LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: January 31st 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Introduction to Troubleshooting Linux Firewalls," "Common Criteria - Salvation For Email Security," and "Do 'irresponsible' security researchers help or hinder?"


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

Linux Advisory Watch - This week, articles were released for libtiff, ethereal, xpdf, squid, xtrlock, sword, unarj, enscript, zhcon, vdr, xine-lib, libpam-radius, kdebase, f2c, cups, alsa-lib, grep, kernel-utils, hal, im-sdk, gphoto, apr, tetex, koffice, kdegraphics, kdelibs, gaim, procps, mailman, mysql, awstats, less, kernel, and xpdf. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux.

LinuxSecurity.com Feature Extras:

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

A 2005 Linux Security Resolution - Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide.

 

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  The encryption factor
  27th, January, 2005

Quantum computing is set to revolutionise the way we work. Trouble is, it could crack any of today's security codes in a fraction of a second, says Charles Arthur.When bankers and spies begin to worry about advances in computing, the rest of us would do well to take notice. What makes them edgy are the advances being made in "quantum computing", which is, as might be expected from the name, as entangled and confusing a field to understand as the branch of physics on which it is based - quantum mechanics.

http://www.linuxsecurity.com/content/view/118097
 
  Introduction to Troubleshooting Linux Firewalls
  25th, January, 2005

Oh no you sayÑnot more management speak! Please, I get enough of that already! Fear not; we promise that we won't waste your time with YAUM (Yet Another Useless Methodology). We want you to find your problem and fix it quickly. So you can call this a process, a method, a way, or if you like, call it a methodologyÑwhatever works for you. What we don't want to do is fill your head with some useless babble. This methodology is hard won from years of solving problems.

http://www.linuxsecurity.com/content/view/118057
 
  Patching up problems
  28th, January, 2005

The race to plug network holes before attackers use them is running system managers ragged--so they're throwing up more barriers to stop intruders. In recent years, the common wisdom has been that keeping up-to-date on software patches is key to safeguarding a company's networks against viruses, worms and other pests. But with dozens of flaws being discovered each week, that approach has turned out to be a Herculean task.

http://www.linuxsecurity.com/content/view/118105
 
  SELinux: Playing with fire
  26th, January, 2005

One of the much-talked-about features in Fedora Core 3 (FC3) is Security-Enhanced Linux, which some people believe will make Linux a truly military-grade secure operating system. But SELinux is available to secure many other distributions as well.

http://www.linuxsecurity.com/content/view/118071
 
  Common Criteria ? Salvation For Email Security
  26th, January, 2005

With the increasing threat of far more sophisticated attacks than just spam and viruses, email security is taking a leap forward. But in implementing new solutions, organisations open up the risk to additional vulnerabilities, because the products they have chosen may not provide an adequate level of security.

http://www.linuxsecurity.com/content/view/118086
 
  The Role Of Email Security In Meeting Regulatory Requirements
  27th, January, 2005

Corporate governance and regulation were one of the dominant themes of 2004 and look set to continue to be so throughout 2005. Corporate governance relates to how an organisation is run, and has repercussions for almost every department ? particularly Finance, HR, Auditing, Procurement and IT. Due to the nature of the potential content of email, ranging from a simple customer query to financial projections, the use of this application demands particular attention to ensure that its management helps to secure regulatory compliance.

http://www.linuxsecurity.com/content/view/118092
 
  Hackers targeted by high-level system
  25th, January, 2005

Running on Windows, Linux or Sun, Defiance TMS was made up of four elements. Defiance Monitor acted as the intrusion detection system (IDS), which would let IT staff monitor for threats. Defiance Gateway was the core IPS protection element, backed up by A Defiance Management Server to store logs and other security data, and the Defiance Security Console for system unified administration.

http://www.linuxsecurity.com/content/view/118056
 
  Coyotos, A New Security-focused OS & Language
  25th, January, 2005

For those who haven't been following the EROS project, it has now migrated to the Coyotos project. EROS, the Extremely Reliable Operating System, was a project to create an operating system whose security relied on capabilities rather than the traditional Unix model of root or non-root.

http://www.linuxsecurity.com/content/view/118055
 
  Open and safe?
  25th, January, 2005

TRUE or false? Open source software like Linux is more secure than Microsoft Windows, a proprietary operating system because there seem to be more virus attacks against it. True? Wrong. This is only a popular perception. Open source software isn't always more secure than its proprietary counterparts, say IT experts.

http://www.linuxsecurity.com/content/view/118054
 
  No end to security sector growth
  27th, January, 2005

The South African IT security industry, worth R1.082Êbillion, is still growing, according to research firm BMI-TechKnowledge. According to the firm's latest findings on the local security market, the industry grew by about 16% in 2003, with that level of growth expected to continue throughout the forecast period 2003 to 2008.

http://www.linuxsecurity.com/content/view/118090
 
  Do 'irresponsible' security researchers help or hinder?
  27th, January, 2005

To many software makers and security consultants, flaw finder David Aitel is irresponsible. The 20-something founder of vulnerability assessment company Immunity hunts down security problems in widely used software products. But unlike an increasing number of researchers, he does not share his findings with the makers of the programs he examines.

http://www.linuxsecurity.com/content/view/118095
 
  Run information security like you run your busines
  28th, January, 2005

Do your CSO, CIO, information security professionals and software developers have measurable quotas and compensation for meeting or exceeding their information security numbers? Chances are, your firm is not running information security like a business unit with a tightly focussed strategy on customers, market and competitors. Without well-defined, standard, vendor-neutral threat models and performance metrics. there cannot be improvement; and improvement is what our customers want.

http://www.linuxsecurity.com/content/view/118102
 
  US to tighten nuclear cyber security
  26th, January, 2005

Federal regulators are proposing to add computer security standards to their criteria for installing new computerized safety systems in nuclear power plants. The US Nuclear Regulatory Commission (NRC) quietly launched a public comment period late last month on a proposed 15-page update to its regulatory guide "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants." The current version, written in 1996, is three pages long and makes no mention of security.

http://www.linuxsecurity.com/content/view/118072
 
  Developer Raps Linux Security Developer Raps Linux Security
  26th, January, 2005

Brad Spengler of grsecurity characterized the Linux Security Model, or LSM, as merely a way to allow the National Security Agency's SELinux to be used as a module. "The framework is unfit for any security system that does anything remotely innovative, such as grsecurity and RSBAC [Rule Set-Based Access Control]," he declared.

http://www.linuxsecurity.com/content/view/118084
 
  'Evil twin' could pose Wi-Fi threat
  26th, January, 2005

Researchers at Cranfield University are warning that "evil twin" hot spots, networks set up by hackers to resemble legitimate Wi-Fi hot spots, present the latest security threat to Web users. Attackers interfere with a connection to the legitimate network by sending a stronger signal from a base station close to the wireless client, turning the fake access point into a so-called evil twin.

http://www.linuxsecurity.com/content/view/118085
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Plundered Israeli Defense Firms that Built Iron Dome Missile Defense System
Internet of things big security worry, says HP
Boffins build FREE SUPERCOMPUTER from free cloud server trials
Insecure Connections: Enterprises hacked after neglecting third-party risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.