Information Security News mailing list archives
Linux Security Week - March 5th 2001
From: newsletter-admins () linuxsecurity com
Date: Mon, 5 Mar 2001 12:22:15 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | March 5th, 2001 Volume 2, Number 10n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week many good network security articles were released. You should begin by reading "Network monitoring, access control, and booby traps using TCP Wrappers," "Using SSH Tunneling," and "Be extremely wary not to taint computer evidence." This week, advisories were released for sudo, dump, lpr, php, sumrpc, zope, and analog. The vendors include Conectiva, Debian, Immunix, FreeBSD, Mandrake, Red Hat, Slackware, and Trustix. It is critical that you update all vulnerable packages. http://www.linuxsecurity.com/articles/forums_article-2609.html FREE SECURITY BOOKS Guardian Digital has just announced an offer for free 2 free security books with the purchase of any secure Linux Lockbox. The Lockbox is an Open Source network server appliance engineered to be a complete secure e-business solution. It can be used as a commerce server, web server, DNS, mail, and database server. Please see Guardian Digital's website for details. http://www.guardiandigital.com/bookoffer.html HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Be extremely wary not to taint computer evidence February 28th, 2001 We've all seen it -- the yellow tape used to cordon off a crime scene in the movies. In terms of police work, it's called securing the scene. But how many of us realize that securing the scene for a what may be a computer crime is just as important as it is for a homicide or fire? http://www.linuxsecurity.com/articles/intrusion_detection_article-2592.html +------------------------+ | Network Security News: | +------------------------+ * Network monitoring, access control, and booby traps using TCP Wrappers March 1st, 2001 TCP Wrappers is one of the most common methods of access control on your Unix box. A wrapper program 'wraps' around existing daemons and interfaces between clients and the server. Good access control and logging are strong points. In this first part, we introduce you to the concept behind TCP Wrappers. http://www.linuxsecurity.com/articles/host_security_article-2598.html * Using SSH Tunneling February 28th, 2001 They say that the Wired Equivalent Privacy protocol has been cracked. What's a wireless user to do? Tunnel. Secure Shell (SSH) is open, free, fast, secure, and easy to setup (once you know how). WEP has never provided much more than a form of access control to your wireless nodes. http://www.linuxsecurity.com/articles/cryptography_article-2594.html * Build a Floppy Firewall February 26th, 2001 Here's how I turned an unused PC into a packet-filtering firewall using a package called floppyfw. The firewall boots off a single floppy, runs completely in RAM, and uses ipchains for the filter rules. It also does IP masquerading, port forwarding, and can log to a remote host using syslog. All this in a machine with as little as 8 MB of RAM and no hard drive. http://www.linuxsecurity.com/articles/firewalls_article-2252.html +------------------------+ | Cryptography News: | +------------------------+ * OpenPGP set to become global standard February 28th, 2001 OpenPGP is an Internet Engineering Task Force (IETF) ratified standard based around PGP 5, which Hush and Zimmermann hope will become a global standard as the public demand for secure communications increases. OpenPGP as a development platform can be used to develop email encryption as well as roll out digital signatures and key management systems, said Zimmermann. http://www.linuxsecurity.com/articles/cryptography_article-2597.html * PKI Primer February 27th, 2001 This document covers five pages of definitions and explanations of the elements of public key cryptograpy. "Everything you wanted to know about Public Key Infrastructure, but were too insecure to ask. Secret Key Encryption In secret key encryption, the same key is used to encrypt and decrypt. http://www.linuxsecurity.com/articles/cryptography_article-2590.html +------------------------+ | Vendors/Products: | +------------------------+ * A sharp eye for security February 28th, 2001 Companies that believe their networks can be completely protected by a phalanx of add-on security products may be in for a rude awakening. Underlying vulnerabilities, embedded and unseen many layers down in network infrastructures, may be unwitting invitations to even moderately skilled attackers. http://www.linuxsecurity.com/articles/vendors_products_article-2596.html * Computer forensics booms as importance of electronic evidence grows February 27th, 2001 Computer forensics, once a discipline restricted to a small cloister of law enforcement officers, is now a booming business. Demand for the services is exploding as electronic evidence becomes more widely used in court and as companies become increasingly concerned about the use of computer networks for corporate spying and other mischief. http://www.linuxsecurity.com/articles/network_security_article-2582.html +------------------------+ | General News: | +------------------------+ * BINDing the Internet March 1st, 2001 Security experts recently made an unprecedented appeal to computer system administrators to update software to protect the Internet. The warning highlights the vulnerabilities of the digital era. Security flaws continue to be the Achilles Heel of the information revolution. There is little sign that message is sinking in. http://www.linuxsecurity.com/articles/server_security_article-2580.html * Government e-security measures inadequate February 27th, 2001 The Government's attempt to fight hackers through the latest anti-terrorism legislation is flawed, according to legal and network security experts. Critics claim that the legislation covers attacks on utilities and hospitals, but has no provision for the prosecution of a cyber terrorist who attacks a bank or business. http://www.linuxsecurity.com/articles/government_article-2584.html * Could Linux be too open for our own good? February 26th, 2001 That's sort of what I was feeling when I saw that the National Security Agency was releasing a secured version of Linux 2.2 into the "open source" community, along with the background on the testing models it used for verification. It was just too weird to be happening. The people behind the triple fence in Fort Meade, Md. giving out something? http://www.linuxsecurity.com/articles/server_security_article-2602.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week - March 5th 2001 newsletter-admins (Mar 05)