[ISN] Linux Security Week - June 7th 2004

From: InfoSec News (isn@private)
Date: Mon Jun 07 2004 - 23:52:49 PDT

  • Next message: InfoSec News: "[ISN] Experts Call for Raising Awareness About IT Security"

    +---------------------------------------------------------------------+
    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  June 7th, 2004                                Volume 5, Number 23n |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             dave@private    |
    |                   Benjamin Thomas         ben@private     |
    +---------------------------------------------------------------------+
    
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    
    This week, perhaps the most interesting articles include "Multiple
    Security Roles With Unix/Linux," "What Exactly Is Computer Forensics," and
    "Six Ways to Justify Security Training."
    
    ----
    
    >> Bulletproof Virus Protection <<
    
    Protect your network from costly security breaches with Guardian Digital's
    multi-faceted security applications.  More then just an email firewall, on
    demand and scheduled scanning detects and disinfects viruses found on the
    network.
    
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04
    
    ----
    
    LINUX ADVISORY WATCH:
    This week, advisories were released for mailman, kde, MySQL, mc,
    Apache, Heimdal, utempter, and LHA. The    distributors include
    Conectiva, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE.
    
    http://www.linuxsecurity.com/articles/forums_article-13.html
    
    ----
    
    Linux and National Security
    
    As the open source industry grows and becomes more widely accepted, the
    use of Linux as a secure operating system is becoming a prominent choice
    among corporations, educational institutions and government sectors.
    With national security concerns at an all time high, the question remains:
    Is Linux secure enough to successfully operate the government and
    military's most critical IT applications?
    
    http://www.linuxsecurity.com/feature_stories/feature_story-165.html
    
    ----
    
    Guardian Digital Security Solutions Win Out At Real World Linux
    
    Enterprise Email and Small Business Solutions Impres at Linux Exposition.
    Internet and network security was a consistent theme and Guardian Digital
    was on hand with innovative solutions to the most common security issues.
    Attending to the growing concern for cost-effective security, Guardian
    Digital's enterprise and small business applications were stand-out
    successes.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-164.html
    
    ----
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------+
    | Host Security News: | <<-----[ Articles This Week ]----------
    +---------------------+
    
    * Multiple Security Roles With Unix/Linux
    June 4th, 2004
    
    After the reception my last column regarding the security criticism I
    heaped on Unix and Linux vendors who are pursuing end-user desktops, I
    thought I would outline some of the areas where I think Linux and Unix
    already have strong wins.
    
    http://www.linuxsecurity.com/articles/network_security_article-14.html
    
    
    * What Exactly Is Computer Forensics?
    June 3rd, 2004
    
    Computer forensics involves the preservation, identification, extraction,
    documentation and interpretation of computer data. It is often more of an
    art than a science, but as in any discipline, computer forensic
    specialists follow clear, well-defined methodologies and procedures, and
    flexibility is expected and encouraged when encountering the unusual.
    
    http://www.linuxsecurity.com/articles/network_security_article-10.html
    
    
    * Data Security Debacle
    June 2nd, 2004
    
    There is a saying in IT that the only truly secure computer is one that's
    turned off. Because this isn't practical or feasible, data security
    becomes yet another unavoidable part of doing business in today's wired
    world. Simply put, data security is the protection of data from
    unauthorized, accidental, or deliberate modification, destruction, or
    disclosure.
    
    http://www.linuxsecurity.com/articles/network_security_article-4.html
    
    
    * From exposition to exploit: One security book's story
    June 2nd, 2004
    
    Even prior to its release in May, The Shellcoder's Handbook: Discovering
    and Exploiting Security Holes drew attention to the exploitive nature of
    the narrative. In a series of e-mail exchanges, lead author Jack Koziol
    explains the motive behind this how-to for hackers and what's happened
    since it hit bookshelves.
    
    http://www.linuxsecurity.com/articles/documentation_article-3.html
    
    
    
    +------------------------+
    | Network Security News: |
    +------------------------+
    
    * Double Snorting
    June 3rd, 2004
    
    Snort is a GPLed, Network Intrusion Detection System (NIDS) that runs on
    Linux and Win32. A NIDS monitors the network, looking for hostile traffic.
    Basically it scans all traffic on a network interface, not just its own
    host's, comparing it to rules describing the signatures of known attacks.
    
    http://www.linuxsecurity.com/articles/network_security_article-8.html
    
    
    
    +------------------------+
    | General Security News: |
    +------------------------+
    
    * How Much Should You Invest in IT Security?
    June 4th, 2004
    
    One of the main concerns of the organizers of the Olympic Games to be held
    in Athens this summer is security, but not only physical security,
    computer security as well. The emphasis placed on avoiding problems with
    the computers that will manage huge amounts of data during the games will
    be proportional to the magnitude of this global event.
    
    http://www.linuxsecurity.com/articles/general_article-12.html
    
    
    * Early Alerting - The Key To Proactive Security
    June 3rd, 2004
    
    The security challenges facing today's enterprise networks are
    intensifying -- both in frequency and number. The Blaster worm arrived
    just 26 days after Microsoft disclosed an RPC DCOM Windows flaw and
    released a patch for vulnerable systems. The worm took advantage of what
    some security experts have called the most widespread Windows flaw ever.
    For a time, Blaster was infecting as many as 2,500 computers per hour.
    
    http://www.linuxsecurity.com/articles/intrusion_detection_article-11.html
    
    
    * Six ways to justify security training
    June 1st, 2004
    
    A few days ago, a reader asked if I could help him justify the cost of
    security training that he and his fellow Unix system administrators felt
    they needed.
    
    http://www.linuxsecurity.com/articles/network_security_article-9363.html
    
    
    * When encryption can be misleading
    June 1st, 2004
    
    The trust that encryption generates can be deceptive, one researcher, a
    regular poster to the full-disclosure vulnerability mailing list, has
    discovered.
    
    http://www.linuxsecurity.com/articles/cryptography_article-9362.html
    
    
    * FDIC info security lacking, GAO finds
    June 1st, 2004
    
    Weaknesses in the Federal Deposit Insurance Corp.'s information systems
    place sensitive information at risk of unauthorized disclosure, disruption
    of operations or loss of assets, according to the General Accounting
    Office.
    
    http://www.linuxsecurity.com/articles/government_article-1.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Tue Jun 08 2004 - 01:27:29 PDT