FREE ANTI-SPAM EVALUATION: Roaring Penguin Software - At last! An anti-spam solution that lets you stop spam on YOUR terms by giving you full control over its setup and administration. CanIt-PRO provides you with as much (or as little!) administrative and end-user control as you want. Try a free 20-day evaluation and test it out yourself. Click to find out more!
Information Security Techniques
When addressing matters of information confidentiality, integrity, and availability, there are four perspectives that can be taken when introducing security controls. A control can be a protection, detection, response, or assurance mechanism. It is not uncommon for a single control to provide information security on multiple levels.
Protection
A protection mechanism is used to prevent security incidents from occurring. Examples
of protection mechanisms include: firewall rules, access control lists, encrypting packets
that transverse over a network, passwords, biometrics, etc.
Detection
It is an information security mechanism that detects when an incident is occurring, and
allows a business to adjust its course of action. Detection mechanisms include:
intrusion detection systems, virus/spam scanners, vulnerability scanning, quotas, logging
alerts, etc. Detection mechanisms often lead into response mechanisms, and are often
the same as or similar to assurance mechanisms.
Response
A response mechanism addresses the consequences of a security incident and helps
the organization return to a normal state. Response mechanisms can either be in the
form of technical security controls (e.g. intrusion prevention system), policy (e.g.
requiring a computer emergency response team), or procedures developed for all
persons to follow during an incident.
Assurance
Assurance mechanisms give management or third parties the ability to verify the
effectiveness of the security controls in place. It may include logging, auditing, and
reporting capabilities. Assurance is important to help justify further expenditure on
information security projects.
Until next time, cheers!
LinuxSecurity.com Feature Extras:
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.
Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Contectiva | ||
Conectiva: ethereal Fixes for security vulnerabilities in ethereal | ||
28th, March, 2005
Ethereal[1] is a powerful network traffic analyzer with a graphical user interface (GUI). |
||
Conectiva: kernel Kernel fixes | ||
31st, March, 2005
The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. |
||
Debian | ||
Debian: New netkit-telnet packages fix arbitrary code execution | ||
29th, March, 2005
Updated package. advisories/debian/debian-new-netkit-telnet-packages-fix-arbitrary-code-execution |
||
Debian: New mc packages fix buffer overflow | ||
29th, March, 2005
Updated package. advisories/debian/debian-new-mc-packages-fix-buffer-overflow |
||
Debian: New netkit-telnet-ssl packages fix arbitrary code execution | ||
29th, March, 2005
Updated package. advisories/debian/debian-new-netkit-telnet-ssl-packages-fix-arbitrary-code-execution |
||
Debian: New mailreader packages fix cross-site scripting vulnerability | ||
30th, March, 2005
Updated package. advisories/debian/debian-new-mailreader-packages-fix-cross-site-scripting-vulnerability |
||
Debian: New samba packages fix arbitrary code execution | ||
31st, March, 2005
Updated package. advisories/debian/debian-new-samba-packages-fix-arbitrary-code-execution-10804 |
||
Fedora | ||
Fedora Core 2 Update: mozilla-1.7.6-1.2.2 | ||
25th, March, 2005
A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. advisories/fedora/fedora-core-2-update-mozilla-176-122-16-39-00-118704 |
||
Fedora Core 3 Update: lsof-4.72-2.2 | ||
24th, March, 2005
Updated package. advisories/fedora/fedora-core-3-update-lsof-472-22-13-24-00-118697 |
||
Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.90 | ||
24th, March, 2005
Updated package. advisories/fedora/fedora-core-3-update-selinux-policy-targeted-11730-290-13-25-00-118698 |
||
Fedora Core 3 Update: thunderbird-1.0.2-1.3.2 | ||
24th, March, 2005
There was an issue with a patch being incorrectly applied which caused the Advanced Preferences panel to fail to load. advisories/fedora/fedora-core-3-update-thunderbird-102-132-15-17-00-118699 |
||
Fedora Core 2 Update: epiphany-1.2.10-0.2.1 | ||
25th, March, 2005
There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a later version of mozilla which is not vulnerable to these flaws. advisories/fedora/fedora-core-2-update-epiphany-1210-021-16-39-00-118705 |
||
Fedora Core 2 Update: devhelp-0.9.1-0.2.5 | ||
25th, March, 2005
There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a later version of mozilla which is not vulnerable to these flaws. advisories/fedora/fedora-core-2-update-devhelp-091-025-16-40-00-118706 |
||
Fedora Core 2 Update: kernel-2.6.10-1.771_FC2 | ||
28th, March, 2005
Updated Package. advisories/fedora/fedora-core-2-update-kernel-2610-1771fc2-16-56-00-118717 |
||
Fedora Core 3 Update: squirrelmail-1.4.4-1.FC3 | ||
28th, March, 2005
Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4 advisories/fedora/fedora-core-3-update-squirrelmail-144-1fc3-17-37-00-118719 |
||
Fedora Core 2 Update: squirrelmail-1.4.4-1.FC2 | ||
28th, March, 2005
Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4 advisories/fedora/fedora-core-2-update-squirrelmail-144-1fc2-17-38-00-118720 |
||
Fedora Core 3 Update: spamassassin-3.0.2-0.fc3 | ||
28th, March, 2005
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/changes302 Upstream bug fixes. advisories/fedora/fedora-core-3-update-spamassassin-302-0fc3-17-38-00-118721 |
||
Fedora Core 2 Update: mozilla-1.7.6-1.2.5 | ||
29th, March, 2005
This update supercedes the previous 1.7.6-1.2.2 which mistakenly had dependencies on FC3. advisories/fedora/fedora-core-2-update-mozilla-176-125-11-35-00-118731 |
||
Fedora Core 2 Update: sylpheed-1.0.4-0.fc2 | ||
29th, March, 2005
Updated package. advisories/fedora/fedora-core-2-update-sylpheed-104-0fc2-11-36-00-118732 |
||
Fedora Core 3 Update: sylpheed-1.0.4-0.fc3 | ||
29th, March, 2005
Updated package. advisories/fedora/fedora-core-3-update-sylpheed-104-0fc3-11-36-00-118733 |
||
Fedora Core 2 Update: krb5-1.3.6-4 | ||
29th, March, 2005
Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. advisories/fedora/fedora-core-2-update-krb5-136-4-14-30-00-118735 |
||
Fedora Core 3 Update: krb5-1.3.6-5 | ||
29th, March, 2005
Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. advisories/fedora/fedora-core-3-update-krb5-136-5-14-30-00-118736 |
||
Fedora Core 3 Update: xorg-x11-6.8.2-1.FC3.13 | ||
29th, March, 2005
An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. advisories/fedora/fedora-core-3-update-xorg-x11-682-1fc313-21-30-00-118739 |
||
Fedora Core 2 Update: xorg-x11-6.7.0-14 | ||
29th, March, 2005
An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. advisories/fedora/fedora-core-2-update-xorg-x11-670-14-21-31-00-118740 |
||
Fedora Core 3 Update: system-config-services-0.8.21-0.fc3.1 | ||
30th, March, 2005
Updated package. advisories/fedora/fedora-core-3-update-system-config-services-0821-0fc31-10-32-00-118748 |
||
Fedora Core 3 Update: telnet-0.17-32.FC3.2 | ||
30th, March, 2005
Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. advisories/fedora/fedora-core-3-update-telnet-017-32fc32-10-33-00-118749 |
||
Fedora Core 3 Update: foomatic-3.0.2-13.3 | ||
30th, March, 2005
This is an update to a newer version. advisories/fedora/fedora-core-3-update-foomatic-302-133-10-34-00-118750 |
||
Fedora Core 2 Update: squid-2.5.STABLE9-1.FC2.2 | ||
30th, March, 2005
Updated package. advisories/fedora/fedora-core-2-update-squid-25stable9-1fc22-10-57-00-118751 |
||
Fedora Core 3 Update: squid-2.5.STABLE9-1.FC3.4 | ||
30th, March, 2005
Updated package. advisories/fedora/fedora-core-3-update-squid-25stable9-1fc34-10-58-00-118752 |
||
Fedora Core 2 Update: telnet-0.17-28.FC2.1 | ||
30th, March, 2005
Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. advisories/fedora/fedora-core-2-update-telnet-017-28fc21-12-54-00-118753 |
||
Fedora Core 2 Update: ImageMagick-6.2.0.7-2.fc2 | ||
30th, March, 2005
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. advisories/fedora/fedora-core-2-update-imagemagick-6207-2fc2-13-53-00-118754 |
||
Fedora Core 3 Update: ImageMagick-6.2.0.7-2.fc3 | ||
30th, March, 2005
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. advisories/fedora/fedora-core-3-update-imagemagick-6207-2fc3-13-54-00-118755 |
||
Fedora Core 2 Update: gdk-pixbuf-0.22.0-12.fc2 | ||
30th, March, 2005
David Costanzo found a bug in the way gdk-pixbuf processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against gdk-pixbuf. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. advisories/fedora/fedora-core-2-update-gdk-pixbuf-0220-12fc2-13-54-00-118756 |
||
Fedora Core 3 Update: gdk-pixbuf-0.22.0-16.fc3 | ||
30th, March, 2005
David Costanzo found a bug in the way gdk-pixbuf processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against gdk-pixbuf. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. advisories/fedora/fedora-core-3-update-gdk-pixbuf-0220-16fc3-13-55-00-118757 |
||
Fedora Core 2 Update: gtk2-2.4.14-2.fc2 | ||
30th, March, 2005
David Costanzo found a bug in the way GTK+ processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against GTK+. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. advisories/fedora/fedora-core-2-update-gtk2-2414-2fc2-13-56-00-118758 |
||
Fedora Core 3 Update: gtk2-2.4.14-3.fc3 | ||
30th, March, 2005
David Costanzo found a bug in the way GTK+ processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against GTK+. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. advisories/fedora/fedora-core-3-update-gtk2-2414-3fc3-13-58-00-118759 |
||
Fedora Core 3 Update: initscripts-7.93.7-1 | ||
30th, March, 2005
This update fixes various bugs, including several IPSEC bugs. advisories/fedora/fedora-core-3-update-initscripts-7937-1-17-27-00-118761 |
||
Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.93 | ||
30th, March, 2005
Updated package. advisories/fedora/fedora-core-3-update-selinux-policy-targeted-11730-293-23-47-00-118762 |
||
Gentoo | ||
Gentoo: mpg321 Format string vulnerability | ||
28th, March, 2005
A flaw in the processing of ID3 tags in mpg321 could potentially lead to the execution of arbitrary code. |
||
Mandrake | ||
Mandrake: Updated krb5 packages fix | ||
29th, March, 2005
Two buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitray code on the victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Kerberos package contains a telnet client and is patched to deal with these issues. |
||
Mandrake: Updated ipsec-tools packages | ||
31st, March, 2005
A bug was discovered in the way that the racoon daemon handled incoming ISAKMP requests. It is possible that an attacker could crash the racoon daemon by sending a specially crafted ISAKMP packet. The updated packages have been patched to correct these issues. |
||
Mandrake: Updated libexif packages fix | ||
31st, March, 2005
A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash. The updated packages have been patched to correct these issues. |
||
Mandrake: Updated htdig packages fix | ||
31st, March, 2005
A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue. |
||
Red Hat | ||
RedHat: Moderate: grip security update | ||
28th, March, 2005
A new grip package is available that fixes a remote buffer overflow. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-grip-security-update-RHSA-2005-304-01 |
||
RedHat: Important: telnet security update | ||
28th, March, 2005
Updated telnet packages that fix two buffer overflow vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-telnet-security-update-RHSA-2005-327-01 |
||
RedHat: Important: mysql security update | ||
28th, March, 2005
Updated mysql packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-mysql-security-update-80062 |
||
RedHat: Important: krb5 security update | ||
30th, March, 2005
Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-krb5-security-update-66067 |
||
RedHat: Moderate: XFree86 security update | ||
30th, March, 2005
Updated XFree86 packages that fix a libXpm integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-xfree86-security-update-23391 |
||
SuSE | ||
SuSE: several kernel security problems | ||
24th, March, 2005
The Linux kernel is the core component of the Linux system. Several vulnerabilities were reported in the last few weeks which is fixed by this update. |
||
SuSE: MySQL vulnerabilities | ||
24th, March, 2005
MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar. |
||
SuSE: ipsec-tools remote denial of service | ||
31st, March, 2005
Racoon is a ISAKMP key management daemon used in IPsec setups. |
||