[ISN] Linux Security Week - November 15th 2004
InfoSec News
isn at c4i.org
Tue Nov 16 08:34:06 EST 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| November 15th, 2004 Volume 5, Number 45n |
| |
| Editorial Team: Dave Wreski dave at linuxsecurity.com |
| Benjamin D. Thomas ben at linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Sloppy Sysadmins
Leave Linux Security Lacking," "CLASS 5 Automated Vulnerability
Remediation," and "Building a LAMP Server w/ LDAP Authentication."
----
>> LinuxSecurity.com Version 2 <<
Get ready ... the new LinuxSecurity.com site will soon be revealed. The
same great content you've come to expect with a whole new look and great
new features. A sneak preview is coming soon!
----
LINUX ADVISORY WATCH:
This week, advisories were released for xpdf, libtiff3, sasl, shadow,
ruby, freeam, gzip, libgd1, gnats, libgd2, Gallery, ImageMagick, zgv,
mtink, Apache, pavuk, samba, libxml, webmin, and speedtouch. The
distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, and
Trustix.
http://www.linuxsecurity.com/articles/forums_article-10247.html
Mass deploying Osiris
Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system. A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people. The communication is all done over an encrypted
communication channel.
http://www.linuxsecurity.com/feature_stories/feature_story-175.html
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* Sloppy Sysadmins Leave Linux Security Lacking
November 12th, 2004
Linux has gaping security holes caused by systems administrators who
either can't or won't keep up with the latest patches, according to a
report from British security firm mi2g.
http://www.linuxsecurity.com/articles/server_security_article-10248.html
* Say hello to the 'time bomb' exploit
November 12th, 2004
Prepare yourself for "time bomb" exploits that attack web-based systems at
a pre-determined time.
http://www.linuxsecurity.com/articles/network_security_article-10249.html
* Security pros bemoan need for tactical focus
November 12th, 2004
Operational and tactical considerations continue to dominate the IT
security agenda, despite a growing need for more strategic approaches to
data protection, said attendees at the Computer Security Institute's
annual conference here this week.
http://www.linuxsecurity.com/articles/general_article-10251.html
* Exclusive interview of DK Matai with Linux/Security Pipeline
November 12th, 2004
This exclusive interview with Mitch Wagner and Tom Dunlap at Security
Pipeline in California succeeded the mi2g Intelligence Unit's response to
Matthew McKenzie and Scott Finnie on 6th November to the Linux Pipeline
article "Experts Challenge mi2g security study" authored by Tom Dunlap and
published on 5th November.
http://www.linuxsecurity.com/articles/forums_article-10250.html
* CLASS 5 Automated Vulnerability Remediation
November 11th, 2004
CLASS 5 AVR (Automated Vulnerability Remediation) is a tiered architecture
platform that provides customizable and automated remediation capabilities
based on user-defined action policies when vulnerabilities are reported.
http://www.linuxsecurity.com/articles/host_security_article-10244.html
* Guardian Digital Offers Free Sarbanes Assessment
November 10th, 2004
Guardian Digital, Inc., the world's premier provider of open source
security solutions, today announced the launch of a new initiative aimed
at helping companies assess their network-readiness in meeting
Sarbanes-Oxley (SOX) legislation requirements.
http://www.linuxsecurity.com/articles/vendors_products_article-10240.html
* The reality of virtual servers
November 9th, 2004
Server virtualization is one of those rare technologies that sounds too
good to be true, but it's real. Its earliest use was to consolidate
underutilized server hardware onto a smaller number of machines. Since
those early days, it has grown into a multipurpose solution that enables
greater reliability, improved management, and other benefits that make it
an all-but-indispensable tool for enterprise datacenter administrators.
http://www.linuxsecurity.com/articles/general_article-10230.html
* Recovering From an Attack
November 8th, 2004
No matter the size of your network, sooner or later you'll have to clean
up an infected machine. Recovery from an attack can be daunting, but
following some simple steps will make it less painful.
http://www.linuxsecurity.com/articles/security_sources_article-10220.html
+------------------------+
| Network Security News: |
+------------------------+
* Cisco Beefs Up WLAN Security
November 10th, 2004
Cisco Systems Wednesday unveiled a line of enterprise-grade multi-band
wireless access points that include beefed up security. It also said it is
adding intrusion detection capabilities for its entire Structured
Wireless-Aware Network (SWAN) wireless LAN framework.
http://www.linuxsecurity.com/articles/vendors_products_article-10238.html
* Is Gap Growing Between Security Haves and Have-Nots?
November 9th, 2004
Patch management, compliance and vulnerability management all vied for the
attention of attendees on Monday at the Computer Security Institute's
annual Computer Security conference here. However, some security
professionals worried about a new digital divide: large enterprises that
can afford security and small companies that can't.
http://www.linuxsecurity.com/articles/security_sources_article-10232.html
* Building a LAMP Server w/ LDAP Authentication
November 9th, 2004
This tutorial is designed to guide you through the initial steps of
setting up an Apache, MySQL, and PHP server on Linux which will utilize an
external LDAP server for authenticating users. The server will be able to
use either Apache's authentication process (i.e. via httpd.conf), or PHP's
(i.e. coded into your app).
http://www.linuxsecurity.com/articles/documentation_article-10227.html
* Interview: The men behind ettercapNG
November 9th, 2004
In 2001 two Italians released the first beta version of ettercap, a
network protocol analyzer. This summer they released ettercapNG, which was
completely rewritten from scratch with better, modular code, making it
easier to add new features and write and submit patches. Ettercap is now
covered in most security books.
http://www.linuxsecurity.com/articles/projects_article-10228.html
* Prevention Methods Shore Up Wireless LAN Defenses
November 8th, 2004
Security developers took more than a decade to move from intrusion
detection to intrusion prevention in the world of wired networking. But in
the fast-paced wireless space, vendors are already jumping on prevention
as the first step in security.
http://www.linuxsecurity.com/articles/network_security_article-10223.html
+------------------------+
| General Security News: |
+------------------------+
* IT Managers Have False Sense Of Security
November 15th, 2004
Corporate IT managers are a bit bi-polar when it comes to network
security, said a survey released this week at the Computer Security
Institute's annual conference in Washington, D.C. Just as an overwhelming
majority of IT execs think that their networks are safer than they were a
year ago, an even larger percentage admit in that attacks are on the rise.
http://www.linuxsecurity.com/articles/network_security_article-10252.html
* Security company defends Linux-is-vulnerable survey
November 11th, 2004
A UK security company has published an open letter following a furore in
the Linux camp after a study claimed that nearly two thirds of successful
Internet-based attacks occurred on the open source operating system.
http://www.linuxsecurity.com/articles/general_article-10246.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list