LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: June 10th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for krb4, mailutils, traversal, Wordpress, SilverCity, kdbg, ImageMagick, openssh, dbus, rsh, and the Red Hat kernel. The distributors include Debian, Gentoo, and Red Hat.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

A Business Case for Security
By: Benjamin D. Thomas

Establishing a business case is perhaps the first phase in any project initiation. Organizations that are successful maintain full justification for all business expenditure. An information security project is no different. An effective information security program requires visible support from executive management. To gain support, a persuasive business case is often necessary. An information security program will have numerous tangible and intangible benefits to any organization. It is the role of a business case to document these.

To build a persuasive case for information security, it is important for practitioners to "to become more managerial in outlook, speech, and perspectives." (Information Security Management Handbook 4th Edition, Volume 2.) Stressing the technical benefits of information security is no longer sufficient because of the size and expenditure of information security programs. When making a case for information security, an emphasis should be placed on how proactive security mechanisms ensure that senior management will not be held liable for negligence. As IT has become more prominent in organizations, so have compliance and regulatory requirements. Today, senior management personnel are expected to demonstrate due care and due diligence in relation to information security. With this, information security must become an essential aspect of management.

Addressing the overall benefits of information security is important as well. A business case should stress how information security can become a business enabler. It can be a company differentiator by offering increased levels of customer satisfaction and contributing overall to total quality management. Information security also provides a means to ensure against unauthorized behavior. Often trusting that internal employees will "do the right thing" is not enough. Information security related business cases should be written in a way that emphasizes all benefits of information security.


LinuxSecurity.com Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New krb4 packages fix arbitrary code execution
  2nd, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119241
 
  Debian: New mailutils packages fix several vulnerabilities
  3rd, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119249
 
   Gentoo
  Gentoo: Mailutils SQL Injection
  6th, June, 2005

GNU Mailutils is vulnerable to SQL command injection attacks.

http://www.linuxsecurity.com/content/view/119254
 
  Gentoo: Dzip Directory traversal vulnerability
  6th, June, 2005

Dzip is vulnerable to a directory traversal attack.

http://www.linuxsecurity.com/content/view/119255
 
  Gentoo: Wordpress Multiple vulnerabilities
  6th, June, 2005

Wordpress contains SQL injection and XSS vulnerabilities.

http://www.linuxsecurity.com/content/view/119257
 
  Gentoo: SilverCity Insecure file permissions
  8th, June, 2005

Executable files with insecure permissions can be modified causing an unsuspecting user to run arbitrary code.

http://www.linuxsecurity.com/content/view/119267
 
   Red Hat
  RedHat: Low: kdbg security update
  2nd, June, 2005

An updated kdbg package that fixes a minor security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119242
 
  RedHat: Moderate: ImageMagick security update
  2nd, June, 2005

Updated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119243
 
  RedHat: Low: openssh security update
  2nd, June, 2005

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119244
 
  RedHat: Low: dbus security update.
  8th, June, 2005

Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119269
 
  RedHat: Low: rsh security update
  8th, June, 2005

Updated rsh packages that fix various bugs and a theoretical security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/119270
 
  RedHat: Moderate: xorg-x11 security update
  8th, June, 2005

Updated xorg-x11 packages that fix a security issue as well as various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119271
 
  RedHat: Updated kernel packages available for Red Hat
  8th, June, 2005

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the first regular update.

http://www.linuxsecurity.com/content/view/119272
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers encrypted the entire City of Detroit DataBase & demanded ransom of 2000 bitcoins ($803,500)
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.