Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: December 22nd, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Nipper: The Network Infrastructure Parser," "5 Best Linux/BSD Firewall Tools," and "Metasploit Decloaking Engine."
Norwich University's Master of Science in Information Assurance
(MSIA) program, designated by the National Security Agency as providing academically excellent education in Information Assurance, provides you with the skills to manage and lead an organization-wide information security program and the tools to fluently communicate the intricacies of information security at an executive level.
Learn more
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Nipper - The Network Infrastructure Parser (Dec 22)
Welcome to the Nipper Open Source project web site. Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.
The report can include a detailed security audit of the device settings or be a configuration report, the output is customisable. Nipper supports a wide variety of devices from different manufacturers such as Cisco, Nokia, Juniper, HP, CheckPoint, Nortel, 3Com, SonicWALL and Bay Networks.
Do you need detailed reports of your networks traffic? You might about to check out the Open Source project called Nipper. Read on for more information....
Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach. Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance.
What do you think about this list of firewall tools? Did they miss anyones that should be on it?
Firefox Issues Eight Patches for Web Browser (Dec 18)
Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.The patches come after security experts have recommended using a browser other than Microsoft's Internet Explorer 7 and older versions of IE due to a dangerous vulnerability. Microsoft is due to release an emergency patch for that problem Wednesday.
Have you upgraded your Firefox install to the latest version yet? This article looks at the security issues that are handled by theses patches. Also this is the last release of updates to Firefox 2.0.
This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed.
Have you used Metasploit for your penetration testing? This article looks at the Decloaking Engine. If you want to learn more about this extension to Metasploit read on...
"I am sad to be leaving, but I am excited to go work on something I have always been passionate about," Snyder wrote in the Mozilla security blog. "I wish I could tell you about it now, but that will have to wait for a while."
The Head of Security at Mozilla, Window Snyder, will be resigning from her position by the end of the year. Read on for more information and share your comments.
XMLHttpRequest Will Be More Secure in the Future (Dec 15)
Some of the most recent iterations of the XHR specification at w3c (edited by Anne van Kesteren) includes excellent security choices which will lock down the JavaScript HTTPOnly edge-case exposure vectors.The latest editorial draft of the XHR w3c spec http://dev.w3.org/2006/webapi/XMLHttpRequest/.
Have you read the latest XHR specification at w3c. An interesting part of it is the security improvements to Javascript XMLHttpRequest. If do any development in javascript or interested in Web security check out this article.
