+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 12th, 2004 Volume 5, Number 2n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Syscheck: a new OS file integrity checker," "Book Review: The Effective Incident Response Team," and "Managing the Network Security Challenge." LINUX ADVISORY WATCH: This week, advisories were released for the Linux kernel, lftp, ethereal, screen, BIND, libnids, mpg321, nd, jabber, zebra, fsp, and vbox3. The distributors include Conectiva, Debian, Guardian Digital EnGarde Secure Linux, Fedora, Immunix, Mandrake, Openwall, Red Hat, Slackware, SuSE, Trustix, and Turbolinux. http://www.linuxsecurity.com/articles/forums_article-8734.html --- Managing Linux Security Effectively in 2004 This article examines the process of proper Linux security management in 2004. First, a system should be hardened and patched. Next, a security routine should be established to ensure that all new vulnerabilities are addressed. Linux security should be treated as an evolving process. http://www.linuxsecurity.com/feature_stories/feature_story-157.html --- Guardian Digital Customers Protected From Linux Kernel Vulnerability As a result of the planning and secure design of EnGarde Secure Linux, the company's flagship product, Guardian Digital customers are securely protected from a vulnerability that lead to the complete compromise of several high-profile open source projects, including those belonging to the Debian Project. http://www.linuxsecurity.com/feature_stories/feature_story-155.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Security flaws force Linux kernel upgrade January 8th, 2004 Open-source developers released a new version of the Linux kernel Monday in a move aimed at quickly fixing several bugs--among them two serious security flaws. The 2.4.24 upgrade to the Linux kernel comes a month after the release of the previous version of the core system software and only includes patches for six software issues, including the two flaws. http://www.linuxsecurity.com/articles/host_security_article-8732.html * Linux kernel security vuln fixed January 7th, 2004 Polish security outfit iSEC, which discovered the vuln, warns that "proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access". http://www.linuxsecurity.com/articles/host_security_article-8703.html * The wrong way to upgrade your RPMs January 6th, 2004 Most Linux distributions use the RPM[1] format for their software packages. RPMs are managed by the rpm program, which typically lives at /usr/bin/rpm.[2] http://www.linuxsecurity.com/articles/documentation_article-8691.html * Syscheck: a new OS file integrity checker January 6th, 2004 Syscheck is an Open Source software that checks your files, specially binaries and configuration files, to see what has changed on your system. http://www.linuxsecurity.com/articles/projects_article-8689.html * The mysteriously persistently exploitable program explained January 5th, 2004 In a previous article I described a machine compromise that initially would seemed to have been impossible. A vulnerable suid root program, /usr/sbin/buggy, was upgraded to a non vulnerable version, and yet crackers still were exploiting it. In fact, even after the program was removed entirely, it was still being exploited. http://www.linuxsecurity.com/articles/host_security_article-8679.html +------------------------+ | Network Security News: | +------------------------+ * Improving Passive Packet Capture: Beyond Device Polling January 9th, 2004 Passive packet capture is necessary for many activities including network debugging and monitoring. With the advent of fast gigabit networks, packet capture is becoming a problem even on PCs due to the poor performance of popular OSs. The introduction of device polling has improved the capture process quite a bit but not really solved the problem. http://www.linuxsecurity.com/articles/network_security_article-8735.html * Book Review: The Effective Incident Response Team January 8th, 2004 With every year that passes it seems that the amount of computer security incidents is bigger than ever, yet it's obvious there's more security awareness. As the incidents increased in severity it was a natural step for organizations to form an incident response team or hire a team to respond to those incidents. It's much easier to be prepared than to have to clean up after the damage has been done. http://www.linuxsecurity.com/articles/documentation_article-8730.html * Ease the security burden with a central logging server January 7th, 2004 Every network device on your network has some type of logging capability. Switches and routers are extremely proficient in logging network events. Your organization's security policy should specify some level of logging for all network devices. http://www.linuxsecurity.com/articles/server_security_article-8704.html * Managing the Network Security Challange January 6th, 2004 For university information technology departments, a balancing act can be challenging. University computer networks are an essential component of university operations. Yet, they are often large, heterogeneous, open, and used by thousands of individuals whose computing habits and expertise are largely unknown. http://www.linuxsecurity.com/articles/network_security_article-8687.html * NMAP Grepable Output January 5th, 2004 One of the often overlooked and underused output methods of nmap is the grepable or "machine" output. This output places all results for a single host on a single line, making it easier to use with other command line tools, like grep and awk. It also makes it easier to use when scripting. http://www.linuxsecurity.com/articles/documentation_article-8682.html +------------------------+ | General Security News: | +------------------------+ * School District Gives Linux Security Technology High Grades January 9th, 2004 As any corporate IT administrator knows, network security is no longer a luxury, but a necessity. If your network is not secure, not only do you risk losing valuable corporate information, but you also run the risk of being liable if your network is used to disrupt other sites, as with Distributed Denial of Service (DDoS) attacks. http://www.linuxsecurity.com/articles/government_article-8736.html * Don't take passwords to the grave January 8th, 2004 As an ambulance whisked Jon Hansen to the hospital last year, he held tightly to his wife's hand and told her things she needed to know if he were to die. "Write down this password," he told her. "Oh, you'll need this one, too. And you don't have this one, either." http://www.linuxsecurity.com/articles/general_article-8733.html * A 90-Day Plan For Developing A Security Management Strategy January 7th, 2004 True cybersecurity requires that financial, IT, and operational managers from across the enterprise--and outside it--come together to assess and guard against their company's most serious risk and exposures. Here's how to get started. http://www.linuxsecurity.com/articles/network_security_article-8706.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jan 13 2004 - 05:37:22 PST