Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - April 8th 2002

From: InfoSec News <isn () c4i org>
Date: Tue, 9 Apr 2002 02:50:20 -0500 (CDT)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  April 8th, 2002                              Volume 3, Number 14n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Server port 80
plagues Internet security," "XML Security Risks," "Taking a Stateful
Approach to Firewall Design," and "Exploring XML Encryption, Part 1."

--> Performance and Stability meet Security 
 
EnGarde has everything necessary to create thousands of virtual Web sites,
manage e-mail, DNS, firewalling database functions for an entire
organization, and supports high-speed broadband connections all using a
Web-based front-end. EnGarde Secure Professional provides those features
and more!
 
  http://store.guardiandigital.com/html/eng/promo1.shtml
 

This week, advisories were released for the Linux kernel, openssh, cups,
nscd, kde, squid, mod_ssl, XFree86, rsync, and zlib.  The vendors include
Caldera and Conectiva.

http://www.linuxsecurity.com/articles/forums_article-4743.html


Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
 
 
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Server port 80 plagues Internet security
April 4th, 2002

THE INTERNET HAS become a riskier place for businesses since the fall of
2001 and doesn't look to be any more secure in the near future, according
to security firm Internet Security Systems, which released its security
incident figures for the first quarter of 2002 Wednesday.

http://www.linuxsecurity.com/articles/server_security_article-4737.html


* Dsniff 'n the Mirror -- PDF Version
April 2nd, 2002

The popular article by Duane Dunston featured on LinuxSecurity.com
recently has now been made available in the form of PDF, due to requests
from users. "This is a practical step by step guide showing how to use
Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also
provides a discussion of how and why we should monitor network traffic."
You can read Duane's article in Dsniff 'n the Mirror.The PDF version is
also now available.

http://www.linuxsecurity.com/articles/network_security_article-4723.html 


* XML Security Risks
April 2nd, 2002

Data contained in XML tags needs to be secured in transit over the
Internet, just like any other transaction. SSL and HTTPS are sufficient
for most transactions, and companies routinely add their own further
encryption for the stuff that really needs it. But crooks are far less
likely to target packets in motion than the XML data residing on your
servers.

http://www.linuxsecurity.com/articles/network_security_article-4719.html



+------------------------+
| Network Security News: |
+------------------------+

* On ProxyTunnel
April 5th, 2002

Most of us have come across the following situation: you are working at
your employer or at a customer location, and the local penny pinchers have
decided that Internet access should be limited to sending mail (but only
if it comes from the standard Exchange or Notes servers) and surfing the
web.

http://www.linuxsecurity.com/articles/host_security_article-4747.html


* Network security tips for managers
April 5th, 2002

Network Security has become an important part of today's IT staffs.
However, there is a small part of it that needs to be a part of
everybody's understanding that works with computers that attach to the
Internet. I will review some basic ways to inventory your systems
externally.

http://www.linuxsecurity.com/articles/network_security_article-4751.html


* Taking a Stateful Approach to Firewall Design
April 5th, 2002

Security continues to be the biggest concern for IT managers and, in turn,
design engineers developing firewall systems. With more viruses popping up
and hackers attacking more often, corporations are looking for any
approach possible to plug holes in their firewall architectures. <

http://www.linuxsecurity.com/articles/firewalls_article-4744.html


* RTFM: WLan security part 1
April 4th, 2002

In the first of a two-part series looking at security issues facing
wireless Lan technology, David Ludlow looks into the lengths that crackers
will go to when they are trying to infiltrate your network.  We've all
seen the reports and news stories proclaiming how insecure WLans are.

http://www.linuxsecurity.com/articles/network_security_article-4735.html



* Take these precautions against inside security attacks
April 3rd, 2002

The biggest single threat to your IT operation is someone you probably
know by name. Think about it. Who knows better how to penetrate your
systems--a hacker or someone down the hall who already has access to your
systems?

http://www.linuxsecurity.com/articles/network_security_article-4728.html


* Firestarter: Fast firewalls made simple
April 1st, 2002

Firestarter is a graphical based firewall interface to the
ipchains/Netfilter (iptables) firewalls that come with your Linux
distribution, ipchains is used mostly for 2.2.x kernels and Netfilter is
used on 2.4.x kernels.

http://www.linuxsecurity.com/articles/firewalls_article-4713.html



+------------------------+
|  Cryptography:         |
+------------------------+
 
* Weak crypto casts shadow over ecommerce
April 4th, 2002

US export restrictions and local legislation on cryptography still casts a
shadow over the security of ecommerce site even years after regulations to
permit the use of strong encryption.

http://www.linuxsecurity.com/articles/cryptography_article-4739.html


* Exploring XML Encryption, Part 1
April 3rd, 2002

XML Encryption provides end-to-end security for applications that require
secure exchange of structured data. XML itself is the most popular
technology for structuring data, and therefore XML-based encryption is the
natural way to handle complex requirements for security in data
interchange applications.

http://www.linuxsecurity.com/articles/cryptography_article-4729.html




+------------------------+
|  General:              |
+------------------------+
 
* NIST guides target e-mail, patches
April 7th, 2002

The National Institute of Standards and Technology released new draft
guidance April 3 for dealing with two of the most common sources of
security breaches: poorly configured e-mail servers and the failure to
apply software patches.

http://www.linuxsecurity.com/articles/security_sources_article-4752.html


* Security in a World Without Secrets
April 5th, 2002

Security and privacy are at a major turning point in our society. The
events of September 11 catalyzed an already rapidly growing trend in the
gathering of personal and enterprise information, made possible by
advancing technologies.

http://www.linuxsecurity.com/articles/privacy_article-4746.html


* Watch out for snooping spam
April 5th, 2002

Watch out--the spam choking your e-mail in-box may be loaded with software
that lets marketers track your moves online, and you may not even be aware
that you've been bugged.

http://www.linuxsecurity.com/articles/privacy_article-4745.html


* Why con artists are your biggest security threat
April 4th, 2002

Bottom line: No product you can buy will protect you completely from the
most serious threat to your network and your business.  That's not what
you want to hear after laying out six figures to arm yourself with
firewalls, antivirus software, and intrusion-detection applications, is
it?

http://www.linuxsecurity.com/articles/hackscracks_article-4738.html


* SSL encryption weaker in Europe than US
April 3rd, 2002

Up to 18 percent of servers using SSL (Secure Sockets Layer) encryption
technology for Web site encryption are potentially vulnerable to hackers,
with the problem being far more pronounced in Europe than in the U.S.,
according to the latest monthly survey of Web server usage conducted by
Netcraft Ltd.

http://www.linuxsecurity.com/articles/cryptography_article-4732.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: