Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: April 14th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Web Security Gateway for Secure Apache," "Performance Tradeoffs of TCP Selective Acknowledgment," and "Network Security Converges With Ubuntu Linux."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
Open Source Tool of March: ZoneMinder - For January and February, we chose some of the staples of open source security (GnuPG and Nmap) as the tool of the month. And deservedly so; both have just celebrated their ten-year anniversary in the open source realm, a rare feat for any open source project, much less one founded on security.
But for the month of March, we wanted to move ahead and change gears. This month's Open Source Tool is no newbie for sure, but we bet that most of you reading haven't heard of it. While most Linux security tools deal with digital security, this month's tool is one of the few to cross that divide;
Welcome to Zone Minder, the Open Source Tool for March...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
WSGW - Web Security Gateway for Secure Apache (Apr 11)
The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software.
Leveraging features currently present in Apache, it is possible to create a front-end proxy to Apache which will provide an extra layer of security. This extra layer can integrate functionality such as traffic reporting, authentication, SSL, and even load balancing! Read the article for more info!
The KDE Guarddog program promises an easy Linux firewall setup with just a few clicks. Guarddog helps inexperienced users secure computers – and even whole networks – against attack.
The IPChains (Linux 2.2) and IPTables (Linux 2.4) tools configure the Linux firewall, but these commandline tools can be slightly cryptic for Linux newcomers. Simon Edwards developed Guarddog [1] to simplify the task of firewall configuration. Guarddog is a GUI-based configuration utility for managing firewalls. The Guarddog utility is licensed under the GPL and runs on either KDE 2 or KDE 3.
I am interesting if anyone as used KDE Guarddog and what do you think about it? I normally just manually add iptables from the command line but if this tool makes it easier then I am game.
Performance Tradeoffs of TCP Selective Acknowledgment (Apr 10)
Selective acknowledgment (SACK) is an optional feature of TCP that is necessary to effectively use all of the available bandwidth of some networks. While SACK is good for throughput, processing this type of acknowledgment has proven to be CPU intensive for the TCP sender. This weakness can be exploited by a malicious peer even under commodity network conditions. This article presents experimental measurements that characterize the extent of the problem within the Linux® TCP stack. SACK is enabled by default on most distributions.
This article provides a detailed analysis of the Linux TCP stack with an in-depth look at SACK. Can exploitation of SACK drive CPU intensity to the point that it can be considered a legitimate DoS attack? Read on to find out!
Network Security Converges With Ubuntu Linux (Apr 9)
Ubuntu, the fastest-growing version of Linux, is starting to attract interest from the managed services industry. One prime example: Untangle, which develops security solutions for managed service providers, is preparing to add support for Ubuntu within the next few months, MSPmentor has learned.
As you can tell by the rise of popularity in Linux distributions such as Ubuntu, managed service providers pay more attention due to the advantages of open source such as fair pricing and overall community. Untangle focuses on its network gateway - what other distros or MSPs have you heard about which leverages Linux?
Symark's Security Access Tool Bridges Linux, Active Directory (Apr 9)
There's a downside to adding Linux or Unix servers to a Windows shop: These orphan machines lie outside the protective umbrella of the centralized user authentication and authorization controls of Microsoft Active Directory. The result? Multiple user identifications and logins, higher risk of errors and security loopholes, and of course, more work for system administrators.
Adding security in a Linux and Window environment is an important step in the health of a users network. This article looks some ways to increase the security of an Linux Windows shared environment.
Move Over Storm - There's a Bigger, Stealthier Botnet in Town (Apr 8)
Researches have unearthed what they say is the biggest botnet ever. It comprises over 400,000 infected machines, more than twice the size of Storm, which was previously believed to be the largest zombie network.
Machines from at least 50 Fortune 500 companies have been observed to be running the malicious software that's at the heart of "Kraken," the botnet that security firm Damballa has been tracking for the last few weeks. So far, only about 20 percent of the anti-virus products out there are detecting the malware. Just as a con artist might throw off detectives by changing his hair color or other physical characteristics, Kraken's ability to morph its code base has allowed it to evade the majority of malware detectors.
Only twenty percent of all AVs currently out there have any ability to counter this surge of malware and spam. What suggestions or ideas do you have to counter morphing code in botnets?
2008 SELinux Developer Summit Call for Participation (Apr 8)
The SELinux Developer Summit will be a one day summit intended to provide a forum for focused technical discussion regarding current and future development plans for SELinux and related Flask/TE projects. The intended audience will consist of current SELinux developers, system/security administrators, distribution organizers/packagers, and power users. The format will be a mix of presentations and moderated discussion, including a panel where attendees will be invited to submit questions and feedback.
The SELinux Developer Summit is looking for people to take part in the action. Will you be one of them?
Before we proceed, it would be best to cover some basic user administration topics that will be very useful in later chapters. Adding Users
One of the most important activities in administering a Linux box is the addition of users. Here you'll find some simple examples to provide a foundation for future chapters. It is not intended to be comprehensive, but is a good memory refresher. You can use the command man useradd to get the help pages on adding users with the useradd command or the man usermod to become more familiar with modifying users with the usermod command
Most Linux user's have used sudo before but do you know how to use it to increase your security? This article does a great job at explaining everything you need to know about sudo.
Nearly three years after the initial post describing the idea , I am happy to report that OpenPacket.org 1.0 is ready for public use, free of charge.
The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and other members of the digital security community. One of the most difficult problems facing researchers, analysts, and others is understanding traffic carried by networks. At present there is no central repository of traces from which a student of network traffic could draw samples. OpenPacket.org will provide one possible solution to this problem.
For all the Snort, Wireshark, and TcpDump enthusiasts out there, OpenPacket.org provides fresh packets for research and analyzing purposes. Looking for a particular traffic pattern? Check out OpenPacket.org!
