Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: March 3rd, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "House Legislators Slam Bush's Cyber Initiative," "Why Do We Need Specialist Security Distros," and "SELinux Blocks Real-World Exploits."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Open Source Tool of March: ZoneMinder - For January and February, we chose some of the staples of open source security (GnuPG and Nmap) as the tool of the month. And deservedly so; both have just celebrated their ten-year anniversary in the open source realm, a rare feat for any open source project, much less one founded on security.
But for the month of March, we wanted to move ahead and change gears. This month's Open Source Tool is no newbie for sure, but we bet that most of you reading haven't heard of it. While most Linux security tools deal with digital security, this month's tool is one of the few to cross that divide;
Welcome to Zone Minder, the Open Source Tool for March...
Having a great defense involves proper detection and recognition of an attack. In our security world we have great IDS tools to properly recognize when we are being attacked as well as firewalls to prevent such attacks from happening. However, certain attacks are not blindly thrown at you - a good attacker knows that a certain amount of reconnaissance and knowledge about your defenses greatly increases the chances of a successful attack. How would you know if someone is scanning your defenses? Is there any way to properly respond to such scans? You bet there is...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
VMWare's VMSafe: Security Industry Defibrilator (Mar 3)
VMware and virtualization security is just beginning to heat up. In this article, we get an interesting view into the nature of this debacle. Should it be a surprise that security is going to be such an issue? According to this blogger, far, far from it; virtualization provides such a compelling shift in computing, that being caught "flatfooted" is embarrassing...
For the purpose of this post, I'm going to focus on the security implications of virtualization and simply summarize by suggesting that virtualization up until now has quietly marked a tipping point where we see the disruption stretch security architectures and technologies to their breaking point and in many cases make much of our invested security portfolio redundant and irrelevant.
House Legislators Slam Bush's Cyber Initiative (Feb 29)
The initiative is a long-range plan to upgrade the security of the federal government's networks and comprises a number of separate proposals, most notably an overhaul and expansion of the government's intrusion detection system, known as Einstein. Currently, Einstein is simply a passive traffic-monitoring system that records basic data such as the originating IP address of a packet, its size and where the packet came from and where it is headed. But the data that the system captures is not analyzed in real time, so attacks and other anomalies aren't caught until well after the fact. And, Einstein is a voluntary program and is not in place at all of the federal agencies right now.
If there was one place where you'd think that security would be state-of-the-art and cutting edge, it would be our own federal government networks. I really don't see any necessary trade-off between "security" and "convenience" when it comes down to national security. What do you think a government IDS should have to set the benchmark for security?
VMware Opens Hypervisor to Security Vendors (Feb 28)
VMware plans to open its hypervisor to security vendors with a set of APIs that make it easier to protect virtual machines from threats including viruses, Trojans and keyloggers. Without these APIs, security vendors building antivirus and firewall tools for virtual servers are removed from the hypervisor by several layers and therefore cannot see everything that happens within the virtual environment, according to Yankee Group Analyst Phil Hochmuth.
So what do you do when critical vulnerabilities are found in your virtual machines? Open-source to the rescue - read on for an interesting account of VMsafe, a set of APIs which should allow for better security through more isolation of virtual machines. Do you see any real improvements in security with VMsafe?
Engineers from CoreLabs, the research arm of Core Security, discovered that an attacker could gain complete access to a host system by exploiting this vulnerability in VMware’s desktop software products. The vulnerability could allow an attacker to create or modify executable files on the host operating system.
One of the most interesting aspects of this vulnerability however, and one that comes up again and again, is that it abuses the shared folder access, a default setting.
One of the ways to fix it is to disable this setting. Why is this an "opt-out" security feature? Shouldn't sharing folders be an "opt-in" feature? Are there other examples that you can think of where the same pattern applies?
Bypassing Disk Encryption With a Spray Can (Feb 27)
It turns out that some researchers at Princeton University followed up on earlier research showing that modern computer memories retained their contents even with the power off (known as memory remanence), and that the retention time could be lengthened by cooling the memory. (See the chapter on physical tamper resistance in Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems.
I always file it interesting researching the state of encryptions security. What do you think the future of computer encryptions is? Are we going to have to invent better encryption algorithms?
Why Do We Need Specialist Security Distros? (Feb 26)
This question is often asked - what do platforms that focus solely on security bring to the table? According to this interview with Guardian Digital by Packt Publishing, they bring quite a lot. The company develops EnGarde Secure Linux, and answers these questions and more on what makes all security platforms valuable and why is a great example
Many popular distributions, community-oriented and otherwise, take security very seriously. They have dedicated security teams that go over individual packages before they're rolled into a final release. To make sure you don't have any loose ends, these distributions and many other individual Open Source projects also publish an endless stream of security advisories and updates. Add to this security mechanisms like SELinux, AppArmor, and the upcoming TOMOYO Linux, and SMACK, and you know they mean business. So what room does this leave for specialist security distros?
Ten Mistakes that CIOs consistently make that weaken enterprise security (Feb 26)
Perhaps you don't run an enterprise network. Chances are good that, you aren't a CIO either. But security is security, whether its through open source tools or not. And often the same patterns needed for enterprise security are still very relevant to all security. And, regardless, we couldn't pass up this hilarious yet true list of problems most organizations make when it comes to security. Very, very good. Here are the first two:
# Use process as a substitute for competence: The answer to every problem is almost always methodology, so you must focus savagely on CMMi and ITIL while not understanding the fact that hackers attack software.
# Ostritch Principle: Since you were so busy aligning with the business which really means that you are neither a real IT professional nor business professional, you have spent much of your time perfecting memorization of cliche phrases and nomenclature and hoping that the problem will go away if you ignore it.
Open Source Tool of The Month: Winner for 2007 (Feb 25)
The votes are in, and for 2007, Nmap has been voted by the community over at Linuxquestions.org as the most popular Network Security Application. To some, it may have seemed that Nmap had this award locked up, but this was not the case. Coming in at a hair under 25% of the total vote, it beat out its nearest competitor Wireshark by only 4%, hardly a resounding victory.
What it means is that open source network security applications are getting to a very mature state where the competition is healthy and competitive; it's great to see. In all, there were a total of 12 entrants in to the category including Snort, ClamAV, Nessus and Firestarter among others in this wide-ranging category.
As a side note, many suggestions mentioned the need to create a Firewall Distro Poll, as opposed to just an application poll. Do you think there should be a separate poll? Would your list have included other network security applications?
SELinux still has a ways to go before it becomes the standard for secure servers. But as time passes, more and more administrators are realizing that this isn't some addition that needs to be switched off - it's an incredibly effective tool that when used correctly, can stop real-world exploits from causing real-world problems. In this article, Network World gives a soup-to-nuts overview on the current state of SELinux and how it is one of the most capable ways administrators can lock-down their system.
Linux security experts are reporting a growing list of real-world security situations in which the US National Security Agency's SELinux security framework contains the damage resulting from a flaw in other software. These so-called "mitigations" are showing that a Linux feature that began as an esoteric security measure is starting to prove its worth. What are your thoughts?
