Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more!
LINUX ADVISORY
WATCH - This week, advisories were released for gaim, kdenetwork, squirrelmail,
luxman, hwbrowser, at, bind, openoffice,ipsec-tools, sylpheed, koffice, qt,
ImageMagick, ethereal, udev, libXpm, Ethereal, rmtree, curl, cyrus-sasl, gnupg,
openslp, tetex, postfix, and squid. The distributors include Conectiva, Debian,
Fedora, Gentoo, Mandrake, Red Hat, and SuSE.
LinuxSecurity.com
Feature Extras:
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
The
Tao of Network Security Monitoring: Beyond Intrusion Detection
- The Tao of Network Security Monitoring is one of the most comprehensive
and up-to-date sources available on the subject. It gives an excellent introduction
to information security and the importance of network security monitoring,
offers hands-on examples of almost 30 open source network security tools,
and includes information relevant to security managers through case studies,
best practices, and recommendations on how to establish training programs
for network security staff.
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Fighters Against Child Porn Face Spyware Battle, Too
14th, March, 2005
very person or organization that spends time surfing the Web faces the risk of spyware and viruses. For those who spend time investigating sites that specialize in child pornography and other illicit material, the risk is even greater. That's why software to protect their machines is crucial. The National Center for Missing and Exploited Children on Wednesday began migrating its systems to Active Directory. That deployment had been on hold because of the large quantities of spyware, pop-ups, and other malicious software the center's workers ran into as they investigated potentially illicit Web sites, according to Steve Gelfound, director of IT at the center.
With the recent news of weaknesses in some common security algorithms
(MD4, MD5, SHA-0), many are wondering exactly what these things are:
They form the underpinning of much of our electronic infrastructure,
and in this Guide we'll try to give an overview of what they are and
how to understand them in the context of the recent developments.But
note: though we're fairly strong on security issues, we are not crypto
experts. We've done our best to assemble (digest?) the best available
information into this Guide, but we welcome being pointed to the errors
of our ways.
Mastering the Five Domains of Information Security Management
15th, March, 2005
Certified Information Security Manager (CISM) is a certification
developed by the Information Systems Audit and Control Association (ISACA).
This certification is a confirmation for experienced information security
managers that they know how to manage information security system. The
CISM Prep Guide absorbs the key concepts for each of the five presented
domains. The book should prepare the candidate for the CISM exam with
text, practice tests, and techniques described by two bestselling authors.
By reading this book, a candidate will get some knowledge about five domains
of Information Security Management.
Large enterprises should not use Linux because it is not secure
enough, has scalability problems and could fork into many different flavours,
according to the Agility Alliance, which includes IT heavyweights EDS,
Fuji Xerox, Cisco, Microsoft, Sun, Dell and EMC.
Not content with throwing rocks at the house of Big Blue, EDS
is also turning up its nose at Linux, saying Open Source is still too
risky to be invited into the fold. According to Rasmussen, Linux has some
way to go when it comes to integrating security between high end server
and applications platforms. "People are not content with code that is
run on an open environment. It's when you knit [platforms and applications
together], all these holes appear," Rasmussen said.
Only a day after flaming open source as insecure, unscalable
and unfit for Australian consumption in its Agility Alliance, services
vendor EDS has revealed it really does have a soft spot for the penguin
deep in its heart. Contrary to the stern warnings on open source delivered
by EDS global vice president for Agility Alliance Rob Rasmussen, a case
study posted on EDS' Web site states the "Linux environment provides a
level of security and stability unavailable elsewhere."
When you look in your closet, do you see a pile of obsolete
hardware that you just cannot bring yourself to throw out, despite the
pleas of your family? If you want to share your home Internet connection
and save a little money at the same time, dust off that old hardware and
set up a Linux-based firewall. All you need is a 486 or better processor,
two network adapters (only one if you're on dial-up), a switch or hub,
diskette drive, and 12MB of RAM. In this article, we'll take a look at
floppyfw and Coyote Linux, two free, open source projects that have shrunk
Linux down to diskette size to implement a firewall.
Stealthy, remote system access programs called "rootkits" could
fuel the next big wave of malicious code, and are already beginning to
influence the design of new Internet worms and viruses, according to security
experts. Now security software companies are sitting up and taking notice,
releasing software that can spot and remove rootkits from infected systems.
Hundreds of thousands of Web sites running Windows NT 4 remain -- and will remain -- at risk from attack via a vulnerability patched for other operating systems a month ago, a U.S.-based security firm and a British-based Web monitoring vendor said Thursday. The bug in a key Windows protocol, Server Message Block (SMB), was patched for Windows XP, Windows Server 2003, and Windows 2000 in February, but because NT 4 had reached the end of its support lifecycle December 31, 2004, no public fix was issued by Microsoft. Microsoft does provide security patches for NT 4.0 customers who pay for custom support, a service available through the end of 2006.
Some useful citizen has created an installer that will nail IE with
spyware, even if a surfer is using Firefox (or another alternative browser)
or has blocked access to the malicious site in IE beforehand. The technique
allows a raft of spyware to be served up to Windows users in spite of
any security measures that might be in place. Christopher Boyd, a security
researchers at Vitalsecurity.org, said the malware installer was capable
of working on a range of browsers with native Java support. "The spyware
installer is a Java applet powered by the Sun Java Runtime Environment,
which allows them to whack most browsers out there, including Firefox,
Mozilla, Netscape and others.
Teros security gateway prevents attacks on applications
14th, March, 2005
Teros Secure Application Gateway is an application-layer firewall
that examines standard Web server traffic for security violations, such
as hacker attacks or unauthorized data leaks, and stops them.
SSH Partners With Novell to Promote Secure SUSE LINUX
15th, March, 2005
SSH Communications Security Corp. (HEX: SSH1V), a world-leading
provider of enterprise security solutions and end-to-end communications
security, and the original developer of the Secure Shell protocol, has
joined Novell's Technology Partner Program and today announced that SSH
Tectia supports Novell's SUSE LINUX Enterprise Server 9 running on all
IBM eServer platforms.
Comodo zeros in on next generation of Linux usability
16th, March, 2005
Comodo, a leading provider of critical infrastructure solutions,
has identified lack of usability as the critical hurdle standing between
Linux and total back office server domination.
Are You Leaving Your Security in the Hands of your Web Browser
18th, March, 2005
The Tunneler is a graphical interface compatible with multiple
platforms (Win, OSX, Linux) which creates an encrypted channel or ÒtunnelÓ
between your computer and the Metropipe proxy servers throughout the world.
Once installed, your web browsing and all internet activities that you
send through it are encrypted between your machine and Metropipe, leaving
your machine anonymous. This protects you from the many prying eyes out
there. The ÔTunnelerÕ is controlled by its own application, a simple program
that gives you the freedom to turn it On and Off as you please, and automatically
configures your web browsers (Internet Explorer and Mozilla Firefox) proxies.
Is Firefox a more secure web browser than Microsoft's Internet
Explorer? The answer may be yes, but the issues are more complicated than
most people realize. In fact, Firefox has its share of security problems,
and has probably been saved from real-world attack so far only by its
single-digit market share,
Of the security issues facing banks everywhere, prevention of card fraud has always been a high priority, and is set to grow even further in importance. The level of card fraud has risen significantly over recent years, caused in the main, by the explosion in the number and usage of payment cards and the associated high level of organised card crime activity. For example, over the past decade, fraud losses on UK-issued plastic cards have risen from £96.8m to a staggering £402.4m a year. And these figures do not take into account the ÔsoftÕ costs related to card fraud, such as tarnish to reputation and potential legal costs.
The other day I was browsing through the top virus threats for February and March 2005, looking at the assorted nastiness, when a funny thought occurred to me: is it possible to pick a favorite virus (or virus family)? I think it is. We can look at their innovations and evolution with a source of envy, even if we universally despise them all. All viruses are malicious, nasty little programs written by misguided people. In my book, they are all manifestations of bad intentions by programmers who are well on the road to becoming evil. However... The best viruses are the ones that infect without any human error or intervention at all. And most interesting to me are the ones that innovate with new infection vectors.
I'll tell you a secret. If you're looking for a security consultant during the day and he's not in the office, you might find him in a neighborhood coffee shop consuming large doses of caffeine, and using a laptop with wireless net access. It's nice to people watch, catch up on the news, review technical articles and yes, even work, while enjoying that magic elixir (coffee) thanks to the wonders of WiFi. I find it a great way to take a break. You can imagine my disappointment early last week when I swung by one of my favorite haunts, grabbed a latte, opened up a terminal and watched my SSH attempt fail. Shoot -- their Internet connection must be down.
Reliability and availability: What's the difference?
13th, March, 2005
How do you design a computing system to provide continuous service and to ensure that any failures interrupting service do not result in customer safety issues or loss of customers due to dissatisfaction? Historically, system architects have taken two approaches to answer this question: building highly reliable, fail-safe systems with low probability of failure, or building mostly reliable systems with quick automated recovery. The RAS (Reliability, Availability, Serviceability) concept for system design integrates concepts of design for reliability and for availability along with methods to quickly service systems that can't be recovered automatically.
'Highly critical' security bugs listed for Linux products
13th, March, 2005
Information about several vulnerabilities in Linux and Linux-based
applications that are deemed to be "highly critical" were recently posted
on the security Web site Secunia.com. Debian was cited as a system with
operating system vulnerabilities that could be exploited. Meanwhile,
users running RealNetworks' open-source Helix browser, the open-source
phpWebSite manager utility, as well as users with a network backup product
from Arkeia, were warned of software flaws that could leave systems
potentially open to attack.
Surprisingly, securing a siteÕs production environment is a task that
many ignore until itÕs too late. But the task need not be so onerous.
Several LAMP tools can help shore up security. This month and next,
letÕs look at two LAMP-based tools that can help protect your environment:
Big Fish Firewall for deploying and configuring netfilter- based firewalls,
and SNORT for intrusion detection. Once you realize how simple these
tools are to deploy, youÕll want to get started immediately rather than
after your first security incident.
There's nothing more important than your data. In today's world technology is the driving factor in almost every facet of business life. bar none. More and more, businesses across the globe are becoming what we refer to as "connected", in that they are connecting entire departments of computer equipment together for faster communication and those machines are inevitably tied to the Internet. What many system administrators don't understand is that at this point, their data becomes public domain. What "connected" admins sometimes fail to realize is the age-old basic rule of network computing: our data relies wholly on network security, and a computer network is only as strong as its weakest point.
Newly published research has warned that IT managers are not
as secure as they think they are. According to a poll by research firm
Dynamic Markets, over 90 per cent of IT managers believe that have good
security protection, but 15 per cent of companies surveyed did not have
any IT security systems in place beyond antivirus software and a firewall.
Over a quarter indicated that they had found software that breached security
policies on their networks.
With every year comes inevitable change. Hence, it makes sense
to give your network security programme a formal evaluation to ensure
that it meets your companyÕs changing goals and needs. Ê Let's take a
look at proven techniques that will help you perform effective security
evaluations and create plans that will align your companyÕs security with
your requirements for this year. Ê
The second you send an e-mail from your PC, your personal privacy
probably has been compromised.E-mail messages hop from your computer over
a number of networks to their final destination, but like a postcard from
a vacationer in Mexico, the content can be perused by anyone, at anytime,
before it is delivered, experts told UPI's The Web."E-mail is completely
open," said Jeff Multz, vice president of sales at SecureWorks Inc.,,
a computer security services firm in Atlanta."People think it is secure
when it is sent.
At a recent seminar on information security management, I heard
that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that
the insurance model is dead. Information security needs to give business
value. This sounds like a terrific idea, but the lecturer was unable to
provide a concrete example similar to purchasing justifications that companies
use like: "Yes, we will buy this machine because it makes twice as many
diamond rings per hour and we'll be able corner the Valentine's Day market
in North America."
Internet wiretapping mixes "protected" and targeted messages, Info Age requires rethinking 4th Amendment limits and policies, National Security Agency told Bush administration "Transition 2001" report released through FOIA, Highlights collection of declassified NSA documents Posted on Web by National Security Archive, GWU National Security Archive Electronic Briefing Book No. 24
Online Banking Industry Very Vulnerable to Cross-Site Scripting Frauds
13th, March, 2005
Phishing Attacks reported by members of the Netcraft Toolbar community show that many large banks are neglecting to take sufficient care with the development and testing of their online banking facilities. Well known banks have created an infestation of application bugs and vulnerabilities across the Internet, allowing fraudsters to insert their data collection forms into bona fide banking sites, creating convincing frauds that are undetectable to most customers. Indeed, a personal finance journalist writing for The Motley Fool was brave enough to publicly admit to having fallen for a fraud running on Suntrust's site and having her current account cleaned out. It's a reasonable premise that if a Motley Fool journalist can fall for a fraud, anyone can.
Robert Lyttle, one of two hackers behind the Deceptive Duo team responsible for a number of network breaches in 2002, including a U.S. Navy database, has decided to plead guilty to the charges filed by the U.S. Attorneys' Office last year, according to documents filed in the case. The plea agreement between federal prosecutors and Lyttle in the case U.S. v. Robert Lyttle will be entered in U.S. District Court, Northern District of California, Oakland Division, Friday afternoon as part of a change of plea hearing. Kyle Waldinger, the assistant U.S. attorney listed on the agreement, was not available for comment at press time.
First came phishing scams, in which con artists hooked unwary internet users one by one into compromising their personal data. Now the latest cyberswindle, pharming, threatens to reel in entire schools of victims. Pharmers simply redirect as many users as possible from the legitimate commercial websites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals.
You've set up your Boingo account, you're hanging out at the
Home Turf sports bar in LAX and you figure you'll do a little business
or check your e-mail while sipping a Chardonnay. Well, that's the point
of all this; being able to take care of a few things while in a relaxing
atmosphere. Don't, however, get so relaxed that you ignore security and
give all your confidential information to some unscrupulous hacker. Yeah,
you see the guy. He's over in the corner wearing that fake nose and glasses
with the ridiculous Bozo the Clown cap. Yep, drinking a Blatz.
