Linux Security Week: May 2nd 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Host-Based Intrusion Prevention," "Detecting suspicious network traffic with psad," and "Build an IDS with Snort, Shadow, and ACID."


DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!

LINUX ADVISORY WATCH - This week, articles were released for squid, gaim, evolution, junkbuster, samba, cvs, kdelibs, libtiff, mc, dia, cyrus, ImageMagik, openMosixview, kimgio, convert-UUlib, kernel, shareutils, and mozilla. Distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE.

LinuxSecurity.com Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.


Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Interview with Richard Stallman
  25th, April, 2005

An Italian web magazine, TuxJournal.net, has published an interesting interview with Richard Stallman. The interview deal of GPL news, Free Bios, Software Patents and much more. It could be interesting for each GNU/Linux user.

http://www.linuxsecurity.com/content/view/118970
 
  Encryption: the key to secure data?
  26th, April, 2005

For as long as modern computers have been around, they have been associated with encryption in one way or another. It is no coincidence that the first semi-programmable computer, Colossus, was developed to decrypt messages during the Second World War. Encryption relies on encoding information in a way that makes it difficult to decode without either a key (cipher) or an awful lot of mathematical muscle. The longer the length of the cipher (in bits), the more difficult it will be to break. Although there are many encryption techniques that are unbreakable in practice, there are very few that are unbreakable in theory, given enough time or processing power.

http://www.linuxsecurity.com/content/view/118973
 
  Firewalls ring changes
  27th, April, 2005

Once they were border controls, then customs and excise, now they are the police, the fire brigade and the health service. Can the firewall become the sole security device in the enterprise? Zaphod Beeblebrox, the two-headed anti-hero of Douglas Adams’ Hitchhiker’s guide to the galaxy, wears the future of firewalls on his head. His Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses turn black at the first hint of danger. This saves him from witnessing frightening events, so he remains cool and un-panicked in a dangerous universe.

http://www.linuxsecurity.com/content/view/118990
 
  Host-Based Intrusion Prevention
  27th, April, 2005

Layered security is a widely accepted principle of computer and network security. The basic premise is that it takes multiple layers of defense to protect against the wide variety of attacks and threats. Not only can one product or technique not protect against every possible threat, therefore requiring different products for different threats, but having multiple lines of defense will hopefully allow one product to catch things that may have slipped past the outer defenses.

http://www.linuxsecurity.com/content/view/118994
 
  DDoS: don't get stuck in denial
  25th, April, 2005

Forward-looking companies have long realized the great business opportunities that the Internet offers and it's no secret that organizations are shifting more and more of their business processes online.

While this move brings many advantages with it, such as widening customer reach and reducing overheads, the emergence of organized crime in the online world means that business needs to be sharper than ever when it comes to security.

http://www.linuxsecurity.com/content/view/118967
 
  Painful patching: How to lock down networked devices
  27th, April, 2005

Given the fact that almost all networks are connected to the Internet nowadays, your one hope of staying secure is to constantly patch all machines on the network with the latest vulnerability fixes. This may not be a big deal in environments consisting only of Windows 2003 servers and Windows XP workstations, for which you can simply use Microsoft's Software Update Services (SUS), System Management Server (SMS) or any number of third-party tools for patch updates. However, if your computers are running non-Microsoft operating systems or non-PC devices, or if your VPN allows connections by computers not controlled by your company, keeping everything up-to-date on your network becomes much more complex -- although not impossible.

http://www.linuxsecurity.com/content/view/118992
 
  Quantum encryption enters product phase
  28th, April, 2005

Network security systems that rely on the laws of quantum mechanics to create hack-proof networks are arriving in the form of practical products that are easily integrated into optical networks.

At the Infosecurity Europe 2005 trade show in London, id Quantique SA (Geneva) announced a turnkey quantum encryption system enabling hack-proof secure bridges between two Fast Ethernet (IEEE 802.3u) networks up to 100 kilometers apart. The move followed a March announcement by MagiQ Technologies Inc. (New York), which rolled a rework of its Quantum Private Network (QPN) 5505 system. The QPN 7505 incorporates Cavium Networks' Nitrox data encryption processors.

http://www.linuxsecurity.com/content/view/119017
 
  Detecting suspicious network traffic with psad
  26th, April, 2005

Have you ever wondered how many people are scanning your server looking for weaknesses? One way to find out is to install the Port Scan Attack Detector (psad), is a collection of three lightweight system daemons that alert you to suspicious network activity by analyzing iptables log files.

http://www.linuxsecurity.com/content/view/118986
 
  Build an IDS with Snort, Shadow, and ACID
  28th, April, 2005

Every organization understands the importance of using a firewall to protect its assets. But what happens if someone finds a hole in the wall? What if the infiltrator is actually someone from within your organization who wants to access information that he shouldn't? To cover those contingencies, you need an intrusion detection system (IDS) to complement your firewall. Fortunately, with a minimum amount of time and money you can set up an IDS with open source tools such as Snort, Shadow, and ACID.

http://www.linuxsecurity.com/content/view/119005
 
  Software firm settles GPL violation lawsuit
  29th, April, 2005

The UK subsidiary of security software firm Fortinet has settled an action brought against it because it was allegedly not complying with the terms of the General Public Licence (GPL), which underpins the distribution of most open source software.

Harald Welte, founder of the gpl-violations.org project, announced earlier this month that a German District Court had granted a preliminary injunction against Fortinet UK Ltd after the project sued, alleging that the security software firm had used GPL software in certain products and then used encryption technologies to hide the software.

http://www.linuxsecurity.com/content/view/119021
 
  Security professionalism comes to the fore at show
  25th, April, 2005

Also prominent among the 40 or so speakers is Fred Piper, who set up the Information Security Group at the Royal Holloway College and who is at the heart of work to improve IT security professionalism in the UK. Piper last year instigated the creation of a small and informal but very influential group of senior IT security professionals to ginger up progress and break down barriers between the various IT security bodies.

http://www.linuxsecurity.com/content/view/118965
 
  Security with respect BS7799
  25th, April, 2005

Information plays a very important role as it is the backbone of each IT Industry. A Company's sensitive information in wrong hands is a real threat towards the survival of the company. So the information should be managed considering all aspect of threats. So the standard BS7799 was introduced for the very same reason to manage the Sensitive data in a professional way.

http://www.linuxsecurity.com/content/view/118966
 
  Viruses 'a thing of the past'
  25th, April, 2005

No longer are antivirus experts as concerned with attention-grabbing viruses and worms causing mass destruction. Instead, they're hot for the bot.

A quarterly report released today by California-based McAfee Corp. noted says the "steady increase in Trojans and bots continues to grow while mass-mailer viruses taper off." It confirms similar findings reported last week by Russia-based Kaspersky Labs and in March by Cupertino, Calif-based Symantec Corp.

http://www.linuxsecurity.com/content/view/118968
 
  Fortinet settles GPL violation suit
  26th, April, 2005

Security vendor Fortinet has agreed to make some of its source code available, following accusations that it violated the GPL, the company said on Tuesday.

Earlier this month, gpl-violations.org founder Harald Welte obtained a court injunction against Fortinet, banning the company from distributing its products until it complied with the conditions of the GPL. Welte claimed that Fortinet not only misused GPL-licensed code, but also tried to hide its use of GPL code by using cryptographic techniques.

http://www.linuxsecurity.com/content/view/118976
 
  Web defacements and server hacks on the rise
  26th, April, 2005

Hackers carried out almost 500,000 more attacks on Web sites and servers last year than in 2003, according to independent research.

A study carried out by Zone-H, a Web site where hackers report their activity, found that global Web server attacks and Web site defacements rose by over 400,000 (36 percent) compared to 2003 figures.

http://www.linuxsecurity.com/content/view/118980
 
  £2.4 billion lost to hi-tech crime
  27th, April, 2005

Last year British business lost £2.4 billion to electronically-enabled crime, the National Hi-Tech Crime Unit has said. The Unit made the claim at its eCrimes congress in London on 5 April. According to a survey conducted by NOP, 89% of a sample group of 200 companies said that they had experienced some form of hi-tech crime during 2004.

http://www.linuxsecurity.com/content/view/118991
 
  Mobility and security top European IT agenda
  28th, April, 2005

Mobility and security will top the IT agenda for European businesses in 2005 as increasing confidence helps IT infrastructure spending to continue its upward trend, newly published research has found. A recent IDC end-user survey indicated that, after an "undeniably positive" 2004, a further uplift will be fuelled by corporate renewals and burgeoning small and medium-sized business (SMB) demand for IT.

http://www.linuxsecurity.com/content/view/119003
 
  Security for the Paranoid
  27th, April, 2005

Something strange happened to me recently: a friend told me I was too paranoid when it comes to security. It was strange because he was the third person to tell me that in a couple weeks. Sure, I expect most people to call me paranoid, but these were all colleagues in the security industry. Is it time to worry when security professionals consider you too paranoid?

http://www.linuxsecurity.com/content/view/118998
 
  New Virus Count Nearly Triples
  27th, April, 2005

The number of new viruses has almost tripled in the last six months, an anti-virus vendor said Tuesday, the spike fed by hackers releasing scads of variants to overwhelm defenses.

According to Panda Software, which is headquartered in Spain but has U.S. offices in Glendale, Calif., the count of new viruses has increased 278 percent since the third quarter of 2004.

http://www.linuxsecurity.com/content/view/119001
 
  Hackers attack IT conference
  26th, April, 2005

Security experts attending the Wireless LAN Event in London last Wedesday found that anonymous hackers in the crowd had created a Web site that looked like a genuine log-in page for a Wi-Fi network, but which actually sent 45 random viruses to computers that accessed it. "[This] gets very nasty as we've never seen it before," said Spencer Parker, a director of technical solutions at AirDefense. "It downloads 45 different randomly generated viruses, worms and keyloggers so antivirus software doesn't protect it. It doesn’t recognise the signatures."

http://www.linuxsecurity.com/content/view/118972
 
  Hushmail hit by DNS attack
  27th, April, 2005

Surfers trying to visit the web site of popular secure email service Hushmail were redirected to a false site early Sunday following a hacking attack. Hush Communications said hackers changed Hushmail's DNS records after "compromising the security" of its domain registrar (Network Solutions). These changes were undone after a few hours on Sunday and normal Hushmail services have now been restored.

http://www.linuxsecurity.com/content/view/118995
 
  Hotspot Hacking And How To Fight It
  25th, April, 2005

Use of public wireless hotspots is increasing, giving mobile workers and others access to essential data. The bad news: Security threats against hotspot users also are increasing.

That's the word from Richard Rushing and he should know since he is chief security officer for AirDefense, which specializes in security of mobile workers.

http://www.linuxsecurity.com/content/view/118969
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!