[ISN] Linux Security Week - November 8th 2004
InfoSec News
isn at c4i.org
Tue Nov 9 06:52:13 EST 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| November 8th, 2004 Volume 5, Number 44n |
| |
| Editorial Team: Dave Wreski dave at linuxsecurity.com |
| Benjamin D. Thomas ben at linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for "Installing and securing VoIP with
Linux," "Securing Source Code Should Be a Priority," and "Keep an Eye on
Your Linux Systems with Netstat."
----
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
----
LINUX ADVISORY WATCH:
This week, advisories were released for rsync, squid, subversion, gaim,
apache, postgresql, mpg123, abiword, iptables, xpdf, libxml, lvm10, hdcp,
ppp, Apache, speedtouch, proxytunnel, shadow, mysql, netalk, mod_ssl, and
libtiff. The distributors include Conectiva, Debian, Fedora, Gentoo,
Mandrake, Openwall, Slackware, and Trustix.
http://www.linuxsecurity.com/articles/forums_article-10206.html
-----
Mass deploying Osiris
Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system. A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people. The communication is all done over an encrypted
communication channel.
http://www.linuxsecurity.com/feature_stories/feature_story-175.html
------
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* Installing and securing VoIP with Linux
November 7th, 2004
Successful businesses usually have the same goal, minimize costs to
maximize profits. Today with the plethora of open source solutions, a
small business can present a high tech image and still keep a lid on the
expenses. Early last winter, we had the opportunity to present a proposal
for a financial institution to add two new remote offices.
http://www.linuxsecurity.com/articles/documentation_article-10215.html
* TCP/IP checksum vectorization using AltiVec, Part 1
November 6th, 2004
This two-part article demonstrates the kinds of performance gains AltiVec
can produce on the TCP/IP checksum, or on code similar to it. It gives
special attention both to instructions that help improve performance, and
to general unrolling and scheduling techniques. The net result?
Performance increased by a factor of four.
http://www.linuxsecurity.com/articles/documentation_article-10214.html
* SSH User Identities
November 4th, 2004
OpenSSH supports more than just simple passwords for authentication. It
can be configured to use PAM (Pluggable authentication modules),
Challenge/Response protocols, Kerberos authentication, authenticated
host-based trust[1], and there are even patches for other methods, such as
X509 keys. However the most popular alternate authentication method is
Identity/Pubkey authentication.
http://www.linuxsecurity.com/articles/documentation_article-10189.html
* Securing Source Code Should Be a Priority
November 4th, 2004
The efforts of the "Source Code Club" to sell the source code to Cisco
firewalls may be despicable, but they may also be a blessing in disguise.
By making a public show of Cisco's inability to keep its secrets to
itself, these desperados may actually be doing us all a big favor.
http://www.linuxsecurity.com/articles/privacy_article-10200.html
* Keep an Eye on Your Linux Systems with Netstat
November 3rd, 2004
Two of the fundamental aspects of Linux system security and
troubleshooting are knowing what services are running, and what
connections and services are available. We're all familiar with ps for
viewing active services. netstat goes a couple of steps further, and
displays all available connections, services, and their status. It shows
one type of service that ps does not: services run from inetd or xinetd,
because inetd/xinetd start them up on demand.
http://www.linuxsecurity.com/articles/documentation_article-10185.html
+------------------------+
| Network Security News: |
+------------------------+
* Alleged DDoS kingpin joins most wanted list
November 6th, 2004
The fugitive Massachusetts businessman charged in the first criminal case
to arise from an alleged DDoS-for-hire scheme has appeared on an FBI most
wanted list, while the five men accused of carrying out his will are
headed for federal court.
http://www.linuxsecurity.com/articles/general_article-10211.html
* Crack Program Released for Wireless Nets
November 6th, 2004
One year after a vulnerability in the Wi-Fi Protected Access encryption
algorithm was reported, a proof-of-concept program for the attack has been
released.
http://www.linuxsecurity.com/articles/network_security_article-10213.html
* Recovering From an Attack
November 6th, 2004
No matter the size of your network, sooner or later you'll have to clean
up an infected machine. Recovery from an attack can be daunting, but
following some simple steps will make it less painful.
http://www.linuxsecurity.com/articles/intrusion_detection_article-10209.html
* Sourcefire - the open source answer to network security
November 4th, 2004
In the past couple of years, technologies such as intrusion detection and
protection systems have become mainstream tools in the corporate security
arsenal. But many feel less than satisfied with the performance of some of
these technologies.
http://www.linuxsecurity.com/articles/network_security_article-10193.html
+------------------------+
| General Security News: |
+------------------------+
* Linux in Government: Stanislaus County Does Linux with a Best
Practices Slant
November 6th, 2004
If you call the Stanislaus County administrative offices and ask for
Richard Robinson, be sure to specify that you want to speak with the
director of strategic business technology. If not, you most likely will
get the county's CEO, who has the same name.
http://www.linuxsecurity.com/articles/government_article-10212.html
* Experts Debunk Linux Security Criticisms
November 6th, 2004
Some Linux experts are questioning a report by British-based mi2g, which
calls Linux the "most breached" computing environment worldwide, with
Microsoft Windows placing a distant second. The London-based security firm
said its study analyzed more than 235,000 successful attacks against
"permanently connected -- 24/7 online--computers" worldwide between
November 2003 and October 2004.
http://www.linuxsecurity.com/articles/forums_article-10210.html
* The Cost of Security Training
November 5th, 2004
It has been said before that the cost of IT training for those of us in
the computer security industry is really quite high. After all, there is
not only the cost of the course itself, but also the associated costs of
hotels, food, and rental vehicles if the course is out of town.
http://www.linuxsecurity.com/articles/forums_article-10201.html
* The Rise of Security Threats
November 1st, 2004
Disgruntled or former employees pose a threat to any business and can gain
access to internal systems relatively easily. Confidential company
information can be used maliciously by employees either hacking into
servers and files or by utilizing hacking tools readily available via the
Internet and with a higher concentration of computer literate workers
these risks are even more significant.
http://www.linuxsecurity.com/articles/network_security_article-10156.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list