|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Linux Security Week - April 23 2001
newsletter-admins
linuxsecurity.com
Date: Mon Apr 23 2001 - 08:57:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 23rd 2001 Volume 2, Number 16n |
| |
| Editorial Team: Dave Wreski davelinuxsecurity.com |
| Benjamin Thomas benlinuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.
This week, our newsletter is composed of many interesting articles. It
is good to see that better quality papers are now being published.
Although some of the topics are trivial to seasoned security experts,
the topics are still important and should be addressed. Some of the
best articles included, "Securing Your Apache Server," "Iptables Basics
NHF," and "Firewall Design White Paper." Also this week, if you are
an EnGarde user, you will probably want to take a look at our
Tripwire and vsFTP HOWTOs.
* EnGarde Tripwire HOWTO
This document provides the steps a user can perform to configure
Tripwire for use with EnGarde Secure Linux 1.0.1 (Finestra). It is
assumed that the reader is familiar operating as the root user and
knows how to use basic shell commands.
http://www.linuxsecurity.com/articles/vendors_products_article-2877.html
### FREE Apache SSL Guide from Thawte ###
Planning Web Server Security? Find out how to implement SSL! Get the
free Thawte Apache SSL Guide and find the answers to all your Apache
SSL security issues and more at:
http://www.thawte.com/ucgi/gothawte.cgi?a=n342707510022000
HTML Version available:
http://www.linuxsecurity.com/newsletter.html
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+
* Virtual Burglar Alarm - Intrusion Detection Systems (Part 1)
April 22nd, 2001
Simply put, intrusion detection systems (ID systems) are virtual
burglar alarms. ID systems automatically recognize attacks on network
security and computer systems. Specifically, ID systems monitor
compliance with security policies.
http://www.linuxsecurity.com/articles/intrusion_detection_article-2907.html
* Starting points of a secure Linux system
April 19th, 2001
Starting points of a secure Linux system: "To keep it short and
simple, here are some good pointers to enhancing your system's
security. But remember, there's no absolute security, so keep your
eyes open, subscribe yourself to good sec-related mailing lists, and
keep your software up-to-date."
http://www.linuxsecurity.com/articles/host_security_article-2896.html
* Securing Your Apache Server
April 17th, 2001
An excerpt from Chapter 3, "Security," of Apache: The Definitive
Guide, 2nd Edition. Enable Apache to communicate securely over
Secure Sockets Layer (SSL). Covers building, configuring, and
securing an SSL-enabled Apache server under Unix.
http://www.linuxsecurity.com/articles/server_security_article-2879.html
+------------------------+
| Network Security News: |
+------------------------+
* Dynamic iptables firewalls
April 21st, 2001
The best way to see the benefits of dynamic firewall scripts is to
see them in action. To do this, let's imagine that I'm a sysadmin at
an ISP, and I've recently set up a Linux-based firewall to protect my
customers and internal systems from malicious users on the Internet.
http://www.linuxsecurity.com/articles/firewalls_article-2904.html
* Firewall Design White Paper
April 19th, 2001
This paper here is not a set of instructions of how to built an
access nexus it is more like a white paper of things you should
expect from such a device and be able to ask for them from you
vendor. Please do tell them that they are currently availlable on
Open Source Servers.
http://www.linuxsecurity.com/articles/firewalls_article-2895.html
* Intrusion Detection
April 18th, 2001
Definition -- Intrusion detection is the art and science of sensing
when a system or network is being used inappropriately or without
authorization. An intrusion-detection system (IDS) monitors system
and network resources and activities and, using information gathered
from these sources, notifies the authorities when it identifies a
possible intrusion.
http://www.linuxsecurity.com/articles/intrusion_detection_article-2887.html
* Iptables Basics NHF
April 17th, 2001
I'm sure many of you have been wondering how to use iptables to set
up a basic firewall. I was wondering the same thing for a long time
until I recently figured it out. I'll try to explain the basics to at
least get you started.
http://www.linuxsecurity.com/articles/firewalls_article-2871.html
+------------------------+
| Vendors/Products: |
+------------------------+
* Cylant Technology Releases CylantSecure(tm) for Linux
April 22nd, 2001
This document covers secure processes and services for NetBSD
Operating Systems and Networks. Most of the information in this
document can easily be translated to other BSD systems, however.
http://www.linuxsecurity.com/articles/vendors_products_article-2909.html
* Embedded Firewalls: The Next Wave?
April 20th, 2001
Certainly your organization uses a firewall, most likely at your
network borders. And many of you have adopted firewalls to protect
your internal network segments, servers, and workstations. Most of
these solutions are software-based-you must load that software on
top of an existing OS
http://www.linuxsecurity.com/articles/firewalls_article-2901.html
* EnGarde FTP HOWTO
April 17th, 2001
This document provides the steps a user can perform to enable and
configure the ftp daemon (ftpd) for EnGarde Secure Linux 1.0.1 (Finestra).
It is assumed that the reader is familiar operating as the root user
and knows how to use a text editor such as vi(1) or pico(1).
http://www.linuxsecurity.com/articles/vendors_products_article-2876.html
* EnGarde Tripwire HOWTO
April 17th, 2001
This document provides the steps a user can perform to configure
Tripwire for use with EnGarde Secure Linux 1.0.1 (Finestra). It is
assumed that the reader is familiar operating as the root user and
knows how to use basic shell commands.
http://www.linuxsecurity.com/articles/vendors_products_article-2877.html
+------------------------+
| General News: |
+------------------------+
* FTP Buffer Overflows
April 22nd, 2001
In this column, we look at buffer overflows in many FTP daemons,
Oracle Application Server, Solaris ipcs, Solaris Xsun, and a whole
list of programs in SCO OpenServers; temporary file race conditions
in pine and pico; format string bugs in HylaFAX and cfingerd; a bug
that allows Netscape to execute JavaScript placed in a GIF comment;
and problems in Midnight Commander, mkpasswd,
http://www.linuxsecurity.com/articles/server_security_article-2908.html
* Back to school to learn to hack
April 20th, 2001
How do you predict the actions of a criminal? Get into his or her
head, work out what makes them tick and learn the techniques they
have at their disposal.
http://www.linuxsecurity.com/articles/hackscracks_article-2900.html
* Industry groups form Internet Security Alliance
April 20th, 2001
Several industry groups joined forces Thursday to form a new
consortium dedicated to improving the security of the Internet.
The Internet Security Alliance -- a collaborative effort of the CERT
Coordination Center, the Software Engineering Institute and the
Electronic Industries Alliance -- hopes to serve as a portal for
information about threats, best practices and risk management
strategies
http://www.linuxsecurity.com/articles/vendors_products_article-2903.html
* Ponying up for real-time security alerts
April 20th, 2001
CERT Coordination Center, formerly known as the Computer Emergency
Response Team at Carnegie Mellon University, and the Electronic
Industries Alliance (EIA), an electronics industry trade
organization, on Thursday launched the Internet Security Alliance
(ISA).
http://www.linuxsecurity.com/articles/general_article-2899.html
* IP Insecurity
April 17th, 2001
Stolen credit card numbers, hacked federal computer systems and
other high-profile online assaults have put many users on their
guards and focused the attention of security managers on high-level
intrusion-detection systems, chains of firewalls and other
high-level defenses.
http://www.linuxsecurity.com/articles/network_security_article-2880.html
* Securing Java Code: Part 1
April 16th, 2001
Software is basically the root of all evil when it comes to common
computer security problems. Today you can easily find
comprehensive checklists for how to secure networks and operating
systems.
http://www.linuxsecurity.com/articles/general_article-2867.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-requestlinuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]