industry. Since its conception, organisations and individuals providing insurance services have needed to retain critical records to ensure the successful operation of their business. http://www.linuxsecurity.com/articles/general_article-8007.html * Fit best practice with your security software September 25th, 2003 Companies are increasingly considering their security as world events cast doubt on their ability to deal with natural disaster, human error or malicious attack. Spending on security has reached record levels, and continues to climb as businesses seek to reassure shareholders and comply with standards and changing legal requirements. http://www.linuxsecurity.com/articles/server_security_article-8009.html * Linux Security: Good Enough September 25th, 2003 It's not that Linux is some bulletproof wonder of security. It's not. If you want an operating system that really been built from the ground up to be secure what you want is OpenBSD. The crew behind it has made safe, sane security job number one before Bill Gates could spell security if you spotted him the 's' and the 'y.' http://www.linuxsecurity.com/articles/host_security_article-8010.html +------------------------+ | Network Security News: | +------------------------+ * The dangers of strikeback September 25th, 2003 Who hasn't suffered from an cyberincursion and yearned to strike back at the attacker? Who didn't smile a little when the Nachi worm, which attempted to undo the damage caused by other worms, was released into the wild? "Strikeback" - actions taken by victims of cybercrime to hack the machines of their attackers - has been much discussed in the security community lately, and these links offers insight into the spectrum of that discussion. You'll learn that while striking back at attackers may be emotionally satisfying, this practice has any number of legal and ethical problems - and it may not even make the Internet much safer. http://www.linuxsecurity.com/articles/network_security_article-8012.html * Intrusion Prevention and Detection: Are They Just Missing the Point? September 25th, 2003 Organizations know they must protect themselves from the mysterious enemy that is a `hacker' and viruses such as LoveLetter, but often there is a misguided belief that these external threats are the main risks to businesses. There is still a fundamental lack of awareness, especially amongst small and medium-sized businesses, of the threat lurking within the organization and the technologies available to protect them. http://www.linuxsecurity.com/articles/intrusion_detection_article-8014.html * Exploring RSA Encryption in OpenSSL September 25th, 2003 When sending your credit card number through a public medium, such as the Internet, your financial credibility may be compromised if the number is not first encrypted. It is impossible to tell who may be listening in on your connection as you shop for new CDs or books. http://www.linuxsecurity.com/articles/cryptography_article-8015.html * Test your data recovery plan September 24th, 2003 Too many companies think they have disaster recovery measures in place, when in reality no one really knows whether they will work or how to implement them. The problem is that no one person is given the responsibility for disaster recovery, and therefore there is often no follow through. http://www.linuxsecurity.com/articles/server_security_article-8006.html * Kerberos Security September 23rd, 2003 Kerberos is a network authentication system that can help solve those two issues. It reduces the number of passwords each user has to memorize to use an entire network to one the Kerberos password. In addition, Kerberos incorporates encryption and message integrity to solve the second issue, ensuring that sensitive authentication data is never sent over the network in the clear. http://www.linuxsecurity.com/articles/server_security_article-7997.html * Comparison Review: Network Intrusion-Prevention Systems September 23rd, 2003 You've probably been on the receiving end of at least one NIP system vendor's marketing machine. We've certainly gotten a call or two. Although we were sure the promise of absolute protection against all attacks, known and unknown, was a bit much to hope for, we figured there had to be more to the claim than hot air. So we asked vendors to let us put their NIP devices to the test. http://www.linuxsecurity.com/articles/intrusion_detection_article-8000.html +------------------------+ | General Security News: | +------------------------+ * Will Security Professionals Get Promoted? September 26th, 2003 As CEOs turn to security professionals to protect the enterprise, it's about time some security professionals became top executives themselves. Security is finally becoming a primary IT job function. But does it mean that security professionals will be granted their own role in executive management? http://www.linuxsecurity.com/articles/organizations_events_article-8018.html * Attacks prompt shutdown of antispam lists September 26th, 2003 Three Web sites that provide spam-blocking lists have been forced offline as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails. http://www.linuxsecurity.com/articles/security_sources_article-8017.html * Report: Microsoft dominance poses security risk September 24th, 2003 A computer industry group critical of Microsoft plans to release a report on Wednesday arguing that the software giant's dominance in key technologies threatens national infrastructure. http://www.linuxsecurity.com/articles/general_article-8003.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 30 2003 - 06:13:49 PDT