![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Security Week - November 5th 2001
Date: Tue, 6 Nov 2001 03:56:20 -0600 (CST)
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| November 5th, 2001 Volume 2, Number 44n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Protect Yourself
with Secure Protocols," "The 60 Minute Network Security Guide," "Guide to
Firewall Selection and Policy Recommendations," and "Transparent Proxying
with Squid."
This week, advisories were released for squid, kernel, uucp, webalizer,
htdig, util-linux, teTeX, libdb, and the Red Hat printing system.
Vendors include Caldera, EnGarde, Mandrake, Red Hat, and SuSE.
http://www.linuxsecurity.com/articles/forums_article-3957.html
** FREE Apache SSL Guide from Thawte **
Planning Web Server Security? Find out how to implement SSL!
Get the free Thawte Apache SSL Guide and find the answers to all
your Apache SSL security issues and more at:
http://www.gothawte.com/rd90.html
* Don't Risk your network installing an insecure OS *
EnGarde was designed from the ground up as a secure solution, starting
with the principle of least privilege, and carrying it through every
aspect of its implementation.
* http://www.engardelinux.org
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
* ApacheWeek: 2.0 Security Summary
November 2nd, 2001
Two denial of service attacks were found in the Apache 2.0 code this week
- both concerned with memory usage when sending large requests. The first
was that the server did not respect the maximum header field length, and
would consume memory indefinitely while reading a header line.
http://www.linuxsecurity.com/articles/server_security_article-3962.html
* The art of Computer Forensics
November 1st, 2001
When the perpetrator deletes files, or when pieces of a file are
fragmented all over the place, hard disk/floppy disk examination is
another technique that computer forensic scientists employ. Basically,
this looks at all the bits on the magnetic media to match them up into a
coherent piece that may yield a clue or incriminating evidence
http://www.linuxsecurity.com/articles/intrusion_detection_article-3953.html
* Overview of LIDS, Part Two
October 31st, 2001
This is the second part of a four-part series devoted to an overview of
LIDS, a Linux kernel patch that will allow users to take away the
all-powerful nature of root in order to give programs exactly the access
they need and no more. The first article in this series offered an
overview of LIDS. This installment will look at file restrictions, LIDS
File ACLs, and LIDS enhancements of Linux capabilities.
http://www.linuxsecurity.com/articles/projects_article-3941.html
+------------------------+
| Network Security News: |
+------------------------+
* Hacker intrusion collusion creates 'perfect IDS'
November 3rd, 2001
Three months after the infamous Def Con hacker fest back in July, a group
of geeks have published data which they claim may prove to be the ultimate
Intrusion Detection System (IDS) test bed.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3963.html
* Protect Yourself with Secure Protocols
November 2nd, 2001
Securing your network activity is not difficult, but it does require an
awareness of how certain protocols work. This article will attempt to
address these protocols and situations and suggest ways of adding
security.
http://www.linuxsecurity.com/articles/cryptography_article-3961.html
* The 60 Minute Network Security Guide
November 1st, 2001
This SNAC Guide addresses security "best practices" from the National
Security Agency's Systems and Network Attack Center. It includes
information on security policies, passwords, host security, buffer
overflows, rootkits, and more.
http://www.linuxsecurity.com/articles/network_security_article-3955.html
* Guide to Firewall Selection and Policy Recommendations
October 31st, 2001
A draft of the Guide to Firewall Selection and Policy Recommendations
(.pdf format) is now available for public comment. This document is
intended for technical managers in the firewall and network security
areas, but it would also prove useful to those wishing to know more about
firewall technology and recommended policies.
http://www.linuxsecurity.com/articles/firewalls_article-3947.html
* Transparent Proxying with Squid
October 29th, 2001
Transparent proxying frees you from the hassle of setting up individual
browsers to work with proxies. If you have a hundred, or a thousand, users
on your network, it's a pain to set up each browser and to use proxies --
or to try to convince users to go into their preferences and type in these
symbols they don't understand.
http://www.linuxsecurity.com/articles/firewalls_article-3929.html
+------------------------+
| Cryptography News: |
+------------------------+
* DeCSS' DVD descrambler ruled legal
November 1st, 2001
The Copy Control Association (CCA), which was granted a preliminary
injunction against Andrew Bunner and other Webmasters, was handed its head
in a California appellate court Thursday. The trial court had granted the
injunction against publishing Jon Johansen's DeCSS DVD descrambler, but
Brunner appealed on First Amendment free-speech grounds.
http://www.linuxsecurity.com/articles/cryptography_article-3956.html
+------------------------+
|Vendors/Tools/Products: |
+------------------------+
* Nessus : another brick in the (security) wall
November 3rd, 2001
Nessus is a free security scanner available from http://www.nessus.org.
The project was started and is maintained by Renaud Deraison. The stable
version at the time of this writing is 1.09 and the experimental one is
1.14.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3964.html
* Freeware Security Web Tools
October 31st, 2001
In today's e-commerce-enabled environment, a company's Web site is of
paramount importance. Web sites are subject to daily attacks. Everything
from defacement to denial of service attacks are launched against small
"DotComs" and large multi-national corporations. The purpose of this
article is to look at some freeware Linux tools the security-conscious
administrator can use in the war against cyber attacks.
http://www.linuxsecurity.com/articles/security_sources_article-3948.html
* Tripwire aims to lock down routers, switches
October 29th, 2001
Working from the idea that intruders can't do much lasting damage to your
network if they can't make changes to files, Tripwire Inc. on Monday
announced a new version of its security lockdown software, Tripwire for
Routers and Switches. The product, formerly called Tripwire for Routers,
monitors all the routers and switches on a network, determining baselines
of activity and preferred configurations and tracking all changes made
from a single console, said Dwayne Melancon, vice president of marketing,
service and support at Portland, Ore.-based Tripwire.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3934.html
+------------------------+
| General News: |
+------------------------+
* $1 billion boost possible for IT security
November 2nd, 2001
A $20 billion stimulus package in the works by Senate Democrats may
include $1 billion to bankroll an information-technology fund, CNET
News.com has learned. As proposed by Sen. Joseph Lieberman, D-Conn., the
U.S. Office of Management and Budget would administer the fund and award
money to projects that aim to further protect the United States' critical
infrastructures, improve the security of government computer systems, or
harden the nation's defenses against natural and manmade threats.
http://www.linuxsecurity.com/articles/government_article-3958.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.