+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 16th, 2004 Volume 5, Number 7n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Choosing and Protecting Passwords," "Safely Creating Temporary Files in Shell Scripts," and "The Information Security Process." ---- >> Internet Productivity Suite: Open Source Security << Trust Internet Productivity Suites open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn08 ---- LINUX ADVISORY WATCH: This week, advisories were released for vim, gaim, mailman, cgiemail, PHP, XFree86, monkeyd, gallery, mutt, netpbm, kernel, IPv6, and NetPBM. The distributors include Conectiva, Debian, Gentoo, Mandrake, OpenBSD, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-8903.html ---- Guardian Digital Launches Next Generation EnGarde Secure Linux Guardian Digital, Inc., the world's premier open source security company, announced an update to the next generation, award-winning platform that delivers features designed to ease the process of building a complete Internet presence and the level of security necessary to prevent system compromise. EnGarde Secure Linux leverages the best open source applications available to provide secure Internet connectivity, user privacy, Web and email functions, and intrusion detection. http://www.linuxsecurity.com/feature_stories/feature_story-159.html -------------------------------------------------------------------- Introduction to Netwox and Interview with Creator Laurent Constantin In this article Duane Dunston gives a brief introduction to Netwox, a combination of over 130 network auditing tools. Also, Duane interviews Laurent Constantin, the creator of Netwox. http://www.linuxsecurity.com/feature_stories/feature_story-158.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Security-Enhanced Linux provides a locked down OS February 13th, 2004 Normal Linux system security relies on the kernel and the dependencies created through the setuid/setgid binaries. Under the conventional security mechanism, an exploit of a flaw with any privileged application, configuration, or process running usually leads to a total system compromise. This problem is consistent with most modern operating systems due to their complexity and interoperability with other applications. http://www.linuxsecurity.com/articles/host_security_article-8904.html * Choosing and Protecting Passwords February 12th, 2004 There are several programs attackers can use to help guess or "crack" passwords, but by choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information. http://www.linuxsecurity.com/articles/documentation_article-8900.html * Guardian Digital Launches Next Generation EnGarde Secure Linux February 10th, 2004 Guardian Digital, Inc., the world's premier open source security company, today announced an update to the next generation, award-winning platform that delivers features designed to ease the process of building a complete Internet presence and the level of security necessary to prevent system compromise. http://www.linuxsecurity.com/articles/projects_article-8882.html * Safely Creating Temporary Files in Shell Scripts February 10th, 2004 This paper discusses how a programmer can write shell scripts that securely create temporary files in world/group writable directories. After explaining why it is important to be careful with temporary files I give some hints on how to identify and fix vulnerable shell scripts. This paper concentrates on how things are done. http://www.linuxsecurity.com/articles/documentation_article-8886.html +------------------------+ | Network Security News: | +------------------------+ * SSL VPNs - You Can't Afford to Ignore Them February 12th, 2004 Amidst the cacophony about VPNs and whether IPsec or SSL is the better solution, and which vendor has done the most to satisfy the journalists and analysts, one "minor" issue seems to be falling by the wayside - You the user - Irrelevant maybe to most vendors, but nevertheless a problem they need to resolve in order to achieve those quarterlies! http://www.linuxsecurity.com/articles/network_security_article-8898.html * Network security specialists seek seamless defense February 11th, 2004 Day and night, the war of attrition rages in the beleaguered world of network security. Defenders throw up firewalls, download patches, and scramble to fend off the hundreds of thousands of attempted intrusions into worldwide enterprise data. http://www.linuxsecurity.com/articles/network_security_article-8889.html * Updated: fwall 1.4-6rc1 February 11th, 2004 fwall is a simple user-friendly firewall script for iptables. It is based on bash. It includes a configuration for 1-2 interfaces, port forwarding, DoS protection, and so on. http://www.linuxsecurity.com/articles/firewalls_article-8894.html * Book Review: Securing Wireless LANs February 10th, 2004 A couple of days ago the WI-FI Alliance finally announced that after almost one year of detailed testing, more than 175 products from some of the leading wireless manufacturers, received WPA certifications. The majority of wireless users won't immediately buy the new hardware, so they are stuck with the equipment they are currently using. The current state of wireless security is the topic of the book I'm taking a look at this time. http://www.linuxsecurity.com/articles/documentation_article-8885.html +------------------------+ | General Security News: | +------------------------+ * New Computer Security Incident Handling Guide from NIST.gov February 15th, 2004 There's a new version of the Computer Security Incident Handling Guide from NIST (Jan 2004). The guide (148 pages, 2.8MB) covers the complete range of the Incident Handling process and includes chapters about: organizing an Incident Response Capability, handling an actual Incident, handling Denial of Service Incidents, handling Malicious Code Incidents, handling Inappropriate Usage Incidents, and much more. It also features checklists, FAQs and other resources. http://www.linuxsecurity.com/articles/documentation_article-8910.html * Linux v2.6 Scales the Enterprise February 13th, 2004 Other goodies in the v2.6 kernel include integrated IPSec support, with the inclusion of the Kame Project; enhanced support for network file systems, including support for mounting Novell NetWare shares; initial NFSv4 (Network File System Version 4) support; and performance and compatibility enhancements with SMB (Server Message Block) shares, including support for CIFS (Common Internet File System). http://www.linuxsecurity.com/articles/server_security_article-8908.html * The Information Security Process February 12th, 2004 A key element that isn't always spelled out, but is vital to the process is the Business Decision. This is really the intersection point between Risk Management and Information Security practices. Inherent in risk management is weighing cost vs. benefit. Unfortunately, in the real world, this important step is frequently performed by either a business decision maker unequipped to understand the technical risks or by IT personnel unequipped to understand the bottom line. http://www.linuxsecurity.com/articles/general_article-8897.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Feb 17 2004 - 09:16:18 PST