+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 26th, 2004 Volume 5, Number 4n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "An Introduction To SQL Injection Attacks For Oracle Developers," "Linux as a Firewall Foundation," "Problems and Challenges with Honeypots," and "Extrusion or Intrusion." >> Enterprise Security for the Small Business << Never before has a small business productivity solution been designed with such robust security features. Engineered with security as a main focus, the Guardian Digital Internet Productivity Suite is the cost-effective solution small businesses have been waiting for. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn07 --- LINUX ADVISORY WATCH: This week, advisories were released for cvs, screen, kdepim, mc, tcpdump, kernel, slocate, honeyd, isakmpd, and lftp. The distributors include Conectiva, Debian, Guardian Digital EnGarde Secure Linux, Gentoo, OpenBSD, Red Hat, Trustix, and Turbolinux. http://www.linuxsecurity.com/articles/forums_article-8802.html --- Managing Linux Security Effectively in 2004 This article examines the process of proper Linux security management in 2004. First, a system should be hardened and patched. Next, a security routine should be established to ensure that all new vulnerabilities are addressed. Linux security should be treated as an evolving process. http://www.linuxsecurity.com/feature_stories/feature_story-157.html --- Guardian Digital Customers Protected From Linux Kernel Vulnerability As a result of the planning and secure design of EnGarde Secure Linux, the company's flagship product, Guardian Digital customers are securely protected from a vulnerability that lead to the complete compromise of several high-profile open source projects, including those belonging to the Debian Project. http://www.linuxsecurity.com/feature_stories/feature_story-155.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Security group warns of hole in Linux kernel January 23rd, 2004 The kernel is the core of the Linux operating system and provides basic services for all other parts of the operating system such as allocating processor time for the programs running on the computer and managing the system's memory or storage. http://www.linuxsecurity.com/articles/host_security_article-8804.html * An Introduction To SQL Injection Attacks For Oracle Developers January 23rd, 2004 Most application developers underestimate the risk of SQL injection attacks against web applications that use Oracle as the back-end database. This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable. http://www.linuxsecurity.com/articles/server_security_article-8807.html * Linux beefs up standards January 20th, 2004 Red Hat corporate Linux distributors will next month introduce their Enterprise Directory Services and Authentication course to Australia. By all accounts, the skills it seeks to impart, in conjunction with others in the Red Hat Certified Engineer (RHCE) program, are going to be in increasing demand. http://www.linuxsecurity.com/articles/general_article-8789.html * Standardizing on Security January 19th, 2004 Things that are created in an open fashion tend to be the best of breed. They benefit from the entire world seeing them at their most basic level, and parties collaborating to enhance them and make them better. Open technology is an example of this. http://www.linuxsecurity.com/articles/general_article-8781.html +------------------------+ | Network Security News: | +------------------------+ * Book Review: Designing Network Security - 2nd Edition January 25th, 2004 This is a very good book. It provides a good foundation of basic universal security practice and then goes into detail on how to implement network security using Cisco hardware and software. No single aspect is covered in exceptional depth- the book is meant to give a little information on the whole range of security rather than mastering any one area of network security. http://www.linuxsecurity.com/articles/network_security_article-8808.html * Security by Obscurity January 23rd, 2004 A response by Bob Alberti, CISSP President of Sanction, Inc. to MSNBC's report by Brock N. Meeks titled "Fort N.O.C.'s" [Network Operating Center]. Ah yes, "Security by obscurity": "Many people believe that 'security through obscurity' is flawed because... secrets are hard to keep." http://www.linuxsecurity.com/articles/general_article-8805.html * Linux as a Firewall Foundation January 23rd, 2004 For a few days in NYC, LinuxWorld is the center of the open source universe. In keeping with that spirit, we examine some AO member recommendations on firewalls based on the open-source OS. Whether it's used to power complex datacenters or breathe new life into aging machines, Linux has undoubtedly established itself as a formidable IT presence. http://www.linuxsecurity.com/articles/firewalls_article-8801.html * Wireless Security Basics January 22nd, 2004 You've just bought a wireless router so you can use your laptop all over the house. You get it all setup and surprise, surprise it works. Now that should be the end of it right? Wrong. The default setup for wireless networks is setup to get the network up and running but does nothing to protect your network. http://www.linuxsecurity.com/articles/network_security_article-8796.html * Extrusion or Intrusion - which is the real threat? January 20th, 2004 In the hit-parade of security technology buzz words, Anti-virus and IDS (Intrusion Detection Systems) are in the top 5. After all, there are a lot of bad guys out there writing worms and trying to break in. http://www.linuxsecurity.com/articles/intrusion_detection_article-8783.html * Problems and Challenges with Honeypots January 20th, 2004 For the past 18 months we have seen a tremendous growth in honeypot technologies. Everything from OpenSource solutions such as Honeyd and Honeynets, to commercial offerings such as KFSensor are commonly available. However, as with any relatively new technology, there are still many challenges and problems. In this paper we take an overview of what several of these problems are, and look at possible approaches on how to solve them. http://www.linuxsecurity.com/articles/intrusion_detection_article-8788.html +------------------------+ | General Security News: | +------------------------+ * How to hit an elliptic curveball January 23rd, 2004 It was at the end of an IT security event hosted by the Canadian Advanced Technology Alliance last October that someone called to Ian McKinnon from the back of the room. His cheeks flushed and eyes beaming, he approached somewhat awkwardly, nervously, as though he was slightly out of breath. http://www.linuxsecurity.com/articles/cryptography_article-8806.html * Code That Can't Be Cracked January 21st, 2004 Want to win a million bucks and a high-paying job for life? That's what Mississauga-based Certicom Corp. is offering anyone who can crack the code to its products and patents surrounding Elliptic Curve Cryptology (ECC) -- a combination of algebra and algorithms that ensure everything from cellphone chatter to wireless e-mail sent and received on an Internet-enabled phone or a Blackberry PDA can't be hacked. http://www.linuxsecurity.com/articles/cryptography_article-8791.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jan 27 2004 - 12:34:38 PST