Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
EnGarde Secure Community 3.0.4 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.
Hacks From Pax: SELinux Administration - This week, I'll talk about how an SELinux system differs from a standard Linux system in terms of administration. Most of what you already know about Linux system administration will still apply to an SELinux system, but there are some additions and changes that are critical to understand when using SELinux.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Decrypting Encryption Myths | ||
9th, February, 2006
Some of the more prominent headlines over the past year were dominated by incidents of data theft, where corporation after corporation had fallen victim to information theft on a large scale. While many victims had hackers and devious insiders to blame, other instances were simply due to human error such as lost data tapes and stolen laptops. In these cases, CIOs may think their information is not at risk because of encryption. But is this really enough? |
||
NIST issues guidelines for data removal | ||
7th, February, 2006
Wonder no longer about how to remove sensitive data from the hard drives and optical disks you are about to toss. The National Institute of Standards and Technology has issued a set of draft guidelines on how to safely remove information from obsolete forms of storage. |
||
Sysmask 1.06 | ||
8th, February, 2006
Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software. |
||
Is Application Security Training Worth the Money? | ||
7th, February, 2006
Software security--sometimes called application security by the myopic--is catching on. That's good because we can certainly use less broken software in the world. But it's bad because there aren't enough knowledgeable people to build secure software. You see, the people who build software know next to nothing about security. It's no wonder they keep cranking out the security holes. One partial solution is to train your developers. The problem is that everyone and their brother seem to be hanging up a shingle to teach about software security. Asking a potential instructor the right questions will determine whether you end up being shafted, or actually affect the way your developers build |
||
The Data Security Deluge | ||
6th, February, 2006
When software designed to manage the loads of information collected from security systems debuted a few years ago, its high cost and complexity stood in the way of its adoption. Yet for some businesses, managing such data is now a requirement in order to comply with government regulations on the collection and retention of data. |
||
Traffic Monitoring with Packet-Based Sampling for Defense against Security Threats | ||
9th, February, 2006
This paper describes the technology and large-scale deployment and use of a distributed network traffic monitoring system based on a packet-based sampling technology. It gives examples of various techniques making use of the resulting network traffic data to address network security issues. |
||
What is Netcat? | ||
9th, February, 2006
"Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Netcat, or "nc" as the actual program is named, should have been supplied long ago as another one of those cryptic but standard Unix tools." |
||
OSSEC HIDS v0.6 available (log analysis, integrity checking and rootkit detection) | ||
10th, February, 2006
Version 0.6 of the OSSEC HIDS is now available! OSSEC HIDS is an Open source Host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. |
||
Louisville Geek Dinner | ||
5th, February, 2006
The purpose of this site is to organize a social networking event for geeks in Louisville and surrounding areas. The geek dinner concept came from listening to London Geek Dinner podcasts. London Geek Dinners have attracted crowds over 175. Hopefully we can pull strong numbers in Louisville. |
||
Shmoocon 2006: Wrap-up | ||
6th, February, 2006
Well, we’ve come to the end of my Shmoocon 2006 coverage. The conference wasn’t all presentations though, there were a lot of other fun activities: The Hacker Arcade featured arcade games that had been modified to generate USB tokens that you could later redeem for prizes. The folks at 757.org modified a skill crane so that it could be controlled from the web. Of course, toys like this at a hacker convention spawned some creative solutions. David Rhodes scripted the skill crane’s web interface so that it would try every possible coordinate pair and ended up with an armful of prizes. Another attendee discovered that the USB tokens weren’t case sensitive and generated a couple hundred thousand prize tokens. |
||
Security Staffing Survey | ||
8th, February, 2006
According to our recent Security Staffing survey, IT security executives believe their organizatons are in greater jeopardy due to staffing shortages than their peers that oversee corporate security. Additionally, IT uses flex time and training as a motivator more so than corporate security executives. Corporate security organizations outsource more than IT security departments and the most frequently outsourced positions were security guards and guard management, while IT security were more likely to outsource data back up and biometrics. |
||
Precious Cargo: Security Backup Tapes | ||
7th, February, 2006
When Bank of America disclosed in February that its courier service had lost backup tapes containing data on about 1.2 million federal employees†|