Information Security News mailing list archives
Linux Security Week, Oct 23rd 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 23 Oct 2000 09:06:30 -0400
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 23, 2000 Volume 1, Number 25n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, a few interesting articles were released discussing firewalls. "Installing a firewall," and "Internet Firewall Essentials" covers the basics on how to implement firewall protection. In our Vendor section, we have highlighted an article that outlines a few of the commercial Linux firewalls that are available. This week, advisories were released for gnupg, php, traceroute, curl, fingerd, xpdf, LPRnf, muh, apache, cfengine, ping, ypbind/client, and gnorpm. The vendors include Caldera, Conectiva, Debian, FreeBSD, Mandrake, Red Hat, Slackware, SuSE, and TurboLinux. It is critical that you update all vulnerable packages to reduce the risk of being compromised. Vulnerability List: http://www.linuxsecurity.com/vuln-newsletter.html Webmasters, our advisory and news feed is now available in RDF format. We invite you to use and customize our feed to provide up-to-date security content on your website. http://www.linuxsecurity.com/linuxsecurity_articles.rdf http://www.linuxsecurity.com/linuxsecurity_advisories.rdf ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://ads.linuxsecurity.com/cgi-bin/thawte.pl HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Installation of a Secure Web Server October 22nd, 2000 This document provides a step-by-step guide to building a more secure web server, as well as tips on network placement. "Web servers are the most exposed servers on the Internet. In order for clients/target groups to be able to access the information provided, web servers must be accessible from any point on the Internet." http://www.linuxsecurity.com/articles/server_security_article-1800.html * BSDCon's BSD System Security tutorial October 19th, 2000 This year's BSDCon is being held at the Monterey Hyatt, in Monterey Ca. The first tutorial was a two-day tutorial covering BSD System Security. For the most part the classes are intensive and there was a lot of ground to cover. And attendees should have been fairly comfortable with at least one flavor of UNIX. http://www.linuxsecurity.com/articles/organizations_events_article-1791.html * Paasword: security October 17th, 2000 End-user security training could be the next IT budget blower, as e-commerce catapults sloppy end-user security practices beyond the corporate firewall. However the stakes are higher than ever before, with not just confidential corporate information at risk but ecommerce contracts and money transfers. http://www.linuxsecurity.com/articles/host_security_article-1770.html +------------------------+ | Network Security News: | +------------------------+ * DNS security upgrade promises a safer 'Net October 20th, 2000 An emerging technology promises to improve the security of the Internet's infrastructure by preventing hackers from hijacking Web traffic and redirecting it to bogus sites. The new security mechanism, dubbed DNSSEC, plugs a hole in the Internet's Domain Name System (DNS) that hackers have exploited to spoof Web sites. http://www.linuxsecurity.com/articles/server_security_article-1794.html * Wireless Security October 19th, 2000 Wireless devices are flooding the airwaves with millions of bits of information. Securing those transmissions is the next challenge facing e-commerce. In the not-too-distant future, you won't think twice about using your cell phone or PDA to access Amazon.com, Chase Manhattan or Home Depot from your beach blanket or backyard lawn chair. http://www.linuxsecurity.com/articles/network_security_article-1790.html * Inside the world of a 'hactivist' October 18th, 2000 Yetzer's a hacker and an acknowledged "social engineer" with curious nocturnal habits. There are thousands of people like him, who by day are system and network administrators, security analysts and start-up co-founders. When night comes, they transform into vampire wanna-bes, hedonists, Goths, cross-dressers and sadomasochists. http://www.linuxsecurity.com/articles/hackscracks_article-1784.html * Installing a firewall, Part 2 October 17th, 2000 In this three-part series, you'll learn to install and configure a Linux server and firewall. Part 1 covered the selection and installation of a secure Linux distribution. Part 2 covers the reassignment of the services provided by the old firewall the authors replaced. http://www.linuxsecurity.com/articles/firewalls_article-1772.html * Internet Firewall Essentials October 16th, 2000 This document, written in 1996, does an excellent job of describing the basics of the firewall, including proxy and bastion hosts, building a firewall, placement, and references to more information on building firewalls. http://www.linuxsecurity.com/articles/firewalls_article-1762.html * Abnormal IP Packets October 16th, 2000 This article is a very good introduction to the basics IP packets. "This article, a discussion of the characteristics of abnormal Internet Protocol (IP) packets, is the first in a series of tutorials that are intended to educate intrusion detection system administrators about IP." http://www.linuxsecurity.com/articles/intrusion_detection_article-1760.html +------------------------+ | Cryptography News: | +------------------------+ * New Encryption Regulations Take Effect On Today October 20th, 2000 In the final step toward matching the European Union's recent liberalization of rules governing the export of encryption products, the Commerce Department's Bureau of Export Administration has published a final rule allowing the export of encryption products of any strength to 15 EU nations and eight other trading partners. http://www.linuxsecurity.com/articles/cryptography_article-1793.html * Crypto-Gram October 15 October 16th, 2000 This month Bruce Schneier talks about the AES announcement, the NSA and security, "The Third Wave of Network Attacks", and comments on Senator Orrin Hatch's "Privacy Tools Handbook". http://www.linuxsecurity.com/articles/cryptography_article-1758.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Linux firewall survey, Part 2: Commercial firewall products October 17th, 2000 In Part 2 of our series on firewalls, another big name in software goes Linux. Check Point FireWall-1 helps Linux adapt to the critical area of securing enterprises. Also, some more firewalls for those who want to pay for their security. http://www.linuxsecurity.com/articles/firewalls_article-1767.html +------------------------+ | General News: | +------------------------+ * Dot-mil leads DNS security upgrade October 20th, 2000 Government agencies -- especially in the Defense Department -- are expected to be early adopters of an emerging technology that promises to improve Internet security by preventing hackers from redirecting Web traffic to bogus sites. http://www.linuxsecurity.com/articles/government_article-1792.html * Survey: Government Can't Be Trusted With Data October 19th, 2000 A survey by Information Technology Association of America found that people don't trust the U.S. government to secure their private information. Most of the 1,000 adults surveyed by phone about their comfort with the government's ability to safeguard their personal data said businesses are more trustworthy. http://www.linuxsecurity.com/articles/government_article-1787.html * Carnivore: The truth is worse than you thought October 18th, 2000 Carnivore, the FBI's controversial email snooping program, is part of covert surveillance triad known inside the bureau as the "DragonWare Suite", according to recently declassified documents. The documents also outline how the DragonWare Suite is more than simply an email snooping program: it's capable of reconstructing the Web surfing trail of someone under investigation. http://www.linuxsecurity.com/articles/privacy_article-1780.html * Panel: Open Source security needs to be priority October 17th, 2000 Open Source systems aren't inherently more secure than propriety systems unless the designers make security a priority, according to several security experts speaking at a conference Monday. Panel moderator Peter G. Neumann, from SRI International, argued that Open Source development, which he called "open box," presents both opportunities of "many eyes" finding software bugs that compromise security, and a challenge when some of those eyes aren't friendly. http://www.linuxsecurity.com/articles/forums_article-1773.html * An interview with the NSA October 17th, 2000 This 1999 article describes the account of one person going for a job interview for the National Security Administration. Good reading. "One striking thing about the interviews was that everybody I talked with knew very well what was on my resume and even in my transcripts I've never had that happen before. The process is all very humanely organized and well explained in advance. http://www.linuxsecurity.com/articles/forums_article-1775.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, Oct 23rd 2000 newsletter-admins (Oct 24)