+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 20th, 2003 Volume 4, Number 42n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Incident Response Tools For Unix," "Transparent, Bridging and In-line Firewall Devices," "Roll Your Own Firewall with Netfilter," and "10 steps to a successful security policy." ---- >> FREE Apache SSL Guide from Thawte << ---- Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache --- LINUX ADVISORY WATCH: This week, advisories were released for glibc, tomcat4, sane, XFree86, sendmail, and openssl. The distributors include Conectiva, Debian, Mandrake, and NetBSD. http://www.linuxsecurity.com/articles/forums_article-8138.html EnGarde GDSN Subscription Price Reduction - Guardian Digital, the world's premier open source security company, announced today that they will be reducing the annual subscription cost of the Guardian Digital Secure Network for EnGarde Community users from $229 to $60 for a limited time. http://www.linuxsecurity.com/feature_stories/feature_story-151.html --- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Incident Response Tools For Unix, Part Two: File-System Tools October 17th, 2003 This is the second article in a three part series on tools that are useful during incident response and investigation after a compromise has occurred on a Linux, OpenBSD, or Solaris system. The first article focused on system tools, this one focuses on file system tools, and the next article will discuss network and other tools. http://www.linuxsecurity.com/articles/intrusion_detection_article-8140.html * Secure Coding: Principles & Practices October 17th, 2003 The book consists of six chapters that closely follow a typical software development process or methodology known as the waterfall development methodology or Systems Development Lifecycle Model (SDLC) that includes the following phases: architecture definition, design, implementation, operations and finally automation and testing. http://www.linuxsecurity.com/articles/documentation_article-8145.html * Spam filtering with GNU/Linux, Postfix, procmail, and SpamAssassin October 15th, 2003 With GNU/Linux and some new and old favorites you can reduce the amount of email spam your customers, employees, and personal mail readers receive. This step-by-step guide shows you how to install procmail and SpamAssassin and how to configure the Postfix mail transport agent to mark potential spam before it reaches your mail program. http://www.linuxsecurity.com/articles/documentation_article-8126.html * Can your systems really benefit from penetration testing? October 14th, 2003 Something was wrong with the Web server. It was nearly 5:30 p.m., and no mail had been delivered for roughly an hour. When I logged on, I discovered that the disk partition dedicated to incoming e-mail was pegged at 102 percent of capacity. http://www.linuxsecurity.com/articles/network_security_article-8114.html * Linux and Unix Security Portable Reference October 13th, 2003 The intended audience for this book is primarily IT professionals who have some experience in systems administration and security. The book is organized into logical sections: Part 1 deals with hacking techniques and defenses, Part 2 deals with host hardening, and Part 3 contains special topics. Each part is divided into chapters that follow a logical progression. http://www.linuxsecurity.com/articles/documentation_article-8112.html +------------------------+ | Network Security News: | +------------------------+ * Attackers May Lurk Inside The Firewall October 17th, 2003 Corporations should be as concerned about personal computers inside the network perimeter as those riding its boundary, warns Symantec's security team. Vincent Weafer, senior director of Symantec Security Response, said cyber-attackers are shifting their efforts from outside the intranet boundary to inside. http://www.linuxsecurity.com/articles/security_sources_article-8139.html * Computer and Network Security Continues as Prime Concern October 16th, 2003 Computer and network security risks continue to plague IT managers and network administrators as both the sheriffs and the outlaws of security are finding new ways to penetrate and defend IT assets. It is clear that security technologies, like other IT methodologies, are ever-evolving. http://www.linuxsecurity.com/articles/network_security_article-8131.html * Transparent, Bridging and In-line Firewall Devices October 16th, 2003 There are many tools we use as network and security professionals to build a secure network. Routers, virtual private networks, intrusion detection systems and vulnerability scanners are regularly employed to tackle this challenging task. Many would agree that the foundation of such a defense is the firewall. http://www.linuxsecurity.com/articles/firewalls_article-8133.html * Intrusion detection should be a function, not a product October 15th, 2003 Intrusion detection's permanent placement in the Trough of Disillusionment of the Gartner Hype Cycle for Information Security does not mean that it is obsolete. Intrusion detection should be incorporated into other products instead of being implemented as a stand-alone product. In a recent report, "Hype Cycle for Information Security, 2003," Gartner stated that "intrusion detection systems are a market failure. http://www.linuxsecurity.com/articles/intrusion_detection_article-8124.html * Security concerns hamper corporate Wi-Fi October 14th, 2003 Firms that are unconvinced about the wisdom of installing an 802.11b network may find their employees decide to rectify the situation with a trip to Dixons The booming enthusiasm for wireless connectivity among office workers is proving a headache for IT managers. http://www.linuxsecurity.com/articles/network_security_article-8115.html * Roll Your Own Firewall with Netfilter October 13th, 2003 Every self-respecting Linux guru should be familiar with firewalls and how to install and configure them. With this in mind, Linux gurus also should be curious about how firewalls function and how to build a firewall of his or her own. http://www.linuxsecurity.com/articles/firewalls_article-8110.html +------------------------+ | General Security News: | +------------------------+ * A Tech Veteran's Security Warning October 18th, 2003 Critical-infrastructure security was the main topic at the recent annual meeting of the International Information Systems Security Certification Consortium, known as (ISC). The consortium is a nonprofit agency dedicated to training and certifying security professionals. http://www.linuxsecurity.com/articles/forums_article-8146.html * The Bernstein Cryptography Case Is Dismissed October 17th, 2003 This inconclusive ending of the Bernstein case is a consequence of the government's policy in cases where there are first amendment challenges to restrictions on the publication of software to claim that they have no intention of enforcing the law as it is written and thus getting the cases dismissed as moot. http://www.linuxsecurity.com/articles/cryptography_article-8144.html * 10 steps to a successful security policy October 15th, 2003 There are two parts to any security policy. One deals with preventing external threats to maintain the integrity of the network. The second deals with reducing internal risks by defining appropriate use of network resources. http://www.linuxsecurity.com/articles/projects_article-8129.html * Improve awareness of security issues October 14th, 2003 It's almost a cliche that end-user awareness of security issues is critical to keeping a company secure. But recent research from the Meta Group confirms it and offers suggestions for improving the situation. http://www.linuxsecurity.com/articles/general_article-8116.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 21 2003 - 10:46:03 PDT