Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: March 24th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Inside the Twisted Mind of the Security Professional," "Analyzing Malicious SSH Login Attempts," and "Ongoing IFrame Attack Proving Difficult to Kill."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Open Source Tool of March: ZoneMinder - For January and February, we chose some of the staples of open source security (GnuPG and Nmap) as the tool of the month. And deservedly so; both have just celebrated their ten-year anniversary in the open source realm, a rare feat for any open source project, much less one founded on security.
But for the month of March, we wanted to move ahead and change gears. This month's Open Source Tool is no newbie for sure, but we bet that most of you reading haven't heard of it. While most Linux security tools deal with digital security, this month's tool is one of the few to cross that divide;
Welcome to Zone Minder, the Open Source Tool for March...
Having a great defense involves proper detection and recognition of an attack. In our security world we have great IDS tools to properly recognize when we are being attacked as well as firewalls to prevent such attacks from happening. However, certain attacks are not blindly thrown at you - a good attacker knows that a certain amount of reconnaissance and knowledge about your defenses greatly increases the chances of a successful attack. How would you know if someone is scanning your defenses? Is there any way to properly respond to such scans? You bet there is...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
I am not aware of any other entity, group or idea that matches these five primary characteristics of the open source movement as exactly as terrorist organizations.
Read on for a two-in-one post from Linux Today - one post shows the "paper" that goes into detail into why the open source movement can be seen as terrorism, while the second post provides some rebuttals against the argument. Do you feel the article brings up any valid points? How would you respond to the author?
Inside the Twisted Mind of the Security Professional (Mar 20)
Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.
I replied: "What's really interesting is that these people will send a tube of live ants to anyone you tell them to."
Read on for an interesting observation from Bruce Schneier about the mindset of security professionals. There is emphasis put on a certain college course which focuses on this way of thinking - it's amazing what a last name can grant you these days!
Malicious SSH login attempts have been appearing in some administrators' logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one's system against these attacks.
Honeypots are an interesting way to learn about the threat from the outside world to your network. Do you think they are very useful for a Linux system administrator.
If you have only a single computer, then it's possible for you to spend your days giving it careful manual scrutiny for mischiefs and problems. Perhaps not entirely desirable, but possible. But in the real world we need good tools to monitor and warn us of mischiefs, so we can actually go outside and have a life every so often. Intrusion detection is one of those gnarly jobs that can make you paranoid and nervous — it seems the more you study it, the more difficult, scary, and unreliable it appears.
PSAD? Check. Snort? Check. Be sure to check out this article for a quick overview of IDS tools, then check out our HowTo's to see example implementations!
SELinux Labeling of Xen Images Labeling of Xen Images (Mar 19)
A place people sometimes trip with SELinux is the labeling of files. SELinux requires files to be labeled correctly in order to function. Discretionary Access Control has the same requirement in that file must have the correct permissions and ownership. If a file does not have the correct permissions it can not be read, written or executed. Similarly if a file is not labeled correctly SELinux will prevent read/write/execute as well as many other permissions and transitions.
Are you a Xen user? If so this article will show you steps to increase your images security by using SELinux.
Ongoing IFrame Attack Proving Difficult to Kill (Mar 18)
One of the factors that make an ongoing malware attack so difficult to stop is the speed with which the assault can evolve. Over the past 12 days, an IFrame injection attack that originally focused on ZDNet Asia has been spreading across the 'Net, changing targets and payloads on an almost daily basis. An iFrame (short for inline frame) is an element of HTML that's used to embed HTML from another source into a webpage. The timeline of the attack is provided below, thanks in no small part to security consultant Dancho Danchev, who has kept a play-by-play account of the IFrame attack on his blog.
Read on for an interesting analysis of the injection method and how it is leveraging SEO engines. How do you feel this should be properly mitigated and countered?
Introduced in Ubuntu 7.10 was install-time encryption support where using the alternate installer one can fully encrypt their disk in an LVM using dm-crypt. Unfortunately, the Ubiquity installer in Ubuntu 8.04 continues to lack LVM and encryption support, but using Ubuntu 8.04 Alpha 6 we have looked at the performance cost of this encrypted configuration on Ubuntu Linux. Rather than looking directly at the disk read/write overhead caused by the encryption process, we have provided some benchmarks to see how the real-world performance is impacted in both gaming and other desktop tasks.
One reason most users don't encrypt their private information is that it takes too long. Checkout these benchmarks of encrypting an entire hard disk, you may be surprised.
Inguma 0.0.7.2 Released for Download - Penetration Testing Toolkit (Mar 17)
For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.
Open source exploit frameworks continue to evolve and improve - Inguma seems to have its focus upon Oracle systems. How do you feel this matches up against other frameworks such as Metasploit?
Take a few minutes and read this security newsletter. His latest posting states some interesting ideas about computer privacy. And as always let use know what you think about it.
When I write and speak about privacy, I am regularly confronted with the mutual disclosure argument. Explained in books like David Brin's "The Transparent Society," the argument goes something like this: In a world of ubiquitous surveillance, you'll know all about me, but I will also know all about you. The government will be watching us, but we'll also be watching the government. This is different than before, but it's not automatically worse. And because I know your secrets, you can't use my secrets as a weapon against me.
