Information Security News mailing list archives
Linux Security Week, Nov 27th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 27 Nov 2000 00:06:21 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 27, 2000 Volume 1, Number 30n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week many good articles were released. A few of them include, "OpenSSH installation and configuration," "Postfix - The Sendmail Replacement" and "Filesystem Security: ext2 extended attributes." If you are interested in firewalls, you may want to read "Introduction to Firewalls," "Top Ten Blocking Recommendations Using ipchains" and "Chapter 6 from Building Internet Firewalls." Each of these articles provide useful information that can help you obtain greater network security. This week, advisories were released for modutils, ghostscript, elvis-tiny, xmcd, ncurses, joe, ethereal, tcpdump, CUPS, cron, openssh, tcsh/csh, php, thttpd, curl, mgetty, telnet, pine. The vendors include Conectiva, Debain, FreeBSD, Mandrake and Red Hat. It was a big week for both Debain and FreeBSD. It is critical that you update all vulnerable packages to reduce the risk of being compromised. http://www.linuxsecurity.com/articles/forums_article-1994.html Webmasters, our advisory and news feed is now available in RDF format. We invite you to use and customize our feed to provide up-to-date security content on your website. http://www.linuxsecurity.com/linuxsecurity_articles.rdf http://www.linuxsecurity.com/linuxsecurity_advisories.rdf ================================================================= FREE Apache SSL Guide from Thawte Are you planning your Web Server Security? Click here to get a FREE Thawte Apache SSL guide and find the answers to all your Apache SSL security issues: http://www.thawte.com/ucgi/gothawte.cgi?a=n074917540018000 ================================================================= HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Postfix - The Sendmail Replacement, Part II November 23rd, 2000 Postfix is now more useful than ever as a gateway mail server. I'll cover some of the more interesting available features and how you can use them to secure and protect your email infrastructure. Most of these features are actually quite old, but are probably news to most users. This article was written using Postfix snapshot 20001030. Since then several things (like virtual) have changed, making some points in this article incorrect. http://www.linuxsecurity.com/articles/host_security_article-1991.html * OpenSSH installation and configuration November 21st, 2000 Secure Shell (SSH) was built to address these faults and provide a more secure environment to work in. SSH encrypts all your traffic including your passwords when you connect to another machine over the net. SSH also replaces telnet, ftp, rsh, rlogin and rexec. http://www.linuxsecurity.com/articles/server_security_article-1979.html * Filesystem Security: ext2 extended attributes November 20th, 2000 If asked to name the top five security features of the Linux kernel, most administrators would probably not mention ext2 filesystem attributes. Although the definitions for most of the useful ext2 filesystem flags appeared in the kernel source at least as early as the 1.1 development series, this humble feature often takes a back seat to more exotic and recently-introduced tools for preserving and assuring system integrity such as LIDS, Tripwire, and others. http://www.linuxsecurity.com/articles/host_security_article-1966.html +------------------------+ | Network Security News: | +------------------------+ * Security Uncertainty November 26th, 2000 In the age of connectivity, security relies on a bunch of disconnected technologies: antivirus, firewalls, intrusion detection, systems management, access controls, encryption, etc. The biggest challenge for an application vendor like webMethods is to make these various layers of protection work together http://www.linuxsecurity.com/articles/network_security_article-2001.html * Workers open back doors November 23rd, 2000 Employees are the biggest threat to network security - and they don't even know it. Unauthorised equipment attached to a company network can, according to Robin Dahlberg, UK MD of Internet Security Systems, compromise the best efforts of a network manager to secure the system by creating a "backdoor" into the network. http://www.linuxsecurity.com/articles/network_security_article-1990.html * Introduction to Firewalls November 21st, 2000 In this article I cover some of the design decisions that have to be made before creating a firewall, from architecture to various decisions that should be made. A firewall is a device that separates and protects your network, in most cases, from the Internet. It can restrict traffic to only what is acceptable and allows monitoring so you can see what is happening. http://www.linuxsecurity.com/articles/firewalls_article-1980.html * Tapping on the walls November 20th, 2000 Paring down your network services isn't the only way to protect your systems against attacks: port scanning can also be an effective tool. In this month's Building Blocks of Security, Sandra Henry-Stocker shows you how to stay one step ahead of your enemy. Minimizing services is just the beginning of adopting a defensive posture, however. http://www.linuxsecurity.com/articles/hackscracks_article-1973.html * Chapter 6 from Building Internet Firewalls November 20th, 2000 This chapter describes a variety of ways to put firewall components together, and discusses their advantages and disadvantages. We'll tell you what some appropriate uses are for each architecture. The simplest firewall architectures have a single object that acts as the firewall. http://www.linuxsecurity.com/articles/firewalls_article-1967.html +------------------------+ | Cryptography News: | +------------------------+ * Cryptography, PGP and Pine November 25th, 2000 Encryption is the transformation of data into a form that is (hopefully) impossible to read without the knowledge of a key. Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form. http://www.linuxsecurity.com/articles/cryptography_article-1999.html * Encryption, Free Speech and Government Regulation November 22nd, 2000 Encryption software has sparked regulation by the U.S. government and at least two important lawsuits involving the First Amendment. Exporting encryption products requires a thorough understanding of what's legal and what's not. This article explains the issues. http://www.linuxsecurity.com/articles/cryptography_article-1985.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Top 50 Security Tools November 23rd, 2000 I was so impressed by the list they created that I am putting the top 50 up here where everyone can benefit from them. I think anyone in the security field would be well advisted to go over the list and investigate any tools they are unfamiliar with. I also plan to point newbies to this page whenever they write me saying "I do not know where to start". http://www.linuxsecurity.com/articles/vendors_products_article-1993.html * Aladdin releases HASP CD9 with Linux support November 22nd, 2000 Aladdin Knowledge Systems, a global leader in the field of Internet content and software security, today announced the release of HASP CD9, the latest software for the HASP4 hardware-based software protection system that offers high-level security for Linux developers, as well as new ease-of-use features. http://www.linuxsecurity.com/articles/vendors_products_article-1984.html * XML security standards in the works November 20th, 2000 Two separate initiatives led by Netegrity Inc. and Securant Technologies Inc. are looking to develop an XML standard for moving security information--including authentication, authorization and user profiles--across disparate online trading systems. http://www.linuxsecurity.com/articles/network_security_article-1972.html +------------------------+ | General News: | +------------------------+ * U.S. Army kick-starts cyberwar machine November 25th, 2000 The U.S. military has a new mission: Be ready to launch a cyberattack against potential adversaries, some of whom are stockpiling cyberweapons. Such an attack would likely involve launching massive distributed denial-of-service assaults, unleashing crippling computer viruses or Trojans, and jamming the enemy's computer systems through electronic radio-frequency interference. http://www.linuxsecurity.com/articles/government_article-1998.html * Top Ten Blocking Recommendations Using ipchains November 25th, 2000 Here's a pretty good guide on the most common things you can do to block many of the most commonly exploitable services from entering/leaving your network. "The following 11 sections for this assignment will be demonstrated using a Redhat Linux 6.1 operating system using IPChains as the packet-filtering device." http://www.linuxsecurity.com/articles/firewalls_article-2000.html * How Secure Is Your Network? November 24th, 2000 Over the past year, we've been keeping a close eye on what has been hitting the news, and what hasn't, in the area of computer crime. Whether you obtain your security statistics from Web defacement mirrors, such as attrition. org, or the FBI/CSI report, one thing is irrefutable: The problem is getting worse. http://www.linuxsecurity.com/articles/network_security_article-1995.html * Privacy group picks at Carnivore claims November 22nd, 2000 An FBI memo reveals that Carnivore, the FBI's e-mail bugging system, is able to intercept far more information than FBI officials testified to Congress, a privacy advocacy organization claims. Carnivore can intercept so-called unfiltered e-mail traffic -- which is not covered by court orders -- according to Wayne Madsen of the Electronic Privacy Information Center in Washington, D.C. But that's not what FBI officials told Congress in September, Madsen said. http://www.linuxsecurity.com/articles/privacy_article-1986.html * Report: FBI could abuse Carnivore November 22nd, 2000 In a 121-page report released Tuesday night by the U.S. Department of Justice, a seven-member review team gave mixed marks to the FBI's Internet surveillance system, known as Carnivore. While the Illinois Institute of Technology Research Institute review team confirmed that the software program can snoop on e-mail communications in a manner limited by a court order, it voiced concern over the lack of any method of assuring that FBI agents don't abuse the system. http://www.linuxsecurity.com/articles/privacy_article-1988.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, Nov 27th 2000 newsletter-admins (Nov 27)