Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: September 15th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "How To Block Spammers/Hackers With Apache2's mod_spamhaus," "Korset: Linux security Thanks To Static Analysis," and "Linux Security for Beginners."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.20 Now Available (Aug 19)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.20 (Version 3.0, Release 20). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
A common (and commonly ignored) step when rebuilding Source RPMs from a remote archive is that of verification of the authenticity of the content.
An archive maintainer may choose to sign, or to not sign RPM (and thus SRPM) content it releases. Implicitly, an archive which does sign its content provides a way for a consumer of that content, remote in time or at another site, to verify the authenticity, integrity, and provenance of that package. An earlier post discussed using GPG to verify signed content generally.
Have you ever wondered what the importance of using a signing key with RPM? This article discuses how to use them to make your RPM packages more secure.
How To Block Spammers/Hackers With Apache2's mod_spamhaus (Sep 16)
mod_spamhaus is an Apache module that uses DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address.
What to do when you find your site to be spam by attackers using your web forms? This article looks at one way of helping this problem which the Apache module called mod_spamhaus.
This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.
With the threat on DNS increasing and it's importance to the internet as a whole it's something that system administrator's need to take seriously. This article looks at the security tool for bind called PorkBind.
Korset: Linux security Thanks To Static Analysis (Sep 12)
Coworkers at the University of Tel Aviv have presented a prototype for a new host-based intrusion detection system (HIDS) for Linux. Named Korset, it uses static code analysis and promises zero failures.
A host-based intrusion system (HIDS) models an application's behavior and if the behavior deviates from the model, it sends an alarm. Earlier methods of intrusion detection depended either on static data derived from machine learning or on program policies created by developers. In the views of Professor Avishai Wool and kernel developer Ohad Ben-Cohen, the first method is susceptible to false positives and the second one costly.
If you are interested in Linux intrusion detection check out this article. It discusses host-based intrusion system (HIDS) models.
Fixed-mobile convergence (FMC) start-up Agito Networks Monday plans to announce voice-over-Wi-Fi encryption and other features for its RoamAnywhere Mobility Router.
The RoamAnywhere router is customer-premises equipment (CPE) that extends PBX policy and dialing plans across Wi-Fi and cellular networks to smart phones running RoamAnywhere client software. It enables location-based, seamless roaming between both types of wireless networks so that sessions aren't interrupted when mobile users cross wireless network borders
How secure do you think your wireless devices are? This article looks at the ways some software vendors are trying to solve this issue.
There is a saying in the security world that the only truly safe computer system is one that is disconnected from the network, switched off and buried six feet under ground. The sentiment may be somewhat true but it is hardly a practical solution to the problems we face today in protecting servers and desktops from outside intrusion.
There are more computer systems connected to the internet either directly or via local area networks than at any time in the history of technology and the numbers are growing at a rapid rate.
This article is a great guide to anyone that wants to learn more about Linux security. It goes into detail about the basic ways to help secure your Linux machine for example, firewalls and protecting services.
Open source Release Takes Linux Rootkits Mainstream (Sep 10)
The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers.
When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate. It's notable because it cloaks itself by burrowing deep inside a server's processor and availing itself of debugging mechanisms available in Intel's chip architecture. The rootkit, in other words, mimics a kernel debugger.
Rootkits are a treat that every computer user should think about. This article discusses one type of Linux rootkit which tries to mimics a kernel debugger.
Controlling Internet Access With SafeSquid (Sep 9)
Content-filtering proxies restrict Internet access privileges for users or groups across an entire network. They must be able to block unwanted content through keyword, URL, DNS, MIME, and image filtering. They need to authenticate and log a user's Internet activity by monitoring and generating detailed reports of URLs accessed, and they must integrate antivirus or malware protection by accessing a reliable antivirus server. Fulfilling all these functions may be a lot to ask, but SafeSquid delivers on all counts.
Do you want to use an open source content-filtering proxy that has the capabilities of Squid with content filtering and content security? Check out its features in this informative article.
Cybersecurity Best Practice: Guilty Until Proven Innocent (Sep 9)
Perhaps guilty until proven innocent isn't so bad an idea after all. It's often been said the "lawlessness" of the Internet is similar to the American "Wild West." I have always cringed when hearing that, because it's just too much of a stretch for me, but there's at least one aspect of it that is worthy of consideration when it comes to securing our data systems. In this case, guilty until proven innocent may actually have some merit after all.
This article lists some computer security best practices. These security skills could be applied to any network. What do you think about this best practice list? Would you add anything else to it?
Virtualization Users Should Expect More Attacks (Sep 8)
VMware's recent release of a large number of patches for its virtualization offerings is likely to be the first of many, as hackers increasingly focus their attention on virtualized environments.
That is according to security vendor, Fortify Software, which is urging caution among those companies looking to adopt virtualization technology.
This article looks into the recent security patches for VMware's virtualization software. Do you still trust VMware as a secure platform after this?
