Internet
Productivity Suite: Open Source Security - Trust Internet Productivity
Suite's open source architecture to give you the best security and productivity
applications available. Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced ideas and methods
into their design. LINUX
ADVISORY WATCH - This week, advisories were released for krb4, mailutils,
traversal, Wordpress, SilverCity, kdbg, ImageMagick, openssh, dbus, rsh, and the
Red Hat kernel. The distributors include Debian, Gentoo, and Red Hat.
LinuxSecurity.com
Feature Extras:
Introduction:
Buffer Overflow Vulnerabilities - Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple.
The
Tao of Network Security Monitoring: Beyond Intrusion Detection
- The Tao of Network Security Monitoring is one of the most comprehensive
and up-to-date sources available on the subject. It gives an excellent introduction
to information security and the importance of network security monitoring,
offers hands-on examples of almost 30 open source network security tools,
and includes information relevant to security managers through case studies,
best practices, and recommendations on how to establish training programs
for network security staff.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Talking with Richard Stallman
12th, June, 2005
1) Let's start. Can you explain to our readers why you started with
FSF in 1984? What did you need of? Why you created it?
What I started in 1984 was the development of the GNU operating system.
All the operating systems for modern computers of the day were proprietary;
users were forbidden to share them, and could not get the source code
to change them. The only way to use computers in freedom was to replace
those systems with a free operating system. That's what GNU was meant
to do. The Free Software Foundation was started in late 1985 to raise
funds for GNU development, and more generally to promote free software.
For those of you who follow the news, you may have read the
recent story of spy software discovered at some of IsraelÕs leading companies
which reads just like the spy stories weÕve been reading for years. The
imagined villains are in fact the victims, but more importantly the problem
of spy software being prevalent in Israeli companies came as a result
of one of the most comprehensive investigations involving computer crime
ever undertaken. The Trojan had been introduced by providing companies
with contaminated files, or sending a contaminated e-mail message to the
companies. This also raises concerns that this evaded all the security
measures in place at the companies infected.
A configuration mistake in the new Debian Linux distribution
has forced a fix less than 24 hours after the software was released. "New
installations [of Debian 3.1 from CD and DVD] will not get security updates
by default," said Debian developer Colin Watson in an e-mail warning.
Installations from floppy disks or network servers were not affected.
According to anti-virus firm Trend Micro, the number of Linux
viruses in the wild has not changed dramatically for two years, but its
figure of 500 dangerous and exploitative programs dashing around the Internet
seeking unprotected systems is cause for concern, until you look closer
at the reasoning. Rainer Link, assistant to head of the companyÕs EMEA
(Europe, Middle East & Africa) Operations, admits the figures can be misleading
and says it refers to Linux malware in general, including malware running
on Linux whose ultimate target is Windows.
Counterpane Internet Security, Inc., monitors more than 450
networks in 35 countries, in every time zone. In 2004 we saw 523 billion
network events, and our analysts investigated 648,000 security "tickets."
What follows is an overview of what's happening on the Internet right
now, and what we expect to happen in the coming months.
The network security forecast is cloudy, and that's not a bad thing if you're to believe what analysts are saying at this week's Gartner IT Security Summit.
Gartner predicts that by 2008, carriers like AT&T, Verizon, MCI and others
will operationalize security functions like firewalls and intrusion
detection into routers and switches, leaving enterprises to concentrate
on identity and access management and other security duties away from
the perimeter. By extending security to the Internet cloud, denial-of-service
attacks, for example, never reach the gateway.
What to ask when evaluating intrusion-prevention systems
8th, June, 2005
An intrusion-prevention system (IPS) is part of an overall security strategy to protect your network from attack. The IPS literally prevents an attack by blocking bad stuff, such as viruses or malformed packets, from getting into the company network.
http://www.linuxsecurity.com/content/view/119268
Secure Mac and Linux authentication
8th, June, 2005
CryptoCard (.com) makes a variety of secure authentication and
ID management tools, and they just released support for OS X Tiger (they
already did Panther). For the rest of you PC alternative fans, Linux support
includes Red Hat, SuSE, and an easy compile option for Debian.
Integrating and securing Linux without a silver bullet
10th, June, 2005
The difficulty in integrating Linux with legacy systems and
securing IT systems are two of IT managers' most common complaints about
Linux, says Peter Harrison, who canvassed many IT pros while writing The
Linux Quick Fix Notebook, a new book from Prentice Hall PTR. In this tip,
Harrison doesn't offer a quick fix, but he does offer sage advice about
security and integration.
A secure cryptovirus, cryptotrojan or cryptoworm contains a
payload that activates under a particular circumstance. When it activates,
it generates a random symmetric key and encrypts the victim's files with
it. This key is then encrypted in turn with the attacker's public key
to produce an asymmetric ciphertext.
I was fortunate enough to have a conversation with Chad Hanson,
Manager of the Trusted Operating Systems Lab at Trusted
Computer Solutions in Urbana, Illinois. Chad has a long history in
working with Trusted Operating Systems. He came to Trusted Computer Solutions
from Argus Systems, where
he led the development of PitBull, itself a Trusted Operating System.
Chad's experience also includes leading the design and development of
new components to NSA SE Linux that are leading to greater security in
the Linux kernel.
Here's an important lesson for everyone, whether you run Linux,
Solaris, Windows, OpenBSD, Mac OS X, or MS-DOS your customers' data isn't
very secure when tapes carrying sensitive customer data go missing in
transit. In this particular case, one wonders whether transporting physical
media is the best way to transfer sensitive customer data from Citigroup
to Experian. It certainly makes one wonder to find out that the tapes
had been shipped on May 2, and it wasn't noticed that they'd gone missing
until May 20.
Security through obscurity is probably one of the oldest tricks
in the security book. The basic premise stems from the fact that people
are trying to ensure security by hiding certain facts of their software
or architecture design from regular users. This is equivalent to someone
hiding a house key under a pot of plants in front of his house.
Over-hyped security threats have made companies unnecessarily hesitant to roll out new technologies, such as Internet telephony and wireless networks, a research firm said Wednesday.
With Internet protocol, or IP, telephony, the system can be secured with very
similar methods used in securing a data-only environment. IP telephony
eavesdropping is the most over-hyped threat, since the attacker would
have to be inside the company and on its local area network, Gartner
analyst said during the firm's IT Security Summit in Washington, D.C.
Lapping up the sunshine here outside a downtown cafe, Kevin
Mitnick is apprehensive. He never asked to be the world's most high-profile
convicted computer criminal, he says, and he's sick of media interviews
dwelling on his criminal past.
Executives of top telecom firms accused of spying on each other.
A jealous ex-husband suspected of monitoring his former in-laws. Private
investigators implicated in computer-hacking-for-hire; one now involved
in a possible attempted suicide. So much bad publicity, government officials
worry it might impact the entire nationÕs economy.
Yesterday I started noticing referral traffic from myscreencast.com, a phpbb-based community site for finding and sharing screencasts. The most entertaining one I found is called Cracking WEP in 10 minutes. It was produced with Camtasia, but the action takes place in Whoppix, which describes itself thusly:
Whoppix is a stand alone penetration testing live cd based on Knoppix. With
the latest tools and exploits, it is a must for every penetration tester
and security auditor.
