Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - September 15th 2003

From: InfoSec News <isn () c4i org>
Date: Tue, 16 Sep 2003 06:24:57 -0500 (CDT)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  September 15th, 2003                          Volume 4, Number 37n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "A Password
Policy Primer," "Simplify Enterprise Java Authentication With Single
Sign-on," "Inside The Network Intrusion-Prevention Hype," and "Hardening
the TCP/IP Stack to SYN Attacks."

---- >> FREE Apache SSL Guide from Thawte << ----
Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

  Click Command:
  http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache

LINUX ADVISORY WATCH:
This week advisories were released for pam_smb, exim, stunnel, wu-ftpd,
mah-jong, sane-backends, pine, GtkHTML, and inetd.  The distributors
include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, Red
Hat, Slackware, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-7939.html


---

FEATURE: A Practical Approach of Stealthy Remote Administration

This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your
enterprise firewall console or IDS).

http://www.linuxsecurity.com/feature_stories/feature_story-149.html

---

Basic Intrusion Prevention using Content-based Filtering

This article will discuss a very useful but seemingly overlooked
functionality of Netfilter, a firewall code widely used in Linux, that
provides content matching and filtering capabilities.

http://www.linuxsecurity.com/feature_stories/feature_story-148.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* A Password Policy Primer
September 13th, 2003

In general, passwords must be unpredictable, and the policy that protects
them should be as unpredictable as possible. This being so, your friend's
policy is probably not the one you want for yourself, and thus one that I
might suggest is probably no better.

http://www.linuxsecurity.com/articles/security_sources_article-7949.html


* Linux Server Hacks
September 12th, 2003

There are a number of system administrators out there that provide a
different level of care for their penguin powered server stations. For
those wanting to broad their administration horizons, O'Reilly's "Linux
Server Hacks" should come quite handy.

http://www.linuxsecurity.com/articles/documentation_article-7942.html


* Simplify Enterprise Java Authentication With Single Sign-on
September 11th, 2003

As you add more and more password-protected applications to your
organization's computing environment, you add authentication complexity
that will burden both developers and users. Most enterprise application
integration projects include single sign-on (SSO) functionality, which
allows users to log in once to use a range of different applications.

http://www.linuxsecurity.com/articles/documentation_article-7935.html


* Case-Harden Your Physical Security
September 8th, 2003

Nothing says there's a hole in your security like someone walking off with
your servers. You could spend millions of dollars on access lists,
firewalls, USB tokens, virus scanners, VPNs, passwords and patches to
secure your network from online invasions, but none of those will protect
you from offline attacks.

http://www.linuxsecurity.com/articles/server_security_article-7916.html


* Protecting Databases
September 8th, 2003

One of the more recent evolutions in network security has been the
movement away from protecting the perimeter of the network to protecting
data at the source. The reason behind this change has been that perimeter
security no longer works in today's environment. Today, more than just
your employees need access to data.

http://www.linuxsecurity.com/articles/server_security_article-7920.html


* BSD Heap Smashing
September 8th, 2003

The first section of this document gives a taste of what this allocator is
made of. The constants and data structures used to reference several kinds
of resources (namely: memory pages, large chunks, tiny chunks, and
medium-sized chunks) are then presented. The data structures used
internally by the allocator are then explained.

http://www.linuxsecurity.com/articles/documentation_article-7918.html



+------------------------+
| Network Security News: |
+------------------------+

* ISPs Should Block Net Attack Ports
September 11th, 2003

Internet service providers should take security matters into their own
hands by blocking access to communications ports on their customers'
computers which are commonly exploited by Internet worms and other
malicious programs, according to a SANS Institute report.

http://www.linuxsecurity.com/articles/forums_article-7934.html


* Inside The Network Intrusion-Prevention Hype
September 10th, 2003

Battle lines have been drawn, and volleys are being lobbed between the
analyst and vendor camps. In dispute: Whether intrusion prevention is out
of commission or the next network security salvation. On one side, Gartner
has cast intrusion detection into its "Trough of Disillusionment," saying
the tech has stalled and calling for these functions to move into
firewalls.

http://www.linuxsecurity.com/articles/intrusion_detection_article-
7929.html


* Hardening the TCP/IP Stack to SYN Attacks
September 10th, 2003

Most people know how problematic protection against SYN denial of service
attacks can be. Several methods, more or less effective, are usually used.
In almost every case proper filtering of packets is a viable solution. In
addition to creating packet filters, the modification of the TCP/IP stack
of a given operating system can be performed by an administrator.

http://www.linuxsecurity.com/articles/network_security_article-7932.html


* Information Security Checklist
September 9th, 2003

Today's heightened awareness of the need to secure IT infrastructures and
protect mission critical data is leading more and more organizations to
reevaluate their security practices.

http://www.linuxsecurity.com/articles/security_sources_article-7922.html


+------------------------+
| General Security News: |
+------------------------+

* IEEE Begins Standard to Create Baseline for More Secure Operating
Systems
September 13th, 2003

The ability to enhance security in information systems and networks is
limited by the operating systems that underpin them. Recognizing this, the
Institute of Electrical and Electronics Engineers (IEEE) has begun work on
a standard to formulate consistent baseline security requirements for
general-purpose (GP), commercial, off-the-shelf (COTS) operating systems.

http://www.linuxsecurity.com/articles/organizations_events_article-7947.html


* Best Practices: Handheld Security
September 10th, 2003

Handheld computers are an evolving security threat. Where once the devices
were widely ignored or blocked by IT and security managers, now more
organizations have embraced them. Experts warn that organizations still
largely ignore PDA security, and at their peril. d devices at $3,000 per
year for organizations in the United States.

http://www.linuxsecurity.com/articles/host_security_article-7928.html


* Security Forces--Act Before You Must React
September 10th, 2003

Information security is a reactive world. The next intrusion,
vulnerability or worm is always right around the corner.  With critical
issues arising everywhere, the typical CISO and IT security organization
spend most of their time reacting to outside forces and not nearly enough
time getting ahead of the curve.

http://www.linuxsecurity.com/articles/security_sources_article-7926.html


* Issue 8 of ISO 17799
September 9th, 2003

Here is Issue 8 of the ISO 17799 Newsletter. This quarterly publication
covers news and developments with respect to the international information
security standard.

http://www.linuxsecurity.com/articles/security_sources_article-7925.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: