[ISN] Linux Security Week - October 20th 2003

From: InfoSec News (isn@private)
Date: Tue Oct 21 2003 - 03:10:38 PDT

  • Next message: InfoSec News: "[ISN] Motions Set in Technology Espionage Case"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  October 20th, 2003                            Volume 4, Number 42n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Incident
    Response Tools For Unix," "Transparent, Bridging and In-line Firewall
    Devices," "Roll Your Own Firewall with Netfilter," and "10 steps to a
    successful security policy."
    
    ---- >> FREE Apache SSL Guide from Thawte << ----
    
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
     Click Command:
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
    
    ---
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for glibc, tomcat4, sane, XFree86,
    sendmail, and openssl. The distributors include Conectiva, Debian,
    Mandrake, and NetBSD.
    
    http://www.linuxsecurity.com/articles/forums_article-8138.html
    
    
    EnGarde GDSN Subscription Price Reduction -
    Guardian Digital, the world's premier open source security company,
    announced today that they will be reducing the annual subscription cost of
    the Guardian Digital Secure Network for EnGarde Community users from $229
    to $60 for a limited time.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-151.html
    
    ---
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]-------------
    +---------------------+
    
    * Incident Response Tools For Unix, Part Two: File-System Tools
    October 17th, 2003
    
    This is the second article in a three part series on tools that are useful
    during incident response and investigation after a compromise has occurred
    on a Linux, OpenBSD, or Solaris system. The first article focused on
    system tools, this one focuses on file system tools, and the next article
    will discuss network and other tools.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-8140.html
    
    
    * Secure Coding: Principles & Practices
    October 17th, 2003
    
    The book consists of six chapters that closely follow a typical software
    development process or methodology known as the waterfall development
    methodology or Systems Development Lifecycle Model (SDLC) that includes
    the following phases: architecture definition, design, implementation,
    operations and finally automation and testing.
    
    http://www.linuxsecurity.com/articles/documentation_article-8145.html
    
    
    * Spam filtering with GNU/Linux, Postfix, procmail, and SpamAssassin
    October 15th, 2003
    
    With GNU/Linux and some new and old favorites you can reduce the amount of
    email spam your customers, employees, and personal mail readers receive.
    This step-by-step guide shows you how to install procmail and SpamAssassin
    and how to configure the Postfix mail transport agent to mark potential
    spam before it reaches your mail program.
    
    http://www.linuxsecurity.com/articles/documentation_article-8126.html
    
    
    * Can your systems really benefit from penetration testing?
    October 14th, 2003
    
    Something was wrong with the Web server. It was nearly 5:30 p.m., and no
    mail had been delivered for roughly an hour. When I logged on, I
    discovered that the disk partition dedicated to incoming e-mail was pegged
    at 102 percent of capacity.
    
    http://www.linuxsecurity.com/articles/network_security_article-8114.html
    
    
    * Linux and Unix Security Portable Reference
    October 13th, 2003
    
    The intended audience for this book is primarily IT professionals who have
    some experience in systems administration and security. The book is
    organized into logical sections: Part 1 deals with hacking techniques and
    defenses, Part 2 deals with host hardening, and Part 3 contains special
    topics. Each part is divided into chapters that follow a logical
    progression.
    
    http://www.linuxsecurity.com/articles/documentation_article-8112.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    
    * Attackers May Lurk Inside The Firewall
    October 17th, 2003
    
    Corporations should be as concerned about personal computers inside the
    network perimeter as those riding its boundary, warns Symantec's security
    team.  Vincent Weafer, senior director of Symantec Security Response, said
    cyber-attackers are shifting their efforts from outside the intranet
    boundary to inside.
    
    http://www.linuxsecurity.com/articles/security_sources_article-8139.html
    
    
    * Computer and Network Security Continues as Prime Concern
    October 16th, 2003
    
    Computer and network security risks continue to plague IT managers and
    network administrators as both the sheriffs and the outlaws of security
    are finding new ways to penetrate and defend IT assets. It is clear that
    security technologies, like other IT methodologies, are ever-evolving.
    
    http://www.linuxsecurity.com/articles/network_security_article-8131.html
    
    
    * Transparent, Bridging and In-line Firewall Devices
    October 16th, 2003
    
    There are many tools we use as network and security professionals to build
    a secure network. Routers, virtual private networks, intrusion detection
    systems and vulnerability scanners are regularly employed to tackle this
    challenging task. Many would agree that the foundation of such a defense
    is the firewall.
    
    http://www.linuxsecurity.com/articles/firewalls_article-8133.html
    
    
    * Intrusion detection should be a function, not a product
    October 15th, 2003
    
    Intrusion detection's permanent placement in the Trough of Disillusionment
    of the Gartner Hype Cycle for Information Security does not mean that it
    is obsolete. Intrusion detection should be incorporated into other
    products instead of being implemented as a stand-alone product.  In a
    recent report, "Hype Cycle for Information Security, 2003," Gartner stated
    that "intrusion detection systems are a market failure.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-8124.html
    
    
    * Security concerns hamper corporate Wi-Fi
    October 14th, 2003
    
    Firms that are unconvinced about the wisdom of installing an 802.11b
    network may find their employees decide to rectify the situation with a
    trip to Dixons The booming enthusiasm for wireless connectivity among
    office workers is proving a headache for IT managers.
    
    http://www.linuxsecurity.com/articles/network_security_article-8115.html
    
    
    * Roll Your Own Firewall with Netfilter
    October 13th, 2003
    
    Every self-respecting Linux guru should be familiar with firewalls and how
    to install and configure them. With this in mind, Linux gurus also should
    be curious about how firewalls function and how to build a firewall of his
    or her own.
    
    http://www.linuxsecurity.com/articles/firewalls_article-8110.html
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * A Tech Veteran's Security Warning
    October 18th, 2003
    
    Critical-infrastructure security was the main topic at the recent annual
    meeting of the International Information Systems Security Certification
    Consortium, known as (ISC). The consortium is a nonprofit agency dedicated
    to training and certifying security professionals.
    
    http://www.linuxsecurity.com/articles/forums_article-8146.html
    
    
    * The Bernstein Cryptography Case Is Dismissed
    October 17th, 2003
    
    This inconclusive ending of the Bernstein case is a consequence of the
    government's policy in cases where there are first amendment challenges to
    restrictions on the publication of software to claim that they have no
    intention of enforcing the law as it is written and thus getting the cases
    dismissed as moot.
    
    http://www.linuxsecurity.com/articles/cryptography_article-8144.html
    
    
    * 10 steps to a successful security policy
    October 15th, 2003
    
    There are two parts to any security policy. One deals with preventing
    external threats to maintain the integrity of the network. The second
    deals with reducing internal risks by defining appropriate use of network
    resources.
    
    http://www.linuxsecurity.com/articles/projects_article-8129.html
    
    
    * Improve awareness of security issues
    October 14th, 2003
    
    It's almost a cliche that end-user awareness of security issues is
    critical to keeping a company secure. But recent research from the Meta
    Group confirms it and offers suggestions for improving the situation.
    
    http://www.linuxsecurity.com/articles/general_article-8116.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Oct 21 2003 - 10:46:03 PDT