[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Linux Security Week - December 2nd 2002

|  LinuxSecurity.com                            Weekly Newsletter     |
|  December 2nd, 2002                           Volume 3, Number 47n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@xxxxxxxxxxxxxxxxx    |
|                   Benjamin Thomas         ben@xxxxxxxxxxxxxxxxx     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include, "TcpServer:
Secure, Flexible Daemon Management," "Enterprise Security: The Manager's
Defense Guide," "Chart A Plan For Security," and "Open Source Insecurity -
You Decide."

Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following


This week, advisories were released for pine, samba, python, sendmail,
kernel, and mod_php. The distributors include Conectiva, Debian, Guardian
Digital's EnGarde Secure Linux, Mandrake, Red Hat, Slackware, SuSE, and



CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.



Feature: Security - Physical and Service
The first installation of a 3 part article covering everything from
physical security and service security to LAMP security (Linux Apache


| Host Security News: | <<-----[ Articles This Week ]-------------

* How Did These Processes Get Here?
November 27th, 2002

Every now and then I like to issue challenges to my readers. This week you
have another chance to test your wits against a problem, but the rewards
are higher. Instead of a measly postcard, the winner will get a copy of
Hacking Linux Exposed, Second Edition.


* Internet Site Security
November 26th, 2002

Internet Site Security - what a name for a book. When I first heard about
it I was thinking: '1400 pages, 6 CDs,' but when the book came and I began
to read through it, I realized how much good information the authors were
able to fit into just over 400 pages.


* Open-Source Trojans: A Growing Problem?
November 25th, 2002

Experts say the insertion of Trojans into two popular tools reinforces the
need to run readily available programs, such as MD5 hashes, to ensure that
code hasn't been altered.  Experts recommend using MD5 hashes to expose


* tcpserver: Secure, Flexible Daemon Management
November 25th, 2002

If you're still running inetd, it's time to move on. Either xinetd or
tcpserver offer superior security and control. We're going to look at
tcpserver. Note that there is one limitation: it manages only tcp. If
you're using UDP or rpc services, tcpserver alone will not do the job. In
that case, xinetd is the way to go.


| Network Security News: |

* Enterprise Security: The Manager's Defense Guide
November 29th, 2002

Mirko Zorz submits E-business, the buzzword of the second half of the
'90s, has managed to survive and overcome problems that have occurred
after the initial breakthrough, and is now facing a different kind of a
problem. That is insufficient security that allows malicious users to take
matters into their own hands, causing material damage not only to the
companies, but also to individuals in form of their customers.


* Intrusion detection tipped to grow
November 28th, 2002

Better integration of simpler products will create surge in sales
Intrusion detection system (IDS) hardware and software sales are set to
rocket as technology shifts are completed, according to the latest figures
from consulting firm Infonetics Research.


* OWASP CodeSeeker - An Open Source Application Firewall and IDS
November 25th, 2002

The Open Web Application Security Project (OWASP) are pleased to annouce
the imminent availability of CodeSeeker, an Application Level Firewall and
Intrusion Detection System (AFWIDS) for Linux, Win32 and Solaris.


* Chart A Plan For Security
November 25th, 2002

I.T. departments are under pressure to cut their operating costs, but
they're also being asked to improve and standardize information security.
Because security doesn't come cheap or easy, technology managers need to
chart a clear plan to effectively assess and strengthen security.


* Combating Reverse Telnet Using OpenBSD Packet Filter (pf)
November 25th, 2002

This article is meant for those who are going to implement firewall using
OpenBSD. The main purpose for this article is to protect servers (such as
web, mail, dns and others) within a firewalled network.  This article is
based on my personal experiences and I could not guarantee it will suit
all system that you have.


| General News:          |

* Forensic Skill Needed To Bring Hackers To Justice
November 29th, 2002

Most firms have strategies to prevent their systems being attacked, but
they should also develop policies on what to do in the event of a security
breach to preserve evidence and prosecute the culprits, according to


* Working with the CSO
November 29th, 2002

With security an increasing concern for most businesses, it's not
surprising that many CTOs will soon find themselves working alongside a
CSO (chief security officer), whose sole function is to safeguard the IT
structure moving forward. But is this necessary, because many CTOs
consider security one of their primary concerns?


* Feds, Firms Unveil Test For Security Pros
November 29th, 2002

A new certification program for entry-level computer-security
professionals will officially get up and running Monday, said
representatives of the combined industry-government group behind the exam.


* Open Source Insecurity - You Decide
November 27th, 2002

In a study provided by the Aberdeen Group they cited some very interesting
factoids that seem releveant at first glance. As reported in eWeek, the
Aberdeen Group chose the following facts to reach their conclusion: "Of
the 29 advisories issued through October by the CERT Coordination Center
at Carnegie Mellon University in Pittsburgh, 16 of them addressed
vulnerabilities in open-source or Linux products.


* A Tech Sector That's Set to Soar
November 27th, 2002

Tech tracker IDC in Framingham, Mass., predicts that the global market
will grow from $6 billion in 2001 to $14.6 billion 2006, IDC estimates.
Those will be slower gains than in the mid and late '90s, but "nothing is
growing as quickly as it used to, because of the economy," says Check
Point President Jerry Ungerman.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.