+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 26th, 2004 Volume 5, Number 17n | | | | Editorial Team: Dave Wreski dave@private | | Benjamin Thomas ben@private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Securing a Fresh Linux Install," "Securing The IP Telephony Perimeter," and "Your Next Mission-Critical Application." ---- >> Free Trial SSL Certificate from Thawte << Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate, a our easy online guide will show you how. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten04 ---- LINUX ADVISORY WATCH: This week, advisories were released for cvs, neon, perl, logcheck, kernel, iproute, xchat, ident2, utempter, cadaver, XChat, libneon, MySQL, samba, utempter, OpenSSL, tcp, IA64, XFree86, tcpdump, and xine. The distributors include Debian, Fedora, Gentoo, Mandrake, NetBSD, Red Hat, Slackware, and Trustix. http://www.linuxsecurity.com/articles/forums_article-9220.html ---- Guardian Digital Launches Next Generation Internet Defense & Detection System Guardian Digital has announced the first fully open source system designed to provide both intrusion detection and prevention functions. Guardian Digital Internet Defense & Detection System (IDDS) leverages best-in-class open source applications to protect networks and hosts using a unique multi-layered approach coupled with the security expertise and ongoing security vigilance provided by Guardian Digital. http://www.linuxsecurity.com/feature_stories/feature_story-163.html ---- >> Bulletproof Virus Protection << Protect your network from costly security breaches with Guardian Digital's multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04 -------------------------------------------------------------------- Interview with Siem Korteweg: System Configuration Collector In this interview we learn how the System Configuration Collector (SCC) project began, how the software works, why Siem chose to make it open source, and information on future developments. http://www.linuxsecurity.com/feature_stories/feature_story-162.html ---- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Host Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Reducing Spam April 23rd, 2004 Spam is a common, and often frustrating, side effect to having an email account. Although you will probably not be able to eliminate it, there are ways to reduce it. http://www.linuxsecurity.com/articles/privacy_article-9224.html * Securing a fresh Linux install, part 3 April 22nd, 2004 Telnet transmits information, including passwords, in plain text, which can easily be intercepted and read. SSH performs much the same task as Telnet, but it does so through an encrypted tunnel and is therefore much more secure. http://www.linuxsecurity.com/articles/documentation_article-9218.html * STAT Scanner 5.27 Reviewed April 21st, 2004 A security scanner is one of the most important software titles in a network administrator's toolbox so naturally I was happy to try out a new one. When I got Harris Corporation's STAT Scanner I noticed that it is the first vulnerability assessment scanner to receive Common Criteria certification, a rigorous international standard for information technology security evaluation and certification. http://www.linuxsecurity.com/articles/host_security_article-9210.html * Securing a Fresh Linux Install April 21st, 2004 Most Linux distros provide a wide variety of server applications, and many network-aware apps are enabled by default when you install the operating system. Before you put your new Linux machine online, there are a number of steps you should take to make your network secure. Use these tips every time you perform a fresh install; none of these steps will help to secure a machine that has already been compromised. http://www.linuxsecurity.com/articles/host_security_article-9208.html +------------------------+ | Network Security News: | +------------------------+ * Installing Nessus 2.0 on SuSE 9.0 Pro with KDE 3.1 April 23rd, 2004 The following is a simple how-to guide for installing the Nessus vulnerability scanner, server daemon, and client on SuSE Linux. The instructions do not include in depth explanations as it is assumed that you are familiar with features and benefits of Nessus and have a general working knowledge of Linux. http://www.linuxsecurity.com/articles/documentation_article-9223.html * HNS Learning Session: Session Hijacking Explained April 22nd, 2004 For the first learning session on Help Net Security, we've got Caleb Sima, SPI Dynamics CTO and co-founder, discussing session hijacking attacks. While session hijacking can be applied to a lot of areas, this learning session is concentrated to the attacks on web applications. http://www.linuxsecurity.com/articles/network_security_article-9216.html * Securing The IP Telephony Perimeter April 22nd, 2004 Networking battles never die; they just move to another layer in the OSI stack. That networking adage is as true with IP telephony security devices today as it was years ago with bridges and routers. http://www.linuxsecurity.com/articles/network_security_article-9215.html * Vulnerability Issues in TCP April 20th, 2004 Almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar. The organizers of the conference Infosecurity Europe 2004 plans to announce on Tuesday that they surveyed office workers at Liverpool Street Station in England, and found that 71 percent were willing to part with their password for a chocolate bar. http://www.linuxsecurity.com/articles/network_security_article-9205.html +------------------------+ | General Security News: | +------------------------+ * Your Next Mission-Critical Application April 23rd, 2004 Emerging regulations require that businesses save virtually all e-mail. The results can be overwhelming-that is, unless you have the right intelligent management solution. http://www.linuxsecurity.com/articles/host_security_article-9222.html * Security holes force firms to rethink coding processes April 23rd, 2004 Microsoft's issuance last week of 14 security patches raised fears that worm-based attacks would follow and sparked discussion on how to better build code. http://www.linuxsecurity.com/articles/general_article-9225.html * "Subversive Software" - O'Dowd's Linux Security Controversy Continues April 19th, 2004 "There are plans to rely on Linux to control our most advanced future defense systems," writes Dan O'Dowd this morning, referring to systems such as the Army's Future Combat Systems (FCS), the Joint Tactical Radio System (JTRS), and the Global Information Grid (GIG). http://www.linuxsecurity.com/articles/general_article-9198.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Tue Apr 27 2004 - 06:39:50 PDT