Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: November 26th, 2007
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include Is Security Software Becoming a Security Risk, Dan Walsh from SELinux, and Scalable Public Key Infrastructure for both OpenSWAN and OpenVPN.
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Master's Student: Social Engineering is not just a definition! - We are happy to announce a new addition to the Linux Security Contributing Team: Gian G. Spicuzza. Currently a Graduate Student pursuing a Masters Degree in Computer Security (MSIA), Gian is a certified Linux/Unix administrator, the lead developer for the OSCAR-Backup System (at Sourceforge.com) and has experience in a variety of CSO, Management and consulting positions.
His first topic is a quick foray into the world and psychology of Social Engineering:
All the security in the world isn't going to stop one of your employees or coworkers from giving up information. Just how easy is it?
Craig never worked for Linda's company, nor did he call from IT. Craig was an unethical hacker who just gained unauthorized access to her account. Why? Because a phone call is simple.
Read on to see just how easy businesses can be exploited.
Review: Linux Firewalls - Security is at the forefront of everyone's mind and a firewall can be an integral part of your Linux defense. But is Michael's Rash's "Linux Firewalls," the newest release from NoStarchPress, up for the challenge? Eckie S. here at Linuxsecurity.com gives you the low-down on this newest addition to the Linux security resource library and how it's one of the best ways to crack down on attacks to your Linux network.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.17 Now Available (Oct 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.17 (Version 3.0, Release 17). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Is Security Software Becoming a Security Risk? (Nov 23)
Is the software we're using to protect ourselves from online attacks becoming a liability?
That's what Thierry Zoller believes. For the past two years, the security engineer for n.runs has taken a close look at the way antivirus software inspects email traffic, and he thinks companies that try to improve security by checking data with more than one antivirus engine may actually be making things worse. Why? Because bugs in the "parser" software used to examine different file formats can easily be exploited by attackers, so increasing your use of antivirus software increases the chances that you could be successfully attacked.
What do you think about the state of security software? Is security software doing enough in preventing attacks?
Developer Interview: Dan Walsh from SELinux (Nov 21)
Fedora takes a some time and interviews Dan Walsh, one of the project leads on SELinux development. They ask him a couple questions about SELinux, open source and what he's been doing at Red Hat:
We all appreciate that when we turn on our Linux systems they're pretty secure. Thanks to continuing improvements to SELinux, it is increasingly easy for users to take advantage of this powerful security tool. Read on to find an interview with Daniel Walsh, the principal developer of SELinux in Fedora from Red Hat, where he tells us more about what SELinux does and how it's improved in Fedora 8. Also included are some screenshots which show-off the new policy creation GUI.
Ubuntu Server: Good Concept, Flawed Execution (Nov 20)
Is Ubuntu Security what is claims to be? Some say yes, some say no. Carla Schroeder from Enterprise Networking Planet chimes in on server versus desktop kernel issues, and gives Ubuntu Server a whirl. What are the differences between versions? How does it handle package management, LAMP Stack and Iptable set-up? What about AppArmor?
AppArmor is supposed to be the "real world" alternative to SELinux. Unfortunately there is nothing included that explains the default AppArmor configuration, or how to modify it.
Also:
Some users might have an expectation that Ubuntu Server will be all shiny and easy like Ubuntu Desktop. It's not — you need to know what you're doing, because it doesn't do any hand-holding. It's a honest-to-gosh proper server with no X windows or GUI tools cluttering it up. You can have a GUI via remote administration; for example, Webmin is a high-quality and popular remote GUI adminstration tool for servers.
Scalable Public Key Infrastructure for both OpenSWAN and OpenVPN (Nov 19)
User management and the related cryptographic authentication infrastructure is a major hurdle in deploying scalable, manageable VPNs (Virtual Private Networks). After introducing VPNs and Public Key Infrastructure (PKI) and discussing some of the benefits and challenges of two popular VPN implementations, we'll document how to build a scalable PKI to simplify VPN authentication management.
Read on for an interesting account on how to setup your secure VPN, including common pitfalls, gotchas, and example configurations. Let us know any tips you would give sysadmins in setting up OpenSWAN and OpenVPN!
Yuichi Nakamura has announced the release of version 2.2.0 of SELinux Policy Editor (SEEdit). This release includes support for Fedora 8 and embedded systems. The performance of the simplified policy compiler has been improved, and it also now supports cross compilation of policy.
Do you like using these types of SELinux editing tools? The purpose of theses tools is to help make administrating a system with SELinux enabled easier. Do you feel they help?
