Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more!
LINUX
ADVISORY WATCH - This week, advisories were released for emacs,
gftp, bidwatcher, mailman, squid, mod_python, kdeedu, gamin, pcmcia, openssh,
postgresql, gimp, midnight commander, gproftpd, cyrus imap, cups, kdelibs, xpdf,
uim, cpio, and vim. The distributors include Debian, Fedora, Gentoo, Mandrake,
Red Hat, and SuSE.
LinuxSecurity.com
Feature Extras:
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
The
Tao of Network Security Monitoring: Beyond Intrusion Detection
- The Tao of Network Security Monitoring is one of the most comprehensive
and up-to-date sources available on the subject. It gives an excellent introduction
to information security and the importance of network security monitoring,
offers hands-on examples of almost 30 open source network security tools,
and includes information relevant to security managers through case studies,
best practices, and recommendations on how to establish training programs
for network security staff.
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Knoppix Hacks
21st, February, 2005
Many people, at least people in the techno-geek world, are familiar
with Knoppix at least far enough to know it is a version of Linux. Some
of those people may even know that it is a portable version of Linux that
is able to boot entirely from the CD without the need for any installation.
But, this book will show those people just how versatile and powerful
a tool Knoppix can be- even for supporting and maintaining Windows systems.
After a nice Chinese New Year break we are pleased to bring
you Issue #36 of the HITB e-zine. This is a pretty interesting issue with
an exclusive article on Red Hat PIE Protection written by Zarul Shahrin
as well as an article on building a simple wireless authenticated gateway
using OpenBSD by Rosli Sukri (member of the HITB CTF Crew).
Version 2.6.12 of the Linux kernel is likely to include packet
filtering that will work with IPv6, the latest version of the Internet
Protocol. Netfilter/iptables, the firewall engine that is part of the
Linux kernel, already allows stateless packet filtering for versions 4
and 6 of the Internet protocol, but only allows stateful packet filtering
for IPv4. Stateful packet filtering is the more secure method, since it
analyses whole streams of packets, rather than only checking the headers
of individual packets -- as is done in stateless packet filtering.
Firewall Builder consists of an object-oriented GUI and a set
of policy compilers for various firewall platforms. In Firewall Builder,
a firewall policy is a set of rules; each rule consists of abstract objects
that represent real network objects and services (hosts, routers, firewalls,
networks, protocols).
Automated Patching: An Easier Approach
to Managing Your Network Security
22nd, February, 2005
Patch management is an essential administration task within
todayÕs busy IT networks with the constant threat of new security bugs.
Some companies will wait for an attack before taking necessary action
to protect themselves from further threat whilst others consider patching
as often as possible.
Attackers could launch malicious code by exploiting vulnerabilities
in a file transferring tool used in many Linux and Unix systems, according
to two security firms. Reston, Va.-based iDefense said the security holes
exist in cURL/libcURL, a command line tool for transferring files with
a URL syntax such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE
and LDAP.
If a tree falls in a forest with no-one to hear it, does it
make a sound? So goes a typical zen-like philosophical question. While
it's thought-provoking, what does it have to do with Intrusion Detection
Systems (IDS)? Simple Ã? if you're not there to watch the tree fall, do
you need to know whether it fell or not? The same principle applies with
IDS.
Staying on my current security theme, O'Reilly has published
a second edition of Linux Server Security by Michael D. Bauer. The book,
targeted toward those managing Internet-connected systems, also known
as bastion hosts, packs a powerful arsenal of security design, theory
and practical configuration schemes into 500 pages.
Oracle has tightened up the security of a number of its products
to allow customers to use them in critical national infrastructures, including
in conjunction with open source technology from Linux. Oracle has met
the Common Criteria Evaluations at the EAL4 level Ã? the highest industry
security level for commercial software Ã? for its Oracle Internet Directory,
a middleware component of Oracle Identity Management; Oracle9i Database
release 2; and the Oracle9i Label Security release 2.
ccording to Gilligan, a new vulnerability is discovered nearly
every day in the commercial software products the Air Force uses Ã? not
just Microsoft, but also Linux, Oracle and Cisco Systems. "What we are
now reaping is the unfortunate consequence of an era of software development
in the 90s, when the rush to get the product to market overrode the importance
of correctness in the quality of the software."
Novell has developed a Linux-based "perimeter security" hardware
appliance that protects companies against security threats such as hackers,
viruses, worms, spam and network intrusions. Novell launched the Novell
Security Manager at last week's RSA conference. It is aimed at small and
medium-sized businesses.
A vulnerability that could allow Web addresses to be spoofed
has been fixed in an updated version of the Firefox browser The Mozilla
Foundation released an update to the Firefox Web browser on Thursday to
fix several vulnerabilities, including one that would allow domain spoofing.
On February 18th, 2005 "John Doe" posted a remote buffer overflow
exploit for the Arkeia Network Backup Client. This vulnerability affected
all known versions of the software, going back as far as the 4.2 series
(when the company was called Knox). The buffer overflow occurs when a
large data section is sent with a packet marked as type 77. The Arkeia
Network Backup Client is your typical backup agent; it runs with the highest
privileges available (root or LocalSystem) and waits for a connection
from the backup server. The Arkeia client and server both use TCP port
617 for communication. According to the SANS ISC, the kids are wasting
no time.
Unpatched Linux systems are lasting longer on the internet before
being compromised, according to a study by the Honeynet Project, a nonprofit
group of security professionals that researches online attackers' methods
and motives. Data from 12 honeynets showed that the average "life expectancy"
of an unpatched Linux system has increased to three months from 72 hours
two years ago.
Intrusion detection software (IDS) first made a serious impression
on the European security market in the late 1990s. As with vulnerability
scanning products, how good it was depended on where it got its database
from and how often it was updated. IDS then languished for a few years
with little variation. Improvements in alerting, refinements in detecting
false positives and more enterprise scalability were the notable developments.
Red Hat spent last week trying to get customers to expect more
from Linux, talking up the release of the first version of its operating
system based on the 2.6 Linux kernel. Red Hat Enterprise Linux 4 adds
a number of security, scalability, desktop, and management features.
Hello, this is officer support of the ISP Police Department.
You say you're worried that someone might try to steal your car? OK, I'm
going to try to troubleshoot this problem for you, but I need you to do
two things. First, I'm going to need you to bring your car down so we
can check it out. But I want you to park your car in a poorly lighted
lot in a shady part of town. Trust me, we handle this kind of thing all
the time.
Computer intruders are learning to play well with others, and
that's bad news for the Internet, according to a panel of law enforcement
officials and legal experts speaking at the RSA Conference in San Francisco
last week. Christopher Painter, deputy director of the Justice Department's
computer crime section, spoke almost nostalgically of the days when hackers
acted "primarily out of intellectual curiosity." Today, he says, cyber
outlaws and serious fraud artists are increasingly working in concert,
or are one and the same. "What we've seen recently is a coming together
of these two groups," said Painter.
Entrepreneur-professor teaches students
to stop hackers, viruses, has lessons for all
Mesh Networking Soars to New Heights
19th, February, 2005
Mesh Networking and community wireless broadband reached new
heights with a world first for Locustworld MeshAP PRO when a Shadow microlight
aircraft flew over Lincolnshire UK and successfully tested air to ground
mesh networking and voice over broadband. South Witham broadband (Lincolnshire
UK) joined forces with Make Me Wireless (Australia) and using LocustWorld
MeshAP PRO and Asterisk VoIP equipment, seamlessly created air to ground
voice communications at 2000 feet with the 16 node South Witham community
broadband network.
