Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: March 17th, 2008
Source: LinuxSecurity.com - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Security Guide to Customs-Proofing Your Laptop," "Virtualization's Secret Security Threats," and "What is SE-PostgreSQL."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Open Source Tool of March: ZoneMinder - For January and February, we chose some of the staples of open source security (GnuPG and Nmap) as the tool of the month. And deservedly so; both have just celebrated their ten-year anniversary in the open source realm, a rare feat for any open source project, much less one founded on security.
But for the month of March, we wanted to move ahead and change gears. This month's Open Source Tool is no newbie for sure, but we bet that most of you reading haven't heard of it. While most Linux security tools deal with digital security, this month's tool is one of the few to cross that divide;
Welcome to Zone Minder, the Open Source Tool for March...
Having a great defense involves proper detection and recognition of an attack. In our security world we have great IDS tools to properly recognize when we are being attacked as well as firewalls to prevent such attacks from happening. However, certain attacks are not blindly thrown at you - a good attacker knows that a certain amount of reconnaissance and knowledge about your defenses greatly increases the chances of a successful attack. How would you know if someone is scanning your defenses? Is there any way to properly respond to such scans? You bet there is...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
Security Guide to Customs-Proofing Your Laptop (Mar 14)
If you travel across national borders, it's time to customs-proof your laptop. Customs officials have been stepping up electronic searches of laptops at the border, where travelers enjoy little privacy and have no legal grounds to object. Laptops and other electronic devices can be seized without reason, their contents copied, and the hardware returned hours or even weeks later.
Now that we're jumped ahead an hour and are seeing less snow (at least here out east), we can start moving about the world again with our trusty laptops - be sure to give a quick once over of the above article! This includes tips / tools for ALL operating systems to ensure you have properly secured your laptop - wireless hacks, encryption techniques, and general security apply.
Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page.
Have you heard about the networking security tool called Nipper? If not test it out, there are links to where you can download it and learn more about all the configuration options it has.
Interesting article over at InfoWorld on the security implications of virtualization:
Almost any IT department worth its salt is deploying virtualization technology today to reduce power usage, make server and OS deployments more flexible, and better use storage and systems resources. But as virtualization technology gains in popularity, it may bring with it new risks, said Don Simard, the commercial solutions director at the U.S. National Security Agency, the electronic intelligence and cryptographic agency once so secret its very existence was a secret. At the same time, virtualization technology may bring new protections, he noted.
There are a lot of people "drinking the Kool-AidŽ" when it comes to virtualization, and there is almost no mention of security in contrast with its obvious benefits. Do the Open Source KVM and/or Xen implementations have an advantage in this discussion? What do you think?
Browser Makers Focus on Reducing Malware and Phishing (Mar 13)
Mozilla, the company behind the open-source browser Firefox, announced previously that the next version of it browser, Firefox 3, will include a host of security features, among them protection against malicious downloads from Web sites. Dubbed malware protection, the feature will use a hash of the Web site's address, or URL, to compare against a list of sites known to host malicious downloads.
I am glad to see web browsers are starting to take Internet security seriously. Do you think they are on the right direct as far as helping Internet security?
If you're curious about how SELinux work with a database, and want to take your understanding to the next level, this is a great way to get started:
Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension built in PostgreSQL. It works as a reference monitor within relational database management system, and provides fine-grained mandatory access control features collaborating with SELinux and its security policy.
These features enable to deploy a database management system into data flow control scheme, integrated with operating system. We call the most characteristic feature of SE-PostgreSQL as ''system-wide consistency in access controls''. Any other RDBMS cannot provide this feature in current.
Open source code for driving security into web services (Mar 11)
OpenLiberty-J is based on J2SE, and open source XML, SAML, and web services libraries from the Apache Software Foundation and Internet2, including OpenSAML, a product of the Internet2 Shibboleth project. The library implements the Liberty Advanced Client functionality of Liberty Web Services standards
This company provides a development architecture explicitly focusing on the deployment of secure practices for Web 2.0 Applications and development. Is this the best way to leverage web service security?
SSH Communications is a focused provider for all types of, you guessed it, SSH corporate services. It's rare to see such a focus, but their new release of their Tectia product suite provides and interesting take on how companies could package this functionality:
SSH Tectia Manager 6.0 can centrally deploy, configure, update and audit the SSH Tectia environment from a central location. Benefits of SSH Tectia version 6.0:
Improved SSH Tectia Client for Windows - supports transparent TCP Tunneling and automatic tunneling, in addition to the traditional Secure Shell port forwarding, making the product the ideal choice for securing virtually any TCP/IP application without modifications to applications or existing network infrastructure, saving time and valuable IT resources.
Ease-of-implementation - improved installation and self-configuration options, provide cost-saving fast and easy ways to replace FTP and other unsecure protocols with secure alternatives, and help meet regulatory compliance deadlines.
