Some positives, some negatives. So it goes with Sourcefire's most recent release of their 3D IPS System. This review covers the big changes with two aspects of their software: RNA (Realtime Network Awareness) and RUA (Realtime User Awareness). With this release they've upgraded RNA by including it into macro management.
Two of the most important changes in 3D System Version 4.7 lie in the RNA and RUA components. When we looked at the RNA in its first releases, we found its ability to provide network visibility by passively discovering systems, applications and vulnerabilities useful. However, RNA was not integrated into IDS and IPS policy definition at that point. In this release, Sourcefire finally brings RNA into the big picture by letting the network manager easily use RNA-discovered information to refine IDS and IPS policy and build compliance policies.
Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.
Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.
This list of projects may seem fair and equitable. And certainly, Perl, Postfix, Amanda and others can be very secure. But PHP? Granted, the project is done with a contract from DHS as well as association with Stanford University. And their certification boasts...
Source: Enterprise Networking Planet - Posted by Ryan Berens
Yes folks, it's time for another enticing batch of useful and amazing Linux tips and tricks! On today's menu we are serving up Debian going all volatile, the lowdown on cdrkit usurping cdrtools, and a simple way to use iptables rules to foil brute-force password attacks.
Want to learn about Debian's security focused repositories? How about getting iptables to block Brute-Force Attacks? There's also information on the history of CD writing and more...
Sysreport is a diagnostic utility. It collects information about the running system, which is used for Red Hat Support to analyze current problems with the system. While sysreport is generally considered non-invasive, diagnostic utilities should always be run with caution.
As with all tools such as this, it requires caution. And its good to be aware of these issues, considering that this tool can allow you to make better security decisions.
Source: IBM Developer Works: Blogs Linux Security - Posted by Ryan Berens
Mayank Sharma, the Linux and security blogger, gives a great quick overview of things to look forward to in regards to Fedora's emphasis on security:
One security enhancements that users will run into is the all-new Firewall configuration tool (system-config-firewall). It's easier to use and has a polished interface compared to the old tool (system-config-securitylevel). You can also now securely manage your virtual machines from a remote host since the libvirt Xen and KVM management API in F8 use SSL/TLS encryption and x509 certificates for client authentication.
Source: Enterprise Networking Planet - Posted by Ryan Berens
Is Ubuntu Security what is claims to be? Some say yes, some say no. Carla Schroeder from Enterprise Networking Planet chimes in on server versus desktop kernel issues, and gives Ubuntu Server a whirl. What are the differences between versions? How does it handle package management, LAMP Stack and Iptable set-up? What about AppArmor?
AppArmor is supposed to be the "real world" alternative to SELinux. Unfortunately there is nothing included that explains the default AppArmor configuration, or how to modify it.
Also:
Some users might have an expectation that Ubuntu Server will be all shiny and easy like Ubuntu Desktop. It's not — you need to know what you're doing, because it doesn't do any hand-holding. It's a honest-to-gosh proper server with no X windows or GUI tools cluttering it up. You can have a GUI via remote administration; for example, Webmin is a high-quality and popular remote GUI adminstration tool for servers.
In the world of security certifications, the Common Criteria is one of the strongest ways that a company can look to gain business from Government agencies. It acts as a great way to gain international business as well.
And as of Thursday, the Red Hat announced that they will be seeking the same certification (but different level) for their Java software, JBOSS.
What are you thoughts on the effectiveness of Common Criteria certifications on actual security, versus as a business and marketing tool?
Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from.
As we get closer to the holidays, I look forward to ogling / wishing / debating over the items listed in any "top holiday buys" catalogs. However, it looks like there are other people wishing to be on Santa's naughty list AND get gifts - check out the article for a look into a recent trend with organized cyber crime. When do you think they'll have their own Home Shopping Network time slot?
Linuxhelp.blogspot.com decides to take EnGarde Secure Linux: Community Edition for a spin in this thorough distro review. He describes the installation, displays screen shots from various aspects of the platform, and goes into some detail regarding managing services, backing up files, checking logs, setting up firewalls, and more. He had this to say about WebTool:
In short the web tool is a one stop shop for troubleshooting and managing your server from a remote location. A very powerful interface indeed.
Source: Network World - Posted by Eckie Silapaswang
In the perpetual battle against spam, Avinti has thrown its hat into the game with its email gateway plugin. Reading through the article presented a very generic description of the tool:
Called NEWT, for Neutralize E-mail-Web Threats, the software is designed to block URLs and IP addresses embedded in inbound spam messages that link to known malware sites, according to company officials.
How does a tool like this stack up to the likes of SpamAssassin or Spamhaus's DROP list? Does Avinti's database of known malware links scale to today's amount of incoming spam?