Information Security News mailing list archives
Linux Security Week - February 19th 2001
From: newsletter-admins () linuxsecurity com
Date: Mon, 19 Feb 2001 00:24:20 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 19th, 2001 Volume 2, Number 8n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. If you still haven't set up an intrusion detection system, this may be your issue. A few good articles were released to help you with that task. Some of them include "Intrusion Detection Systems, Part IV: Logcheck," "Monitoring Unix Logins," and "monitord - Network Security Monitor" Other articles covering simlar topics are also included. Linux Kernel 2.4 Firewalling Matures: netfilter In yet another set of advancements to the kernel IP packet filtering code, netfilter allows users to set up, maintain, and inspect the packet filtering rules in the new 2.4 kernel. This document explains those changes and tips on how to get started. http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html This week, advisories were released for sysctl(), OpenSSH, proftpd, xfree86-1, libkrb, and bind. The vendors include Debian, FreeBSD, LinuxPPC, Mandrake, NetBSD, Red Hat, Smoothwall, and Trustix. http://www.linuxsecurity.com/articles/forums_article-2519.html # FREE SECURITY BOOKS # Guardian Digital has just announced an offer for 2 free security books with the purchase of any secure Linux Lockbox. The Lockbox is an Open Source network server appliance engineered to be a complete secure e-business solution. It can be used as a commerce server, web server, DNS, mail, and database server. Please see Guardian Digital's website for details. http://www.guardiandigital.com/bookoffer.html HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Avoiding security holes when developing an application - Part 1 February 18th, 2001 This article is the first one in a series about the main security holes that can usually to appear within an application. Along these articles, we'll show the ways to avoid them by changing a little the development habits. It doesn't take more than two weeks before a major application, part of most Linux distributions, presents a security hole, allowing, for instance, a local user to become root. http://www.linuxsecurity.com/articles/server_security_article-2530.html * Monitoring Unix Logins February 16th, 2001 In today's article, I'd like to take a look at utmp, wtmp, and lastlog. These three files are read and updated whenever a user logs in to your FreeBSD system. However, you can't read these files directly, so we'll also look at the various utilities you can use to garner the information contained within these files. http://www.linuxsecurity.com/articles/host_security_article-2520.html * Netfilter for IP Masquerade February 15th, 2001 As of 2.4, ipchains is a thing of the past. The replacement for ipchains is Netfilter's iptables. What does this mean to the end user? Typically it means little beyond the fact that suddenly their ipmasq script doesn't work. So, for starters let's get into setting up ipmasq under 2.4.x kernels. Connection tracking is a new feature of netfilter that allows you to accept or deny a packet based on the state of the connection rather than the strict allow/deny of ipchains. NAT of course stands for Network Address Translation, the key feature behind IP Masquerade. The other entries in this menu are optional, enable them as you please and recompile the kernel if needed. http://www.linuxsecurity.com/articles/firewalls_article-2513.html * Intrusion Detection Systems, Part IV: Logcheck February 15th, 2001 The last in this four part series on IDS, looks at Logcheck: a software package that is designed to automatically run and check system log files for security violations and unusual activity. In the last three articles in this series, we looked at the concept of an Intrusion Detection System (IDS) and its implementation on your network. We discussed some of the top-notch tools like Tripwire and Snort, that you could use as your Swiss army knife in detecting intrusions into your network. http://www.linuxsecurity.com/articles/intrusion_detection_article-2509.html * Securing BSD Daemons February 13th, 2001 Let's continue where we left off by taking a closer look at /etc/inetd.conf. Remember that inetd is the internet super-server which listens for requests on behalf of other daemons; it reads /etc/inetd.conf to determine which ports you wish it to listen on. http://www.linuxsecurity.com/articles/server_security_article-2490.html +------------------------+ | Network Security News: | +------------------------+ * Artificial Intelligence to detect Intrusions February 17th, 2001 This site, in German, talks about an artificial intelligence project to detect intrusions. "Electronic intrusion detection is much trickier than human intrusion detection. Humans can search for the intruder by opening doors, looking into closets, etc. The intruder cannot turn into a company's General Manager or turn into a copy machine all of a sudden (spoofing or trojan horse). http://www.linuxsecurity.com/articles/intrusion_detection_article-2529.html * Jay Beale: Education Is Primary Defense for Secure Machines February 16th, 2001 It was with no small amount of irony that Jay Beale, lead developer for Bastille Linux, was hired by MandrakeSoft last Fall to help the French Linux company bolster the security of its Linux-Mandrake distribution. Now, after a few months in the employ of MandrakeSoft, Beale has some definite ideas about how he will be securing Linux-Mandrake and all of the other Linux distributions as well. http://www.linuxsecurity.com/articles/forums_article-2524.html * monitord - Network Security Monitor February 15th, 2001 A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface. The main purpose of this project is to build a lightweight (and possibly distributed) network security monitor, designed for TCP/IP+Ethernet LANs. http://www.linuxsecurity.com/articles/intrusion_detection_article-2510.html * Secure Remote Log Servers Using SCP February 14th, 2001 A few months ago, I challenged myself with a problem. I wanted to implement centralized system logging that would securely store logs in a location that would prevent any tampering or mischief. http://www.linuxsecurity.com/articles/network_security_article-2501.html * Linux Intrusion Detection Poster February 14th, 2001 SysAdmin Magazine has the contents of their recent Linux Intrusion Detection Poster available online. "No matter how security minded you are, no matter how many updates and patches you apply, there's always a chance that someone will crack one of your systems. It's an unpleasant reality, but it's a fact: no system is 100% secure unless it's turned off, but how useful is that? http://www.linuxsecurity.com/articles/intrusion_detection_article-2505.html +------------------------+ | Cryptography News: | +------------------------+ * Name change doesn't impress Carnivore's critics February 15th, 2001 The FBI's name change for its Internet wiretapping program, from Carnivore to DCS1000, wasn't the alteration one of the application's most vocal critics wanted to see. "The only thing we've seen come out of the FBI or the Justice Department is the new name, which is a matter of public relations more than anything else," David Sobel, general counsel of the Electronic Privacy Information Center. "But I haven't seen any changes that are a response to the criticisms of Carnivore. http://www.linuxsecurity.com/articles/privacy_article-2514.html * Crypto-Gram February 15th, 2001 February 15th, 2001 Though more smart cards are in use in the United States than ever before, experts now say the technology may take at least four years to permeate the business or consumer sectors here and attain similar status as the ever-popular credit card. http://www.linuxsecurity.com/articles/cryptography_article-2515.html +------------------------+ | General News: | +------------------------+ * There's no going back after CPRM, warns Schneier February 17th, 2001 CPRM copy control poses "a serious threat to civil liberties", writes cryptography expert Bruce Schneier. In an analysis of the CPRM specs that the 4C Entity has proposed for inclusion in the ATA hard drive specification in his latest Cryptogram newsletter, Schneier warns of their social cost. He also comprehensively debunks the spin that CPRM - as it was first thrown at the ATA committee - was only ever intended for removable media. http://www.linuxsecurity.com/articles/cryptography_article-2527.html * Intrusion detection rules drafted February 16th, 2001 The National Institute of Standards and Technology released Monday new draft guidance on intrusion-detection systems, outlining all the factors agencies need to consider when integrating these security systems into their networks. The guidance is part of a series of special publications NIST has put out to assist agencies in the information security arena. http://www.linuxsecurity.com/articles/government_article-2521.html * Full Disclosure? Full Complicity! February 13th, 2001 The term "full disclosure" is marvelously ambiguous, and therein lies much of the problem. It essentially means to "widely disseminate as much information about system vulnerabilities and attack tools as possible so that potential victims are as knowledgeable as those who attack them." Admittedly, this concept has a certain appeal. http://www.linuxsecurity.com/articles/general_article-2492.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week - February 19th 2001 newsletter-admins (Feb 19)