Linux Security Week: February 28th 2005
Source: Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Linux kernel to include IPv6 firewall," "Automated Patching: An Easier Approach to Managing Your Network Security," and "Honeypot Project finds decline in Linux attacks."

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

LINUX ADVISORY WATCH - This week, advisories were released for emacs, gftp, bidwatcher, mailman, squid, mod_python, kdeedu, gamin, pcmcia, openssh, postgresql, gimp, midnight commander, gproftpd, cyrus imap, cups, kdelibs, xpdf, uim, cpio, and vim. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE. Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Knoppix Hacks
  21st, February, 2005

Many people, at least people in the techno-geek world, are familiar with Knoppix at least far enough to know it is a version of Linux. Some of those people may even know that it is a portable version of Linux that is able to boot entirely from the CD without the need for any installation. But, this book will show those people just how versatile and powerful a tool Knoppix can be- even for supporting and maintaining Windows systems.
  HITB E-Zine: Issue #36 Released
  20th, February, 2005

After a nice Chinese New Year break we are pleased to bring you Issue #36 of the HITB e-zine. This is a pretty interesting issue with an exclusive article on Red Hat PIE Protection written by Zarul Shahrin as well as an article on building a simple wireless authenticated gateway using OpenBSD by Rosli Sukri (member of the HITB CTF Crew).
  Linux kernel to include IPv6 firewall
  21st, February, 2005

Version 2.6.12 of the Linux kernel is likely to include packet filtering that will work with IPv6, the latest version of the Internet Protocol. Netfilter/iptables, the firewall engine that is part of the Linux kernel, already allows stateless packet filtering for versions 4 and 6 of the Internet protocol, but only allows stateful packet filtering for IPv4. Stateful packet filtering is the more secure method, since it analyses whole streams of packets, rather than only checking the headers of individual packets -- as is done in stateless packet filtering.
  Firewall Builder 2.0.6
  24th, February, 2005

Firewall Builder consists of an object-oriented GUI and a set of policy compilers for various firewall platforms. In Firewall Builder, a firewall policy is a set of rules; each rule consists of abstract objects that represent real network objects and services (hosts, routers, firewalls, networks, protocols).
  Automated Patching: An Easier Approach to Managing Your Network Security
  22nd, February, 2005

Patch management is an essential administration task within today√ēs busy IT networks with the constant threat of new security bugs. Some companies will wait for an attack before taking necessary action to protect themselves from further threat whilst others consider patching as often as possible.
  Security holes affect multiple Linux/Unix products
  23rd, February, 2005

Attackers could launch malicious code by exploiting vulnerabilities in a file transferring tool used in many Linux and Unix systems, according to two security firms. Reston, Va.-based iDefense said the security holes exist in cURL/libcURL, a command line tool for transferring files with a URL syntax such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP.
  Zen and the Art of Intrusion Detection
  22nd, February, 2005

If a tree falls in a forest with no-one to hear it, does it make a sound? So goes a typical zen-like philosophical question. While it's thought-provoking, what does it have to do with Intrusion Detection Systems (IDS)? Simple √? if you're not there to watch the tree fall, do you need to know whether it fell or not? The same principle applies with IDS.
  Review: Linux Server Security
  23rd, February, 2005

Staying on my current security theme, O'Reilly has published a second edition of Linux Server Security by Michael D. Bauer. The book, targeted toward those managing Internet-connected systems, also known as bastion hosts, packs a powerful arsenal of security design, theory and practical configuration schemes into 500 pages.
  Oracle wraps top-notch security around Linux
  23rd, February, 2005

Oracle has tightened up the security of a number of its products to allow customers to use them in critical national infrastructures, including in conjunction with open source technology from Linux. Oracle has met the Common Criteria Evaluations at the EAL4 level √? the highest industry security level for commercial software √? for its Oracle Internet Directory, a middleware component of Oracle Identity Management; Oracle9i Database release 2; and the Oracle9i Label Security release 2.
  How to cut patchwork√Č and save a cool $100m
  24th, February, 2005

ccording to Gilligan, a new vulnerability is discovered nearly every day in the commercial software products the Air Force uses √? not just Microsoft, but also Linux, Oracle and Cisco Systems. "What we are now reaping is the unfortunate consequence of an era of software development in the 90s, when the rush to get the product to market overrode the importance of correctness in the quality of the software."
  Novell appliance takes security to the edge
  22nd, February, 2005

Novell has developed a Linux-based "perimeter security" hardware appliance that protects companies against security threats such as hackers, viruses, worms, spam and network intrusions. Novell launched the Novell Security Manager at last week's RSA conference. It is aimed at small and medium-sized businesses.
  Firefox phishing flaw fixed
  25th, February, 2005

A vulnerability that could allow Web addresses to be spoofed has been fixed in an updated version of the Firefox browser The Mozilla Foundation released an update to the Firefox Web browser on Thursday to fix several vulnerabilities, including one that would allow domain spoofing.
  Arkeia Network Backup Agent Remote Access (Exploit?)
  21st, February, 2005

On February 18th, 2005 "John Doe" posted a remote buffer overflow exploit for the Arkeia Network Backup Client. This vulnerability affected all known versions of the software, going back as far as the 4.2 series (when the company was called Knox). The buffer overflow occurs when a large data section is sent with a packet marked as type 77. The Arkeia Network Backup Client is your typical backup agent; it runs with the highest privileges available (root or LocalSystem) and waits for a connection from the backup server. The Arkeia client and server both use TCP port 617 for communication. According to the SANS ISC, the kids are wasting no time.
  Honeypot Project finds decline in Linux attacks
  24th, February, 2005

Unpatched Linux systems are lasting longer on the internet before being compromised, according to a study by the Honeynet Project, a nonprofit group of security professionals that researches online attackers' methods and motives. Data from 12 honeynets showed that the average "life expectancy" of an unpatched Linux system has increased to three months from 72 hours two years ago.
  Is variable reponse the key to secure systems?
  21st, February, 2005

Intrusion detection software (IDS) first made a serious impression on the European security market in the late 1990s. As with vulnerability scanning products, how good it was depended on where it got its database from and how often it was updated. IDS then languished for a few years with little variation. Improvements in alerting, refinements in detecting false positives and more enterprise scalability were the notable developments.
  Linux For The Future
  22nd, February, 2005

Red Hat spent last week trying to get customers to expect more from Linux, talking up the release of the first version of its operating system based on the 2.6 Linux kernel. Red Hat Enterprise Linux 4 adds a number of security, scalability, desktop, and management features.
  Insecure ISP Support Is No Help at All
  23rd, February, 2005

Hello, this is officer support of the ISP Police Department. You say you're worried that someone might try to steal your car? OK, I'm going to try to troubleshoot this problem for you, but I need you to do two things. First, I'm going to need you to bring your car down so we can check it out. But I want you to park your car in a poorly lighted lot in a shady part of town. Trust me, we handle this kind of thing all the time.
  Feds square off with organized cyber crime
  24th, February, 2005

Computer intruders are learning to play well with others, and that's bad news for the Internet, according to a panel of law enforcement officials and legal experts speaking at the RSA Conference in San Francisco last week. Christopher Painter, deputy director of the Justice Department's computer crime section, spoke almost nostalgically of the days when hackers acted "primarily out of intellectual curiosity." Today, he says, cyber outlaws and serious fraud artists are increasingly working in concert, or are one and the same. "What we've seen recently is a coming together of these two groups," said Painter.
  Entrepreneur-professor teaches students to stop hackers, viruses, has lessons for all
  Mesh Networking Soars to New Heights
  19th, February, 2005

Mesh Networking and community wireless broadband reached new heights with a world first for Locustworld MeshAP PRO when a Shadow microlight aircraft flew over Lincolnshire UK and successfully tested air to ground mesh networking and voice over broadband. South Witham broadband (Lincolnshire UK) joined forces with Make Me Wireless (Australia) and using LocustWorld MeshAP PRO and Asterisk VoIP equipment, seamlessly created air to ground voice communications at 2000 feet with the 16 node South Witham community broadband network.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!