Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
LINUX ADVISORY WATCH - This week, advisories were released for mod_python, bsmtpd, gaim, bind, gnucash, dhcp, at vixie-cron, lam, pvm, radvd, selinux-targeted- policy, tcsh, openoffice, gamin, cmd5checkpw, uim, UnAce, MediaWiki, phpBB, phpWebSite, xli, xloadimage, firefox, squid, kdenetwork, nvidia, curl, uw-imap, and cyrus-sasl. The distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE.
LinuxSecurity.com Feature Extras:
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.
Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Firewalls' False Sense of Security | ||
|
1st, March, 2005
The Internet front door to almost every bank and financial services company in the world is guarded by two sets of firewalls defining a DMZ. Nearly every e-commerce site sits in a similar DMZ in what has become the de facto standard in Web security architecture. According to Sun Microsystems, "In today's tumultuous times, having a sound firewall/DMZ environment is your first line of defense against external threats." But I would argue that guarding the perimeter is lulling organizations into a false sense of security that results in ignoring the implementation of other security mechanisms in their applications and databases. |
||
| Firewall warns dealers of physical security threat | ||
|
1st, March, 2005
Specialist distributor, Firewall Systems, is warning resellers to start thinking of security as a managed service or risk losing market share to physical security providers. Firewall marketing director, Nick Verykios, said physical security players such as Chubb were already providing IP-based services, adding data to their stack as the markets continued to converge. |
||
| Where's the security leadership | ||
|
4th, March, 2005
This year's RSA Conference was another opportunity for the security glitterati to shine. The event, which attracted a record 13,000 visitors, also was a testament to how hot the security market is. |
||
| How secure is your computer? | ||
|
28th, February, 2005
StillSecure attached six computers - loaded with different versions of the Windows, Linux and Apple's Macintosh operating systems - earlier this month to the Internet without anti-virus software. The results show the Internet is a very rough place. Over the course of a week, the machines were scanned a total of 46,255 times by computers around the world that crawl the Web looking for vulnerabilities in operating systems. |
||
| Real Player under Attack | ||
|
2nd, March, 2005
For Linux the RealPlayer 10 and the Helix Player are affected. No fixed versions are available for this. The Player for Symbian and PalmOS are not concerned by the weak spots.RealNetworks classifies the security gaps as critical and recommends all users to install the available updates. Under Windows and Mac OS the update functionÊof the Player can be used. |
||
| Two Sides of Vulnerability Scanning | ||
|
28th, February, 2005
There are two approaches to network vulnerability scanning, active and passive. The active approach encompasses everything an organization does to foil system breaches, while the passive (or monitoring) approach entails all the ways the organization oversees system security. When making buying decisions for your organization, it's a mistake to think that you have to choose between the two types of protection. |
||
| Realistic SELinux | ||
|
2nd, March, 2005
SElinux is an impressively designed but notoriously hard-to-configure set of kernel hooks that enforce Orange Book-style security on Linux. Full support for SELinux takes effort, but when I first heard about Fedora's new targeted policies for SELinux, I was willing to tell the Red Hat folks "thanks, but no thanks." A conversation with their Dan Walsh changed my mind. |
||
| Easy Automated Snapshot-Style Backups with Linux and Rsync | ||
|
3rd, March, 2005
This document describes a method for generating automatic rotating "snapshot"-style backups on a Unix-based system, with specific examples drawn from the author's GNU/Linux experience. Snapshot backups are a feature of some high-end industrial file servers; they create the illusion of multiple, full backups per day without the space or processing overhead. All of the snapshots are read-only, and are accessible directly by users as special system directories. |
||
| Linux Security Rough Around The Edges, But Improving | ||
|
4th, March, 2005
The National Security Agency built a version of Linux with more security tools that its technologists believe could help make the country's computing infrastructure less vulnerable. They won over the Linux developer community with the changes. But its success depends on the adoption by U.S. companies and government agencies, something that remains very much in doubt. |
||
| Opera Targets Browser Vulnerability | ||
|
1st, March, 2005
Taking a cue from Firefox and others, software developer Opera is updating the latest iteration of its Web browser to combat phishing attacks that take advantage of a domain name vulnerability. To address the emerging Internationalized Domain Names (IDN) issue, the second Beta version of the Opera browser displays localized domain names from certain top level domains (TLD). It selects TLDs that have stringent policies on the domain names they register. The Norwegian firm said it will update its list of trusted TLDs on a regular basis to further protect users. |
||
| French Ministry of Education and Research and Mandrakesoft | ||
|
2nd, March, 2005
Mandrakelinux products cover needs from the desktop (with the PowerPack) to critical infrastructure functions (with the Multi Network Firewall). The Multi Network Firewall operating system is able to control access to both an organisation's private intranet and the public internet. Mandrakesoft products are part of the software library which has been selected to modernize the infrastructure of France's education system. As well as the applications themselves, Mandrakesoft will deliver technical support and training to staff. |
||
| Computer Security 101 | ||
|
1st, March, 2005
This sort of basic firewall has some issues that can be exploited by hackers and malicious programmers to sneak through which is why there are more advanced firewall systems. I mentioned that with this sort of port blocking, communications in response to connections initiated by your computer would be allowed through even on ports you were blocking. Using this knowledge, a hacker can forge the packet to make it look like it is a reply rather than an initiation of a connection and the firewall will allow it through. |
||
| Why you should perform regular security audits | ||
|
2nd, March, 2005
Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday! In less than a decade, Internet security has evolved from an almost esoteric topic to become one of the more important facets of modern computing. And yet it's a rarity to find companies that actually consider information security to be an important job function for all workers--and not just the IT department's problem. |
||
| Linux starts to take a more central IT role | ||
|
3rd, March, 2005
"It's as deep as it will get for us. It's what we're betting the data center on," said Jon Fraley, a Linux administrator at Glen Raven. In December, the Glen Raven, North Carolina-based textile manufacturer finished moving mission-critical Oracle databases from an aging 24-CPU Hewlett-Packard server running Unix to four-way HP servers that are based on Intel Xeon processors and run Red Hat's Linux distribution. |
||
| Security market "worth $5.5bn by 2008" | ||
|
4th, March, 2005
The security software and appliance market rose by 30 per cent last year and is predicted to be worth $5.5billion worldwide by 2008 according to a new report. The figures, by analysts Infonetics Research, show growth in all security categories except the Firewall/VPN market. Last year revenue topped $3.7billion for the whole market. |
||
| Managed Security Service Expands Compliance Capabilities | ||
|
3rd, March, 2005
"RES" Information Security and Threat Management solution provides a perfect blend of best practices and industry standards that our enterprise customers need to comply with growing regulatory requirements," said Douglas Adams, RESÕ vice president of sales and marketing. "RES is committed to providing the most innovative managed services designed to meet the quality-of-service demands of our Fortune 500 and Fortune 1000 enterprise customers." |
||
| Find wireless rogues without sensors | ||
|
3rd, March, 2005
I finally settled on a strategy for wireless security. As wireless access points began appearing on our company's network, we configured them with Cisco's Lightweight Extensible Access Protocol (read my previous article, Migrate WLANs away from Cisco's LEAP). LEAP forces users to authenticate to the access point with their enterprise credentials - the same credentials used for virtual private network access, as well as services such as payroll and Microsoft Exchange e-mail. That's because we use a centralised directory that ties into most of our core applications and lets employees use a single password to sign on. |
||
