+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 9th, 2004 Volume 5, Number 6n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Automating Security with GNU cfengine," "Secure programmer: Countering buffer overflows," and "Best Practices for Wireless Network Security." ---- >> Secure Mail Suite: Complete Corporate Email System << Easily configure a comprehensive and completely secure corporate email system for an entire organization. Integrated security and productivity features combine to create the perfect office messaging system. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn02 ---- LINUX ADVISORY WATCH: This week, advisories were released for perl, crawl, kernel, cvs, tcpdump, ethereal, mksnap_ffs, gaim, NetPBM, and mc. The distributors include Debian, Fedora, FreeBSD, Mandrake, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-8871.html ---- Introduction to Netwox and Interview with Creator Laurent Constantin In this article Duane Dunston gives a brief introduction to Netwox, a combination of over 130 network auditing tools. Also, Duane interviews Laurent Constantin, the creator of Netwox. http://www.linuxsecurity.com/feature_stories/feature_story-158.html -------------------------------------------------------------------- CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 -------------------------------------------------------------------- Managing Linux Security Effectively in 2004 This article examines the process of proper Linux security management in 2004. First, a system should be hardened and patched. Next, a security routine should be established to ensure that all new vulnerabilities are addressed. Linux security should be treated as an evolving process. http://www.linuxsecurity.com/feature_stories/feature_story-157.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Automating Security with GNU cfengine February 5th, 2004 Many years ago, I had a small revelation that I'm sure many of you have experienced yourselves. I realized that maintaining 10 systems requires a good bit more work than administering a single computer. But, it doesn't have to take that much more work--assuming the proper tools and methodologies are used. http://www.linuxsecurity.com/articles/host_security_article-8862.html * Securing a Unix Server February 5th, 2004 Particular examples of the specific commands and configuration options are presented and analyzed after their integrity has been tested and verified. Great consideration was given so that they can be clearly followed. The whole implementation was based on Linux and open source software. http://www.linuxsecurity.com/articles/host_security_article-8866.html * Secure programmer: Countering buffer overflows February 4th, 2004 This article discusses the top vulnerability in Linux/UNIX systems: buffer overflows. This article first explains what buffer overflows are and why they're both so common and so dangerous. It then discusses the new Linux and UNIX methods for broadly countering them -- and why these methods are not enough. http://www.linuxsecurity.com/articles/documentation_article-8858.html * DARPA-funded Linux security hub withers February 2nd, 2004 Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. http://www.linuxsecurity.com/articles/projects_article-8849.html +------------------------+ | Network Security News: | +------------------------+ * Unstrung Insider Analyzes Wireless Intrusion Detection and Prevention February 6th, 2004 The report -- "Intrusion Detection and Prevention for 802.11 Wireless LANs" -- has been published by Unstrung's wireless research service, Unstrung Insider, and provides detailed analysis of leading vendors and products in this rapidly developing market. http://www.linuxsecurity.com/articles/network_security_article-8872.html * Best Practices for Wireless Network Security February 6th, 2004 Wireless technology is dramatically changing the world of computing, creating new business opportunities but also increasing security risks. http://www.linuxsecurity.com/articles/network_security_article-8874.html * Using a layered security approach to achieve network integrity February 5th, 2004 For enterprises today, the network is where business takes place. Every department in an organization relies on the network for applications and for a growing share of communications, not only e-mail and instant messaging, but soon telephony as well. http://www.linuxsecurity.com/articles/network_security_article-8868.html * Intrusion detection for Linux a challenge February 2nd, 2004 SearchEnterpriseLinux.com's reporters got earful from exhibitors and visiting experts at last week's LinuxWorld Conference & Expo. We're choosing a few choice words from reporters' notebooks in our "LinuxWorld sound bites" series. http://www.linuxsecurity.com/articles/intrusion_detection_article-8846.html +------------------------+ | General Security News: | +------------------------+ * Common sense security February 6th, 2004 A few years back, I was working on getting investment into our business. We had big problems with the lawyer from the other side, who kept raising objections. The issue wasn't that her points were invalid; they just weren't material. In other words, they were unlikely to cause problems for their investor. http://www.linuxsecurity.com/articles/server_security_article-8870.html * Open Source: Swimming with the Tide February 6th, 2004 You may not know it, but somewhere in the recesses of your organization, a team of software developers is probably creating a critical application using one or more types of open source software. Perhaps it's Linux or Apache -- two of the most popular open source options widely deemed to be safe, or perhaps it's a little-known utility designed to track issues during the software process or provide strong cryptography for the Apache Web server. http://www.linuxsecurity.com/articles/general_article-8873.html * Is your risk management plan as good as it gets? February 5th, 2004 Not all security incidents can be prevented, nor is it cost-effective to try. Each control should be evaluated on its own merits prior to implementation. Issues to consider: direct costs, training, decreased system performance and public perception. http://www.linuxsecurity.com/articles/general_article-8865.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Feb 10 2004 - 06:05:52 PST