LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: October 17th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Web Application Firewall Evaluation Criteria Announced," "Perform due diligence with RFID security," and "Government must push on IT security."


EnGarde Secure Linux 3.0 - Download Now!

  • Linux 2.6 kernel featuring SELinux Mandatory Access Control
  • Guardian Digital Secure Network features free access to all system and security updates (to be available shortly through an updated release)
  • Support for new hardware, including 64-bit AMD architecture
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more.
  • Apache v2.0, BIND v9.3, MySQL v5.0(beta)
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Real-time access to system and service log information

LEARN MORE:
http://www.guardiandigital.com/products/software/community/esl.html


LINUX ADVISORY WATCH - This week, advisories were released for mason, cpio, dia, masqmail, shorewall, tcpdump, openvpn, up-imapproxy, ethereal, weex, py2play, graphviz, xloadimage, xli, xine-lib, hylafax, Ruby, SVG, hexlix player, uw-imap, openssl, thunderbird, binutils, and libuser. The distributors include Debian, Gentoo, and Red Hat.

LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Guardian Digital launches new edition of award-winning EnGarde Secure Linux platform
  10th, October, 2005

Guardian Digital, Inc., the world's premier provider of open source security solutions, today announced the latest innovation of its product portfolio with the launch of EnGarde Secure Linux: Community Edition, a freely-available version of its award-winning enterprise product. EnGarde is the first product to bring complete Web-based management capability, Security-Enhanced Linux functionality, and the ability to control a complete Internet presence in one platform.

http://www.linuxsecurity.com/content/view/120566

 
  How to keep instant messaging off the record
  13th, October, 2005

Sometimes encryption isn't enough to keep your conversations private. With standard encryption, it's theoretically possible for someone to steal your secret encryption keys and decipher the conversation. For conversations that need to be kept confidential, the Off-the-Record (OTR) plugin for Gaim saves the day. It leaves no trace of a conversation ever having taken place.

http://www.linuxsecurity.com/content/view/120591

 
  What Are Digital Vaults?
  11th, October, 2005

A major challenge that is faced by all organisations selecting IT technology is trying to clearly understand how a particular solution may address the challenges they are tasked with solving. And this often involves trying to understand what various vendors mean when using generic terminology.

http://www.linuxsecurity.com/content/view/120574

 
  Insider Security Threats Q&A
  12th, October, 2005

We conducted a brief Q&A session with David Lynch, CMO at Apani Networks, a global network security software provider focused on securing inside the network perimeter. He discusses the security breach in White House, internal security attacks in general and how to prevent them.

http://www.linuxsecurity.com/content/view/120584

 
  Red Hat Certified Security Specialist
  14th, October, 2005

Red Hat yesterday announced the availability of a new security certification for IT professionals: Red Hat Certified Security Specialist (RHCSS). The announcement of the RHCSS certification is the Company's latest milestone in its "Security in a Networked World" initiative lanched in August.

http://www.linuxsecurity.com/content/view/120599

 
  Web Application Firewall Evaluation Criteria Announced
  10th, October, 2005

The Web Application Firewall Evaluation Criteria project announced its first public release. The goal of the project is to develop a testing methodology that can be used by any reasonably skilled technician to independently assess quality of a web application firewall.

http://www.linuxsecurity.com/content/view/120564

 
  Playing Nice With Physical Security
  10th, October, 2005

At a small company, the information security manager is sometimes also responsible for physical security. At very large corporations, the physical security - sometimes called safety and security - is a completely separate department, responsible for hardware such as biometric ID or badge systems, security cameras and the management of guards. Safety and security departments handle investigations of physical breaches, such as theft, and workplace violence.

http://www.linuxsecurity.com/content/view/120565

 
  Google fixes Web site security bug
  11th, October, 2005

Google has fixed a security flaw on its Web site that opened the door to phishing scams, account hijacks and other attacks, security researchers said Monday.

http://www.linuxsecurity.com/content/view/120577

 
  Perform due diligence with RFID security
  12th, October, 2005

Most notably, EPCglobal Gen 2 standards currently lack over-the-air data-stream encryption between passive RFID tags and readers, though there are provisions for locking RFID tag memory and disabling tags. EPCglobal Gen 2 is the current standard for how passive tags affixed to items and encoded with information about them communicate wirelessly with readers, which collect that information and pass it to upstream applications.

http://www.linuxsecurity.com/content/view/120585

 
  Developers 'should be liable' for security holes
  12th, October, 2005

Security expert Howard Schmidt wants coders to be held responsible for vulnerabilities in their code, but others say their employers should be held to account

http://www.linuxsecurity.com/content/view/120587

 
  I get a right good fisking
  13th, October, 2005

On a technical level it's wrong to call this a fisk. More like a right good padding. But I wasn't writing on a technical level. I was writing from a business perspective. Is Windows inherently less secure than Linux, or just more popular? Presently available data is inconclusive, because Windows still holds the bulk of consumer and small business market share.

http://www.linuxsecurity.com/content/view/120592

 
  Government must push on IT security
  14th, October, 2005

IT security has matured significantly over the past few years. An increase in the number of viruses such as Slammer, the advent of phishing, and a spate of high-profile attacks on organisations such as Sumitomo Bank, have pushed security to the top of many company agendas. While such publicity is scaring people into action, security still has a long way to go before it is embedded in everyday life.

http://www.linuxsecurity.com/content/view/120594

 
  Hacking for Dollars
  11th, October, 2005

Threats to information security come in all shapes and sizes, and from all directions: blended threats, mass-mailer worms, Trojans, phishing attacks, spyware, keystroke loggers, etc. Every day, one or more of these threats put critical information at risk in Internet-connected corporations and businesses around the globe.

http://www.linuxsecurity.com/content/view/120576

 
  Basic Bluetooth Security
  14th, October, 2005

Bluetooth has been around since the 90s, and even today, most mobile devices come with the technology embedded in them. Bluetooth provides a wireless, point-to-point, "personal area network" for personal digital assistants (PDAs), notebooks, printers, mobile phones, audio components, and other devices. The wireless technology can be used anywhere if you have two or more devices that are Bluetooth-enabled. And as with any wireless connectivity, there are bound to be security issues since data is being sent over the air invisibly from device to device.

http://www.linuxsecurity.com/content/view/120595

 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.