Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more!
Linux
Advisory Watch - This week, articles were released for libtiff,
ethereal, xpdf, squid, xtrlock, sword, unarj, enscript, zhcon, vdr, xine-lib,
libpam-radius, kdebase, f2c, cups, alsa-lib, grep, kernel-utils, hal, im-sdk,
gphoto, apr, tetex, koffice, kdegraphics, kdelibs, gaim, procps, mailman, mysql,
awstats, less, kernel, and xpdf. The distributors include Conectiva, Debian,
Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux.
LinuxSecurity.com
Feature Extras:
The
Tao of Network Security Monitoring: Beyond Intrusion Detection
- The Tao of Network Security Monitoring is one of the most comprehensive
and up-to-date sources available on the subject. It gives an excellent introduction
to information security and the importance of network security monitoring,
offers hands-on examples of almost 30 open source network security tools,
and includes information relevant to security managers through case studies,
best practices, and recommendations on how to establish training programs
for network security staff.
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
A
2005 Linux Security Resolution - Year 2000, the coming of the
new millennium, brought us great joy and celebration, but also brought great
fear. Some believed it would result in full-scale computer meltdown, leaving
Earth as a nuclear wasteland. Others predicted minor glitches leading only
to inconvenience. The following years (2001-2004) have been tainted with the
threat of terrorism worldwide.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
The encryption factor
27th, January, 2005
Quantum computing is set to revolutionise the way we work. Trouble
is, it could crack any of today's security codes in a fraction of a second,
says Charles Arthur.When bankers and spies begin to worry about advances
in computing, the rest of us would do well to take notice. What makes
them edgy are the advances being made in "quantum computing", which is,
as might be expected from the name, as entangled and confusing a field
to understand as the branch of physics on which it is based - quantum
mechanics.
Oh no you sayÑnot more management speak! Please, I get enough
of that already! Fear not; we promise that we won't waste your time with
YAUM (Yet Another Useless Methodology). We want you to find your problem
and fix it quickly. So you can call this a process, a method, a way, or
if you like, call it a methodologyÑwhatever works for you. What we don't
want to do is fill your head with some useless babble. This methodology
is hard won from years of solving problems.
The race to plug network holes before attackers use them is
running system managers ragged--so they're throwing up more barriers to
stop intruders. In recent years, the common wisdom has been that keeping
up-to-date on software patches is key to safeguarding a company's networks
against viruses, worms and other pests. But with dozens of flaws being
discovered each week, that approach has turned out to be a Herculean task.
One of the much-talked-about features in Fedora Core 3 (FC3)
is Security-Enhanced Linux, which some people believe will make Linux
a truly military-grade secure operating system. But SELinux is available
to secure many other distributions as well.
With the increasing threat of far more sophisticated attacks
than just spam and viruses, email security is taking a leap forward. But
in implementing new solutions, organisations open up the risk to additional
vulnerabilities, because the products they have chosen may not provide
an adequate level of security.
The Role Of Email Security In Meeting Regulatory Requirements
27th, January, 2005
Corporate governance and regulation were one of the dominant
themes of 2004 and look set to continue to be so throughout 2005. Corporate
governance relates to how an organisation is run, and has repercussions
for almost every department Ã? particularly Finance, HR, Auditing, Procurement
and IT. Due to the nature of the potential content of email, ranging from
a simple customer query to financial projections, the use of this application
demands particular attention to ensure that its management helps to secure
regulatory compliance.
Running on Windows, Linux or Sun, Defiance TMS was made up of
four elements. Defiance Monitor acted as the intrusion detection system
(IDS), which would let IT staff monitor for threats. Defiance Gateway
was the core IPS protection element, backed up by A Defiance Management
Server to store logs and other security data, and the Defiance Security
Console for system unified administration.
For those who haven't been following the EROS project, it has
now migrated to the Coyotos project. EROS, the Extremely Reliable Operating
System, was a project to create an operating system whose security relied
on capabilities rather than the traditional Unix model of root or non-root.
TRUE or false? Open source software like Linux is more secure
than Microsoft Windows, a proprietary operating system because there seem
to be more virus attacks against it. True? Wrong. This is only a popular
perception. Open source software isn't always more secure than its proprietary
counterparts, say IT experts.
The South African IT security industry, worth R1.082Êbillion,
is still growing, according to research firm BMI-TechKnowledge. According
to the firm's latest findings on the local security market, the industry
grew by about 16% in 2003, with that level of growth expected to continue
throughout the forecast period 2003 to 2008.
Do 'irresponsible' security researchers help or hinder?
27th, January, 2005
To many software makers and security consultants, flaw finder
David Aitel is irresponsible. The 20-something founder of vulnerability
assessment company Immunity hunts down security problems in widely used
software products. But unlike an increasing number of researchers, he
does not share his findings with the makers of the programs he examines.
Run information security like you run your busines
28th, January, 2005
Do your CSO, CIO, information security professionals and software
developers have measurable quotas and compensation for meeting or exceeding
their information security numbers? Chances are, your firm is not running
information security like a business unit with a tightly focussed strategy
on customers, market and competitors. Without well-defined, standard,
vendor-neutral threat models and performance metrics. there cannot be
improvement; and improvement is what our customers want.
Federal regulators are proposing to add computer security standards
to their criteria for installing new computerized safety systems in nuclear
power plants. The US Nuclear Regulatory Commission (NRC) quietly launched
a public comment period late last month on a proposed 15-page update to
its regulatory guide "Criteria for Use of Computers in Safety Systems
of Nuclear Power Plants." The current version, written in 1996, is three
pages long and makes no mention of security.
Developer Raps Linux Security
Developer Raps Linux Security
26th, January, 2005
Brad Spengler of grsecurity characterized the Linux Security
Model, or LSM, as merely a way to allow the National Security Agency's
SELinux to be used as a module. "The framework is unfit for any security
system that does anything remotely innovative, such as grsecurity and
RSBAC [Rule Set-Based Access Control]," he declared.
Researchers at Cranfield University are warning that "evil twin"
hot spots, networks set up by hackers to resemble legitimate Wi-Fi hot
spots, present the latest security threat to Web users. Attackers interfere
with a connection to the legitimate network by sending a stronger signal
from a base station close to the wireless client, turning the fake access
point into a so-called evil twin.
