Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week - November 24th 2003

From: InfoSec News <isn () c4i org>
Date: Tue, 25 Nov 2003 02:02:51 -0600 (CST)
+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  November 24th, 2003                           Volume 4, Number 47n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Building an LDAP
Server on Linux," "Traffic Control HOWTO," "Wireless LANs: Are they worth
the trouble," and "Managing risk, to a degree."

---


Free Trial SSL Certificate from Thawte <<


Take your first step towards giving your online business a competitive
advantage. Test-drive a Thawte SSL certificate our easy online guide will
show you how.

Get started now:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte27

---

Guardian Digital Launches First Secure Small Business Internet
Productivity Solution

Building a complete Internet security and productivity system for your
organization just got a whole lot simpler and more secure with Guardian
Digital Internet Productivity Suite. Web-based management, spam and virus
control, groupware, VPN services, and more!

Find out more now:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=ips01

---

LINUX ADVISORY WATCH:
This week advisories were released for zebra, hylafax, minimalist, Glibc,
XFree86, Sane, postgresql, and apache.  The distributors include
Conectiva, Debian, Mandrake, RedHat, SuSE, and Trustix.

http://www.linuxsecurity.com/articles/forums_article-8375.html


OpenVPN: An Introduction and Interview with Founder, James Yonan In this
article, Duane Dunston gives a brief introduction to OpenVPN and
interviews its founder James Yonan.

http://www.linuxsecurity.com/feature_stories/feature_story-152.html

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Setting up server tools for spam- and virus-free mail
November 20th, 2003

It is amazing how much easier it is to get through an inbox uncluttered by
unwanted messages. After a week of email nearly free of spam and viruses,
the time and effort it took to configure a Linux mail server with
SpamAssassin, MIMEDefang, and sendmail seem well worth the trouble.

http://www.linuxsecurity.com/articles/server_security_article-8369.html


* Secure the incompatible
November 19th, 2003

As web services become more complex and involve interaction between
multiple parties, users will require more versatile security. Simple,
point-to-point web services can be secured in much the same way as
interactive web sessions are secured today, by using Secure Sockets Layer.
However, for situations in which security must be preserved throughout a
series of cascading web services - operations such as supply chain,
transaction brokering, and multi-party fulfilment processes - the key
security specification is WS-Security.

http://www.linuxsecurity.com/articles/server_security_article-8364.html


* Building an LDAP Server on Linux, Part 3
November 18th, 2003

So, you've come back for more OpenLDAP fun. Part 1 of this series served
as an introduction to the Lightweight Directory Access Protocol, with a
breakdown of what the protocol can and cannot do. In Part 2 we covered
installation and a very basic configuration. Today we'll populate our
directory with actual data and glide effortlessly through some of the more
common showstoppers.

http://www.linuxsecurity.com/articles/documentation_article-8355.html



+------------------------+
| Network Security News: |
+------------------------+

* FAQ: Firewall Forensics
November 19th, 2003

This document explains what you see in firewall logs, especially what port
numbers means. You can use this information to help figure out what
hackers/worms are up to.  This document is intended for both
security-experts maintaining corporate firewalls as well as home users of
personal firewalls.

http://www.linuxsecurity.com/articles/firewalls_article-8363.html


* Reviews: SSL VPNs
November 19th, 2003

More and more companies are letting staffers work remotely. In fact, the
number of U.S. employees who work remotely at least one day per month has
increased by nearly 40 percent since 2001, according to a recent study
conducted by The Dieringer Research Group.  But most of these companies
still rely on IP security or Point-to-Point Tunneling VPNs to ensure
secure access to internal resources.

http://www.linuxsecurity.com/articles/network_security_article-8358.html


* Wireless LANs: Are they worth the trouble?
November 18th, 2003

The large-scale WLAN installations expected soon will change the way users
access networks. However, it will also open doors to new security threats.
In an environment of heightened IT security concerns, this is an urgent
issue to be addressed by Wi-Fi vendors. International Data Corp., another
market research firm, predicts that the growth in worldwide spending on
security and business continuity will dwarf that in overall IT spending.

http://www.linuxsecurity.com/articles/network_security_article-8349.html


* Updated: Traffic Control HOWTO
November 18th, 2003

Traffic control is the name given to the sets of queuing systems and
mechanisms by which packets are received and transmitted on a router. This
includes deciding which (and whether) packets to accept at what rate on
the input of an interface and determining which packets to transmit in
what order at what rate on the output of an interface.

http://www.linuxsecurity.com/articles/network_security_article-8357.html


* KISMET: 802.11 Sniffer
November 17th, 2003

Kismet is a 802.11 wireless network sniffer - this is different from a
normal network sniffer (such as Ethereal or tcpdump) because it separates
and identifies different wireless networks in the area. Kismet works with
any 802.11b wireless card which is capable of reporting raw packets (rfmon
support), which include any prism2 based card (Linksys, D-Link, Rangelan,
etc),

http://www.linuxsecurity.com/articles/security_sources_article-8343.html


* VPN's: IPSec vs. SSL
November 17th, 2003

By implementing a VPN, a company can provide access to the internal
private network to clients around the world at any location with access to
the public Internet. It erases the administrative and financial headaches
associated with a traditional leased line wide-area network (WAN) and
allows remote and mobile users to be more productive.

http://www.linuxsecurity.com/articles/network_security_article-8345.html



+------------------------+
| General Security News: |
+------------------------+

* "Phishing" Identity Theft Is Gaining Popularity
November 21st, 2003

Most of us know by now not to give out our passwords, ATM PINs, or other
secret information when requested by e-mail. But an increasing number of
people are giving out that information, even those of us who should know
better. What makes this doubly annoying is that the scam is an old one,
and it has nothing to do with technology per se.

http://www.linuxsecurity.com/articles/privacy_article-8376.html


* Central Control: Let's Get it Together
November 20th, 2003

Until recently, systems and security management have usually been seen as
separate disciplines. While large framework vendors paid lip service in
marketechture visions of deeply integrated security with the rest of
systems and application management, this vision never materialized at a
practical ops level.

http://www.linuxsecurity.com/articles/network_security_article-8370.html


* Managing risk, to a degree
November 18th, 2003

There's now a university masters in IT security and places are filling
fast.  Line after line of internet protocol information flash up on a
previously dormant console. "What's that?" I ask the IT manager, as he
shows me around his busy e-commerce infrastructure.

http://www.linuxsecurity.com/articles/general_article-8348.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: