Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - May 7th 2001

From: newsletter-admins () LINUXSECURITY COM
Date: Mon, 7 May 2001 12:54:29 -0400
+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  May 7th 2001                             Volume 2, Number 18n      |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, some of the most interesting articles include "Secure Your
Sockets with JSSE," "est Practices in Network Security," and "DNS and
BIND, 4th Edition Online: Chapter 11: Security."  Also this week, take a
look at our feature story, "Open Source Security Testing Methods."

This week, advisories were released for NEdit, gftp, rpmdrake, kdelibs,
gnupg, FreeBSD kernel, mount, and openssl.  The vendors include EnGarde,
Immunix, FreeBSD, Mandrake, Progeny, and Red Hat.

http://www.linuxsecurity.com/articles/forums_article-2976.html

FEATURE STORY: Open Source Security Testing Methods

The The Open-Source Security Testing Methodology Manual (OSSTMM) is an
effort to develop an open standard method of performing security tests.
Dave Wreski and Rich Jankowski interview Pete Herzog, the creator of the
project to gain insight to the development efforts and the hope for
adoption into the industry.

http://www.linuxsecurity.com/feature_stories/feature_story-85.html


### FREE Apache SSL Guide from Thawte ###

Planning Web Server Security? Find out how to implement SSL!
Get the free Thawte Apache SSL Guide and find the answers to all
your Apache SSL security issues and more.

Go to:  http://www.gothawte.com/rd8.html

HTML Version available:
http://www.linuxsecurity.com/newsletter.html


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+


* Secure Your Sockets with JSSE
May 4th, 2001

In this column, I'll show you how to install JSSE and use it to implement
HTTPS (i.e., HTTP over SSL). I'll provide you with an example of a
mini-HTTPS server and Java clients that support SSL. I'll then show you
how to setup a bi-directional SSL scheme where clients authenticate
servers and servers authenticate clients.

http://www.linuxsecurity.com/articles/cryptography_article-2975.html


* Securing Java Code: Part 2
May 3rd, 2001

n this installment in our series, we further examine the elements
that  should be part of a secure Java code policy, including such
safeguards  as compartmentilization and cryptography.  In our last
installment, we introduced policy and covered product  requirements,
error handling, and object states.

http://www.linuxsecurity.com/articles/server_security_article-2958.html


* DNS and BIND, 4th Edition Online: Chapter 11: Security
May 1st, 2001

Chapter 11 of the new BIND book is now available online. This chapter
covers securing your nameserver, transaction security, restricting
queries and transfers, firewalls, and a number of security
extensions.

http://www.linuxsecurity.com/articles/server_security_article-2972.html




+------------------------+
| Network Security News: |
+------------------------+

* Best Practices in Network Security
May 6th, 2001

This March 2000 article by Frederick M. Avolio is a great starting
point for developing a network security policy, including developing
ground rules as a starting point, planning, and more.

http://www.linuxsecurity.com/articles/network_security_article-2980.html


* Using an SSH Client through the Corporate Firewall on the telnet
port
May 3rd, 2001

Most corporations allow users to access the outside world for HTTP,
FTP & Telnet. However, access via "Secure Shell" is often blocked
(as was my situation in Corporate America). There is a work-around
that is pretty easy.

http://www.linuxsecurity.com/articles/hackscracks_article-2970.html


* Security: Not Just for SysAdmins
May 2nd, 2001

Book review: Real World Linux Security: Intrusion Prevention,
Detection and Recovery. Upon opening this book for the first time, I
was immediately impressed by the vast amount of information
presented. Simply skimming through the book's table of contents, it
is easy to appreciate the wide range of topics covered by Toxen.

http://www.linuxsecurity.com/articles/documentation_article-2967.html




+------------------------+
| Books:                 |
+------------------------+

* Network Intrusion Detection. An Analyst's handbook, 2nd ed.
May 4th, 2001

This book is a typical New Riders production, well done, detailed,
written for folks who know (or would like to know) what they are
doing by folks who do know what they are doing.  It is not a large
print, full of white space, over hyped book.

http://www.linuxsecurity.com/articles/documentation_article-2977.html




+------------------------+
| General News:          |
+------------------------+


* FBI Details Carnivore Use
May 5th, 2001

The FBI has used Internet eavesdropping tools to track fugitives,
drug dealers,  extortionists, computer hackers and suspected foreign
intelligence agents, documents show.

http://www.linuxsecurity.com/articles/government_article-2979.html


* The mixture of hacker and activist is a myth
May 3rd, 2001

Hacktivism is a bastardization of the words hack and activism. In
truth, it's  neither. Rather, it has become a cheapjack
pseudo-politically hip moniker for the activities of  apolitical
teenage miscreants devoid of talent, creativity and passion.

http://www.linuxsecurity.com/articles/hackscracks_article-2969.html


* Security at Any Cost
May 2nd, 2001

Spending on corporate network security remains strong even while
corporations cut  their IT budgets during the economic downturn,
analysts say. In fact, the demand  for security services is so strong
a growing number of security companies have  sprung up to capitalize
on corporate America's fears.

http://www.linuxsecurity.com/articles/general_article-2966.html


* Fighting the new electronic war
May 2nd, 2001

In 1992, Lance Spitzner joined the U.S. Army with a single goal  in
mind: to become a tank officer. Ever since childhood, he  had loved
learning about tanks, and the Army gave him an opportunity to get
up-close and personal with gun turrets,  grease and mechanized
warfare.

http://www.linuxsecurity.com/articles/projects_article-2961.html





------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: