DEMYSTIFY
THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution
market and its various choices and buzzwords can be daunting task. This free whitepaper
from Roaring Penguin Software helps you cut through the hype and focus on the
basics: determining what anti-spam features you need, whether a solution you are
considering includes them, and to what degree. Find
out more! LINUX ADVISORY
WATCH - This week, advisories were released for MySQL, samba, ImageMagick,
krb5, remstats, wu-ftpd, sharutils, util-linux, words, gaim, e2fsprogs, subversion,
ipsec-tools, libexif, htdig, grip, gtk2, tetex, curl, gdk-pixbuf, and XFree86.
The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat,
and SuSE.
LinuxSecurity.com
Feature Extras:
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
The
Tao of Network Security Monitoring: Beyond Intrusion Detection
- The Tao of Network Security Monitoring is one of the most comprehensive
and up-to-date sources available on the subject. It gives an excellent introduction
to information security and the importance of network security monitoring,
offers hands-on examples of almost 30 open source network security tools,
and includes information relevant to security managers through case studies,
best practices, and recommendations on how to establish training programs
for network security staff.
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
The Hacker-Proof Network
5th, April, 2005
In Cambridge, Mass., not too far from the Charles River, which
cuts near Harvard and M.I.T., David Pearson is attempting to build an
un-hackable network.
The security risk of hard disk password protection
4th, April, 2005
In most notebooks the hard disk can be protected against unauthorized
access with the aid of a password. Without it the disk, even went inserted
into another computer, cannot be made to divulge its data. This security
function has meanwhile become a feature of almost all 3.5" ATA hard disks
and presents a full-blown security loophole.
I hadn't actually noticed the Security Innovation study comparing the frequency of reported security problems in the Windows and open source web application server stacks. These kinds of surveys and tests are pretty easily manipulated. But since eSchool News has an article on the matter, I might as well weigh in.
If you're interested in this matter at all, you should go straight
to the primary source material: the Red Hat and Microsoft security advisories.
Your milage may vary, but my scans of the two lists shows a lot of Red
Hat fixes that are mostly irrelevant to my simple web server, unless
I've given lots of untrustworthy and industriously malicious people
shell access to log in to the server. On the other hand, I see lots
more references to "remote code execution" on the Microsoft site, which
is what I'm really afraid of when I'm exposing a server to the internet.
When a hacker broke into the network at George Mason University
(VA) earlier this year, IT officials were absolutely powerless to stop
him. Within minutes, the hacker compromised the school’s main Windows
2000 server and gained access to information that included names, Social
Security numbers, university identification numbers, and even photographs
of almost everyone on campus. Next, he poked around for a back door into
other GMU servers that store information such as student grades, financial
aid, and payroll.
Hacker tools are growing more sophisticated and automated. Hackers can now quickly adapt to new security vulnerabilities as they are uncovered and distribute the fruits of their exploits more widely with the help of automated toolkits. And they're employing an ever-increasing range of methods to find individuals' and companies' private information and use it to their own advantage.
And yet many of us have a false sense of security about our own data and networks.
We install a firewall at the perimeter, put anti-virus and anti-spyware
tools on our desktops, and use encryption to send and store data. Microsoft
and the big security companies provide ever-improving tools and patches
to protect us. Although others who are less careful might be at risk,
we're safe, right?
Around 22:30 GMT on March 3, 2005 the SANS Internet Storm Center began receiving reports from multiple sites about DNS cache poisoning attacks that were redirecting users to websites hosting malware. As the "Handler on Duty" for March 4, I began investigating the incident over the course of the following hours and days. This report is intended to provide useful details about this incident to the community.
The initial reports showed solid evidence of DNS cache poisoning,
but there also seemed to be a spyware/adware/malware component at work.
After complete analysis, the attack involved several different technologies:
dynamic DNS, DNS cache poisoning, a bug in Symantec firewall/gateway
products, default settings on Windows NT4/2000, spyware/adware, and
a compromise of at least 5 UNIX webservers. We received information
the attack may have started as early as Feb. 22, 2005 but probably only
affected a small number of people.
DNSSEC, which stands for DNS Security Extensions, is a method
by which DNS servers can verify that DNS data is coming from the correct
place, and that the response is unadulterated. In this article we will
discuss what DNSSEC can and cannot do, and then show a simple ISC Bind
9.3.x configuration example.
The InfoCon is currently set at yellow in response to the DNS
cache poisoning issues that we have been reporting on for the last several
days. We originally went to yellow because we were uncertain of the mechanisms
that allowed seemingly "secure" systems to be vulnerable to this issue.
Now that we have a better handle on the mechanisms, WE WANT TO GET THE
ATTENTION OF ISPs AND ANY OTHERS WHO RUN DNS SERVERS THAT MAY ACT AS FORWARDS
FOR DOWNSTREAM Microsoft DNS SYSTEMS. If you are running BIND, please
consider updating to Version 9.
In a meeting with an engineer (Jonathan Hogue) from a security
company called Okena (recently acquired by Cisco), I was introduced to
the concept of the five Ps. Hogue graciously gave me the presentation
slide and I use it all the time. There are a lot of models of how an attack
progresses, but this is the best I've seen. These five steps follow an
attack's progression whether the attack is sourced from a person or an
automated worm or script. We will concentrate on the Probe and Penetrate
phases here, since these are the stages that Snort monitors. Hopefully,
the attacker won't get past these phases without being noticed. The five
Ps are Probe, Penetrate, Persist, Propagate, and Paralyze.
When we turn our minds to matters of e-security, our first thoughts
tend to be about defenses such as firewalls and intrusion detection. And
rightly so. After all, there is much wisdom in the pursuit of prevention
before cure. But, what happens when our defenses are breached? How should
we respond to such an incident?
Enterprise Linux users should update their installations of
XFree86 to remedy several security holes, some of which could allow attackers
to take over a system. According to an advisory released by Red Hat affected
operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3
and Enterprise Linux WS 3.
Microsoft's efforts to improve the security of Windows have
paid off, leading to significant improvements in patch management and
other areas, according to executives from North American companies surveyed
by Yankee Group. The Linux-Windows 2005 TCO Comparison Survey, to be published
in full in June, is based on responses from 509 companies of all sizes
in markets such as healthcare, academia, financial services, legal, media,
retail and government, Yankee Group said this week.
Red Hat is warning enterprise Linux users to update their installations of XFree86 to fix a number of serious security bugs, some of which could allow attackers to take over a system.
The affected operating systems include Enterprise Linux AS 3, Enterprise Linux
ES 3 and Enterprise Linux WS 3, Red Hat said in an advisory.
A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.
Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security
information company said in an advisory on Monday. The flaw stems from
an error in the JavaScript engine that can expose arbitrary amounts
of heap memory after the end of a JavaScript string. As a result, an
exploit may disclose sensitive information in the memory, Secunia said.
Publicity surrounding the JavaScript flaw shows “the open source
system is working,� said Greg Minchak, an analyst with the Open Source
Industry Alliance. “The open source community swarms to a problem the
moment it’s made known.�
The Day After: Your First Response To A Security Breach
4th, April, 2005
The security incident is over. The techs have all gone home
and are snug in their beds, dreaming of flawless code trees and buffer-overflow
repellent. Upper management has done all the damage control they can.
Everyone's shifting back into their normal activities and schedules. Everyone,
that is, except you. What can you do to prevent this from ever happening
again?
In late March we mentioned that Sybase were making threats against
a security company about disclosure of security flaws they found in Sybase
code and a French company that took a security researcher to court and
had him fined 5000 Euro. Going from this Register story, it looks like
Sybase and NGSSoftware are going to settle their dispute amicably, but
it really does bring into view a point that many in the Open Source community
have been trying to make known for ages.
Security concerns are the main reason IT managers consider switching from Windows to Linux on the desktop - but the cost of migration and compatibility issues remain significant barriers, according to a new study.
Concerns about Windows security vulnerabilities and the high cost
of keeping Windows secure were named as the top motivations for moving
away from Microsoft's ubiquitous operating system in the online survey
of nearly 1,700 IT professionals by analyst house Quocirca.
As government agencies are being forced to do more with a smaller
budget more agencies are turning to the open source movement for a solution.In
Mississippi three counties and 30 agencies formed a jail management system
to pool all law enforcement and homeland security forces together using
Linux.
Phishers are moving away from big banking institutions and heading for smaller targets, according to the Anti-Phishing Working Group (APWG).
In its study of phishing activity in February the group found that, while
four out of five attacks were still on six major banks, the number of
smaller organisations being targeted is rising fast.
A stolen laptop made public last week by the University of California,
Berkeley contained unencrypted personal data on nearly 100,000 graduate
students and applicants and is just the latest case to underscore the
need for increased protection of personal information.
To manage risk, maintain razor-sharp security architecture and
still enjoy a peaceful night's sleep, security professionals at this week's
InfoSec World conference offered this advice: Know your limits, speak
the boss's language and embrace change. It also wouldn't hurt to learn
the 80/20 principle -- the theory of 19th-century economist-mathematician
Vilfredo Pareto that 20% of what you do makes 80% of the difference.
Using Intrusion Detection Systems To Keep Your WLAN Safe
6th, April, 2005
Wireless LANs utilize radio waves for transporting information, which results in security vulnerabilities that justifiably worry network managers. To assuage those worries, most companies implement authentication and encryption to harden security.
However, WLANs have a whole host of other vulnerabilities that can
be more difficult to completely smother such as illicit monitoring,
unauthorized access, and denial of service (DoS) attacks. For example,
someone using a wireless sniffer, such as the freely-available NetStumbler,
can easily monitor wireless traffic for fun or malicious intent while
sitting in their car next to your office building.
