[ISN] Linux Security Week - June 7th 2004

InfoSec News isn at c4i.org
Tue Jun 8 02:52:49 EDT 2004 

+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  June 7th, 2004                                Volume 5, Number 23n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Multiple
Security Roles With Unix/Linux," "What Exactly Is Computer Forensics," and
"Six Ways to Justify Security Training."

----

>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the
network.


http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04

----

LINUX ADVISORY WATCH:
This week, advisories were released for mailman, kde, MySQL, mc,
Apache, Heimdal, utempter, and LHA. The    distributors include
Conectiva, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-13.html

----

Linux and National Security

As the open source industry grows and becomes more widely accepted, the
use of Linux as a secure operating system is becoming a prominent choice
among corporations, educational institutions and government sectors.
With national security concerns at an all time high, the question remains:
Is Linux secure enough to successfully operate the government and
military's most critical IT applications?

http://www.linuxsecurity.com/feature_stories/feature_story-165.html

----

Guardian Digital Security Solutions Win Out At Real World Linux

Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out
successes.

http://www.linuxsecurity.com/feature_stories/feature_story-164.html

----

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+

* Multiple Security Roles With Unix/Linux
June 4th, 2004

After the reception my last column regarding the security criticism I
heaped on Unix and Linux vendors who are pursuing end-user desktops, I
thought I would outline some of the areas where I think Linux and Unix
already have strong wins.

http://www.linuxsecurity.com/articles/network_security_article-14.html


* What Exactly Is Computer Forensics?
June 3rd, 2004

Computer forensics involves the preservation, identification, extraction,
documentation and interpretation of computer data. It is often more of an
art than a science, but as in any discipline, computer forensic
specialists follow clear, well-defined methodologies and procedures, and
flexibility is expected and encouraged when encountering the unusual.

http://www.linuxsecurity.com/articles/network_security_article-10.html


* Data Security Debacle
June 2nd, 2004

There is a saying in IT that the only truly secure computer is one that's
turned off. Because this isn't practical or feasible, data security
becomes yet another unavoidable part of doing business in today's wired
world. Simply put, data security is the protection of data from
unauthorized, accidental, or deliberate modification, destruction, or
disclosure.

http://www.linuxsecurity.com/articles/network_security_article-4.html


* From exposition to exploit: One security book's story
June 2nd, 2004

Even prior to its release in May, The Shellcoder's Handbook: Discovering
and Exploiting Security Holes drew attention to the exploitive nature of
the narrative. In a series of e-mail exchanges, lead author Jack Koziol
explains the motive behind this how-to for hackers and what's happened
since it hit bookshelves.

http://www.linuxsecurity.com/articles/documentation_article-3.html



+------------------------+
| Network Security News: |
+------------------------+

* Double Snorting
June 3rd, 2004

Snort is a GPLed, Network Intrusion Detection System (NIDS) that runs on
Linux and Win32. A NIDS monitors the network, looking for hostile traffic.
Basically it scans all traffic on a network interface, not just its own
host's, comparing it to rules describing the signatures of known attacks.

http://www.linuxsecurity.com/articles/network_security_article-8.html



+------------------------+
| General Security News: |
+------------------------+

* How Much Should You Invest in IT Security?
June 4th, 2004

One of the main concerns of the organizers of the Olympic Games to be held
in Athens this summer is security, but not only physical security,
computer security as well. The emphasis placed on avoiding problems with
the computers that will manage huge amounts of data during the games will
be proportional to the magnitude of this global event.

http://www.linuxsecurity.com/articles/general_article-12.html


* Early Alerting - The Key To Proactive Security
June 3rd, 2004

The security challenges facing today's enterprise networks are
intensifying -- both in frequency and number. The Blaster worm arrived
just 26 days after Microsoft disclosed an RPC DCOM Windows flaw and
released a patch for vulnerable systems. The worm took advantage of what
some security experts have called the most widespread Windows flaw ever.
For a time, Blaster was infecting as many as 2,500 computers per hour.

http://www.linuxsecurity.com/articles/intrusion_detection_article-11.html


* Six ways to justify security training
June 1st, 2004

A few days ago, a reader asked if I could help him justify the cost of
security training that he and his fellow Unix system administrators felt
they needed.

http://www.linuxsecurity.com/articles/network_security_article-9363.html


* When encryption can be misleading
June 1st, 2004

The trust that encryption generates can be deceptive, one researcher, a
regular poster to the full-disclosure vulnerability mailing list, has
discovered.

http://www.linuxsecurity.com/articles/cryptography_article-9362.html


* FDIC info security lacking, GAO finds
June 1st, 2004

Weaknesses in the Federal Deposit Insurance Corp.'s information systems
place sensitive information at risk of unauthorized disclosure, disruption
of operations or loss of assets, according to the General Accounting
Office.

http://www.linuxsecurity.com/articles/government_article-1.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

More information about the ISN mailing list