Information Security News mailing list archives
Linux Security Week - March 12th 2001
From: newsletter-admins () linuxsecurity com
Date: Mon, 12 Mar 2001 11:15:11 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | March 12th, 2001 Volume 2, Number 11n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, there are a few articles worth taking a look at. "TCP Wrappers: Part 2," "PortSentry and Snort Compared," and "Deconstructing DoS attacks" will help in the improvement of network security. If you are interested in cryptography, you may want to read "EU denies rumours NSA has broken its encryption system" and "The opening of secrets: Crypto review." Debian, Debian, Debian! If your using Debian, its time to update. 13 Debian advisories were just recently released. This week, advisories were released for Zope, mail, mgetty, proftpd, sudo, analog, ePerl, man2html, mc, nextaw, sgml-tools, glibc, slrn, joe, and cups. The vendors include Conectiva, Caldera, Debian, Mandrake, Red Hat, SuSE, and Immunix. http://www.linuxsecurity.com/articles/forums_article-2646.html FREE SECURITY BOOKS Guardian Digital has just announced an offer for free 2 free security books with the purchase of any secure Linux Lockbox. The Lockbox is an Open Source network server appliance engineered to be a complete secure e-business solution. It can be used as a commerce server, web server, DNS, mail, and database server. Please see Guardian Digital's website for details. http://www.guardiandigital.com/bookoffer.html HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * TCP Wrappers: Part 2 March 7th, 2001 Last week, we had a look at the concept of TCP Wrappers from the theoretical perspective. As we have already mentioned, TCP Wrappers isn't meant to fulfill the security measures you would want for an enterprise network. But it surely does fall into the greater scheme of rule sets that would make up a comprehensive strategy to protect an enterprise network. The author of TCP Wrappers mentions this stating, that TCP Wrappers could be made use of along with a firewall box on your corporate gateway with minimum services running. While building a firewall, we suggest, that you pipe all the firewall logging off the gateway. http://www.linuxsecurity.com/articles/host_security_article-2627.html * Ethical hacking: The network sentinels March 5th, 2001 Ethical hacking? The term may sound like an oxymoron to many. But with incidents of hacking on the rise, more and more companies now turn to white hat hackers or ethical hackers to assess the security vulnerability in their servers and internal networking system. http://www.linuxsecurity.com/articles/general_article-2618.html +------------------------+ | Network Security News: | +------------------------+ * PortSentry and Snort Compared March 11th, 2001 A brief description of port sentry and snort. "A port scan detector that can be configured to bind to ports you want monitored, reporting scans made to these ports and optionally running a command to deal with the scanning host (usually in the form of routing that host to a blackhole or adding a firewall rule dealing with said host) http://www.linuxsecurity.com/articles/intrusion_detection_article-2655.html * Honeypots: Bait for the Cracker March 8th, 2001 The Honeynet Project team, an invitation-only security group, has been working with the project, a network that exists only to allow the team to watch who cracks it, in order to determine what crackers do and why they do it. The team will soon publish a paper on their research. http://www.linuxsecurity.com/articles/intrusion_detection_article-2638.html * 'Decoy nets' gain backers in battle against hackers March 7th, 2001 This so-called "deception" network is envisioned as more than just a single server set up to be a "honeypot," where hackers may break in, find a dead end and have their activities recorded with an eye toward prosecution. Rather, the decoy net is an entire fake network, complete with host computers on a LAN with simulated traffic, to convince hackers for as long as possible that it's real. http://www.linuxsecurity.com/articles/intrusion_detection_article-2633.html * Deconstructing DoS attacks March 7th, 2001 Denial of service (DoS) attacks have made headlines in the last year by assaulting a number of large and very successful companies. A rash of hits roughly a year ago left the e-industry aware of how vulnerable it is. The recent attacks against Microsoft are a not-so-gentle reminder. When large, smart companies, including the likes of Yahoo, Amazon, CNN, and Microsoft, fall victim to DoS attacks, can any of us feel safe? Why are successful companies, which ought to know better, seriously and publicly affected by attacks perpetrated by less-than-brilliant hackers? Finally, what can you do to defend your site? http://www.linuxsecurity.com/articles/network_security_article-2632.html +------------------------+ | Cryptography News: | +------------------------+ * EU denies rumours NSA has broken its encryption system March 9th, 2001 Paranoia is alive and well at the European Union (EU) Commission, which has been forced to officially deny its encryption system has been compromised by the NSA (National Security Agency). http://www.linuxsecurity.com/articles/cryptography_article-2653.html * Seven-line program beats DVD crypto March 8th, 2001 The Motion Picture Association of America is taking a closer look at a seven-line Perl script claimed by its authors to show just how "trivial" DVD encryption really is. http://www.linuxsecurity.com/articles/cryptography_article-2641.html * The opening of secrets: Crypto review March 8th, 2001 What are the roots of cryptography, and how has it evolved over the last 30 years? In this month's Bill's Bookshelf, Bill Rosenblatt reviews Steven Levy's new book on the history of public key cryptography, and finds it to be a balanced and engaging work. There are three types of books on cryptography and its related subjects, security and privacy. http://www.linuxsecurity.com/articles/security_sources_article-2642.html +------------------------+ | Vendors/Products: | +------------------------+ * Uncovering the secrets of SE Linux: Part 1 March 9th, 2001 In an uncharacteristic move, the U.S. National Security Agency recently released a security-enhanced version of Linux -- code and all -- to the open source community. This dW-exclusive article takes a first look at this unexpected development -- what it means and what's to come -- and delves into the architecture of SE Linux. http://www.linuxsecurity.com/articles/server_security_article-2647.html +------------------------+ | General News: | +------------------------+ * Advance notice of Web site warning may have helped block attacks March 9th, 2001 Early warnings issued by the FBI to four vertical-industry groups about the continuing threat of Web site break-ins by Eastern European organized crime groups may have helped block thousands of copycat attacks against banks and other companies doing business online, according to security analysts. http://www.linuxsecurity.com/articles/network_security_article-2652.html * Wireless: The Next Battle In Privacy March 9th, 2001 Privacy has been a hot issue in Washington and elsewhere for some time now, and anyone familiar with political trends could be forgiven for assuming the public spotlight will quickly find some new hot-button issue. But not so, according to Forrester and its report on "Surviving The Privacy Revolution." http://www.linuxsecurity.com/articles/privacy_article-2649.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week - March 12th 2001 newsletter-admins (Mar 12)