Linux Security Week: September 26th 2005

When I saw all the headlines this week about a new Symantec report contradicting popular perception that Firefox was the secure alternative to Microsoft Internet Explorer, the timing couldn't have been better. Just three days earlier I wrote this blog about Firefox surpassing Microsoft Internet Explorer in monthly vulnerabilities and a flood of angry comments followed in the talkback and Slashdot had another 500 plus comments.

Cisco Systems Inc. is revamping its security professional-level certifications to better reflect the networking giant's emphasis on its Self-Defending Network strategy.

news/network-security/cisco-security-certifications-changing

As many systems administrators will tell you, attacks from automated login scripts specifically targeting common account names with weak passwords have become a substantial threat to system security, especially via SSH (a popular program that allows remote users to log in to a Linux computer and execute commands locally). Here are some common-sense rules to follow that can greatly improve security, as well as several scripts to cut down on the computing resources wasted by these attacks.

news/server-security/protecting-linux-against-automated-attackers

Deep underground somewhere in south-east England, security experts have built a data hosting center almost entirely based on open source operating systems. The cryptologists at the Bunker, an ex-Nato anti-nuclear hideout owned by a data hosting group also known as the Bunker, are so confident of good security, that they say they have no need for firewalls – the tools commonly used for keeping hackers away.

news/server-security/underground-without-firewalls

At Novell's Brainshare user conference in Barcelona last week, the software supplier said it had strengthened its identity and access management security products, Novell Identity & Access Management. Novell also claimed significant customer gains in Europe with its open source SuSE Linux desktop and enterprise server.

news/vendors-products/novell-strengthens-its-security-products

"Guardian Digital is shortly going to be announcing the next major release of its award-winning EnGarde Secure Linux platform, and we'd like to offer the engarde-users community a first-glimpse at this release. Within this new release, codenamed Rapier, you'll find: Linux 2.6 kernel featuring SELinux Mandatory Access Control; Guardian Digital Secure Network features free access to all system and security updates; support for new hardware, including 64-bit AMD architecture; web-based management of all functions...."

news/vendors-products/engarde-secure-linux-30-pr1

Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).

news/vendors-products/firefox-command-line-url-shell-command-injection

The Prelude Project has released the 0.9 version of their Hybrid IDS Framework. Which represents over seven years of development. It supports over 40 different types of devices and log types. As well as other security software such as Snort and Samhain offering support for reporting to Prelude. Many other advancements have been made to the Prelude Framework. Including the all new Prewikka front-end for correlation and monitoing of alerts.

news/security-projects/prelude-releases-09-of-hybrid-ids-framework

The Auditor security collection is a GPL-licensed live CD based on Knoppix, with more than 300 security software tools. Auditor gives you easy access to a broad range of tools in almost no time.

news/security-projects/auditor-the-security-tool-collection

Workers are more like to indulge in risky Internet behavior -- surfing to unknown or even suspicious sites, for example -- when they have an IT department behind them to clean up their mess, a recently released study claims. According to the July study -- which was released Tuesday by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed that their company's IT department would keep them safe from viruses, worms, spyware, spam, and phishing and pharming attacks.

Computer attackers are trying to circumvent improved defences in corporate networks by creating smaller worms and viruses that infect individual computers, says a report on Internet security to be released today.

Internet Security Systems Chairman, CEO and President Tom Noonan says customers increasingly are looking for security platforms that do two basic things: Let the good guys in and keep the bad guys out. He spoke with Network World's Editor in Chief John Dix and News Editor Bob Brown. Here is an edited transcript of Noonan's thoughts on a host of topics.

Breaking into corporate networks, and thereby corporate information, has never been easier. Why? Firstly, access to systems (usually Windows) at the desktop is universal. Secondly, most people, including techies, don't appear to know how to select adequately secure passwords.

According to a report from antivirus company Kaspersky, Mozilla.org recently hosted Linux versions of the Mozilla browser and Thunderbird mail client that were infected with the Linux RST.b virus. The versions involved were the localised Korean releases, and they have now been removed. RST.b infects ELF executable files to insert a backdoor onto the victim's computer and automatically downloads exploit scripts from an Internet site.

Information Security is such a broad discipline that it’s easy to get lost in a single area and lose perspective. The discipline covers everything from how high to build the fence outside your business, all the way to how to harden a Windows 2003 server.

It’s important, however, to remember not to get caught up in the specifics. Each best practice is tied directly to a higher, more philosophical security concept, and those concepts are what I intend to discuss here.

After seeing the same mistakes repeated by different IT managers over the years, I've noticed a pattern of common errors. Here are the five common mistakes, along with tips for avoiding them.

Zotob.E, Tpbot-A, Rbot.CBQ and IRCbot.worm: all names given to a single worm that wreaked havoc in Windows 2000 systems last month. Among the plethora of identifiers, perhaps the most useful--CME-540--didn't make an impact.

You have problems. The annual report spreadsheet has disappeared from a server. A virus is loose in company e-mail. Someone has access to the network through some kind of back door. Those are big problems.