Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: June 16th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Test Your Environment's Security With BackTrack," "When Snort is Not Enough," and "A Comprehensive Guide to Nmap with Screenshots."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: The Book of Wireless - “The Book of Wireless” by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Jun 17)
Netcraft's June SSL Survey has found that a significant number of SSL certificates are affected by the Debian OpenSSL vulnerability, including Extended Validation SSL certificates and certificates belonging to banks.
The vulnerable certificates afford opportunities to create deceptive sites which use apparently valid SSL certificates, giving the user the impression that the site belongs to the certified organisation. In the case of EV certificates, browsers will also turn the address bar green, even though the certificate may be cloned.
Debian OpenSSL flaw does not seem to be over yet. It was discovered a number of SSL certificates are affected by the Debian OpenSSL. This article looks at how this attack is possible.
Test Your Environment's Security With BackTrack (Jun 16)
In the field of penetration testing, BackTrack is today's premier Linux distribution. Designed for, created by, and used by security professionals around the globe, BackTrack is the result of a merger between two earlier, competing distributions -- WHAX and Auditor Security Collection. The most recent beta version was released on June 10.
BackTrack 3.0 beta (BT3) is showing up in a lot of places these days. There was a presentation in February at ShmooCon, an annual hacker convention. At this year's National Collegiate Cyber Defense Competition (NCCDC), it was the distro of choice for the Red Team -- the attackers -- made up of experienced security professionals.
Have you heard about the penetration tool called BackTrack? This article looks at ways to get started using BackTrack.
Tips for Your Users: Passwords You Can Live With (Jun 13)
If you haven't already heard, you should be writing down your passwords. Good password security practices don't dictate that you must remember everything. Why would you want to, and what is the best way to do this securely? These, and other important questions will be answered in this article.
Having strong passwords is an basic but important security practice. This article looks at how users can use strong passwords with little effort.
Let us go a little deep about the access privileges and rights which a root user has on a Linux system. Root is the default name for system administrator in a *NIX system - a super user who can do anything and everything within the operating system. As a result, root login should be used with special care. While working with a root login, we can end up doing a lot of harm to our system as well as the data, accidentally.
For any user of Linux it's important to make your root account as tight as possible from attack. This article looks as some of the security issues with root and ways to improve it's security.
The NSA have announced the release of updated version of the core SELinux code, available from their web site. This release includes support for permissive domains (allowing permissive mode on a per-domain basis), user and role mapping via sepol, and various minor fixes and enhancements.
The Linux kernel developers have fixed security flaws in version 2.6.25.5 published last Friday that affect the CIFS and SNMP-NAT modules (nf_nat_snmp_basic). Crafted packets can cause a buffer overflow remotely in the BER decoder used by the ASN.1 parser. The kernel then crashes, and it may even be possible to inject and execute code in the process.
What you think will be the impact of these kernel security flaws? How many people will update their systems kernel?
There is a saying in the security world that the only truly safe computer system is one that is disconnected from the network, switched off and buried six feet under ground. The sentiment may be somewhat true but it is hardly a practical solution to the problems we face today in protecting servers and desktops from outside intrusion.
This article show the user the basics of Linux security. It is a great how-to for any Linux user. It looks at the basics like open services and firewalls. Do you have any quick tips for the beginner Linux user how is look to make their computer more secure?
Once alert generation (intrusion detection) mode is enabled, the matter becomes complicated. Snort is no longer rendering or logging -- it has become a Traffic Intelligence System (TIS), as described in the last Snort Report. A TIS is valuable if it's trusted. Trust comes from being able to understand how a tool came to a certain conclusion. For example, if Snort reports seeing Attack X, you want to know how Snort made that judgment.
This article brings up some good points about intrusion detection. What do you feel is the state of intrusion detection software like Snort? Are they effective enough to implement on your network?
A Comprehensive Guide to Nmap with Screenshots (Jun 10)
Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.
This article is a quick user's guide to Nmap. I use this tool all the time it's a good easy to use tool for testing what services and ports are open.
Distributing New SSH Keys Using Rsh On Linux And Unix (Jun 9)
Today we're going to grind through our "Lazy Sunday" post with a quick script to update SSH keys network-wide, by using rsh (the less secure of the two protocols). Once you've accomplished this (or have already accomplished this) and are happy with your network's SSH setup, I'd suggest disabling rsh altogether. Then you can move on to quickly setting up your SSH keys all over the network, focus on maintaining the integrity of your sessions, if you have issues with that, and even setting simple SCP routines to help keep your network easy to manage.
This article looks at how you can update your SSH Keys on your network with a simple script.
The new Firefox 3 browser is approaching fast its final release to the public and millions of fans will download the new product from Mozilla this month. For me this is a very exciting event and a great opportunity to show you which changes and improvements will effect us, specially in relation to SSL secured web site.
What do you think about the changes to Firfox's SSL features? Are they an improvement over the older Firefox versions? I would be interesting in what users are think about Firefox 3 bata security features.
