Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - March 5th 2001

From: newsletter-admins () linuxsecurity com
Date: Mon, 5 Mar 2001 12:22:15 -0500
+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  March 5th, 2001                           Volume 2, Number 10n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.

This week many good network security articles were released.  You
should begin by reading "Network monitoring, access control, and
booby traps using TCP Wrappers," "Using SSH Tunneling," and "Be
extremely wary not to taint computer evidence."

This week, advisories were released for sudo, dump, lpr, php, sumrpc,
zope, and analog.  The vendors include Conectiva, Debian, Immunix,
FreeBSD, Mandrake, Red Hat, Slackware, and Trustix.  It is critical
that you update all vulnerable packages.

http://www.linuxsecurity.com/articles/forums_article-2609.html

FREE SECURITY BOOKS Guardian Digital has just announced an offer for
free 2 free security books with the purchase of any secure Linux
Lockbox. The Lockbox is an Open Source network server appliance
engineered to be a complete secure e-business solution. It can be
used as a commerce server, web server, DNS, mail, and database
server. Please see Guardian Digital's website for details.

http://www.guardiandigital.com/bookoffer.html



HTML Version available:
http://www.linuxsecurity.com/newsletter.html

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+


* Be extremely wary not to taint computer evidence
February 28th, 2001

We've all seen it -- the yellow tape used to cordon off a crime scene
in the movies. In terms of police work, it's called securing the
scene. But how many of us realize that securing the scene for a what
may be a computer crime is just as important as it is for a homicide
or fire?


http://www.linuxsecurity.com/articles/intrusion_detection_article-2592.html


+------------------------+
| Network Security News: |
+------------------------+

* Network monitoring, access control, and booby traps using TCP
Wrappers
March 1st, 2001

TCP Wrappers is one of the most common methods of access control on
your Unix box. A wrapper program 'wraps' around existing daemons and
interfaces between clients and the server. Good access control and
logging are strong points. In this first part, we introduce you to
the concept behind TCP Wrappers.

http://www.linuxsecurity.com/articles/host_security_article-2598.html


* Using SSH Tunneling
February 28th, 2001

They say that the Wired Equivalent Privacy protocol has been cracked.
What's a wireless user to do? Tunnel.   Secure Shell (SSH) is open,
free, fast, secure, and easy to setup (once you know how). WEP has
never provided much more than a form of access control to your
wireless nodes.

http://www.linuxsecurity.com/articles/cryptography_article-2594.html


* Build a Floppy Firewall
February 26th, 2001

Here's how I turned an unused PC into a packet-filtering firewall
using a package called floppyfw. The firewall boots off a single
floppy, runs completely in RAM, and uses ipchains for the filter
rules. It also does IP masquerading, port forwarding, and can log to
a remote host using syslog. All this in a machine with as little as 8
MB of RAM and no hard drive.

http://www.linuxsecurity.com/articles/firewalls_article-2252.html



+------------------------+
| Cryptography News:     |
+------------------------+


* OpenPGP set to become global standard
February 28th, 2001

OpenPGP is an Internet Engineering Task Force (IETF) ratified
standard  based around PGP 5, which Hush and Zimmermann hope will
become a  global standard as the public demand for secure
communications increases.  OpenPGP as a development platform can be
used to develop email encryption  as well as roll out digital
signatures and key management systems, said  Zimmermann.

http://www.linuxsecurity.com/articles/cryptography_article-2597.html


* PKI Primer
February 27th, 2001

This document covers five pages of definitions and explanations of
the elements of public key cryptograpy. "Everything you wanted to
know about Public Key  Infrastructure, but were too insecure to ask.
Secret Key Encryption  In secret key encryption, the same key is used
to encrypt and decrypt.

http://www.linuxsecurity.com/articles/cryptography_article-2590.html



+------------------------+
| Vendors/Products:      |
+------------------------+

* A sharp eye for security
February 28th, 2001

Companies that believe their networks can  be completely protected by
a phalanx of  add-on security products may be in for a rude
awakening. Underlying vulnerabilities, embedded and unseen many
layers down  in network infrastructures, may be unwitting
invitations to even moderately skilled attackers.

http://www.linuxsecurity.com/articles/vendors_products_article-2596.html


* Computer forensics booms as importance of electronic evidence grows
February 27th, 2001

Computer forensics, once a discipline restricted to a small  cloister
of law enforcement officers, is now a booming  business. Demand for
the services is exploding as electronic  evidence becomes more widely
used in court and as  companies become increasingly concerned about
the use of  computer networks for corporate spying and other
mischief.

http://www.linuxsecurity.com/articles/network_security_article-2582.html



+------------------------+
| General News:          |
+------------------------+

* BINDing the Internet
March 1st, 2001

Security experts recently made an unprecedented appeal to computer
system administrators to update software to protect the Internet.
The warning highlights the  vulnerabilities of the digital era.
Security flaws continue to be the Achilles Heel of  the information
revolution. There is little sign that message is sinking in.

http://www.linuxsecurity.com/articles/server_security_article-2580.html


* Government e-security measures inadequate
February 27th, 2001

The Government's attempt to fight hackers through the latest
anti-terrorism legislation is flawed, according to legal and network
security experts.   Critics claim that the legislation covers attacks
on utilities and hospitals, but has no provision for the prosecution
of a cyber terrorist who attacks a bank or business.

http://www.linuxsecurity.com/articles/government_article-2584.html


* Could Linux be too open for our own good?
February 26th, 2001

That's sort of what I was feeling when I saw that the National
Security Agency  was releasing a secured version of Linux 2.2 into
the "open source" community,  along with the background on the
testing models it used for verification. It was  just too weird to be
happening. The people behind the triple fence in Fort  Meade, Md.
giving out something?


http://www.linuxsecurity.com/articles/server_security_article-2602.html




------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: