Linux Security Week - September 1st 2003

[InfoSec News <isn () c4i org>]

+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  September 1st, 2003                           Volume 4, Number 35n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Building Secure
Wireless Networks with 802.11," "Blocking Kazaa traffic with
Linux/IPTables firewall," "Running custom DNS Queries - Stealthily
Managing iptables Rules," and "Information Security Program Development."

LINUX ADVISORY WATCH:
This week, advisories were released for docview, unzip, sendmail,
iptables, pam_smb, gdm, php, and perl.  The distributors include Debian,
FreeBSD, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and TurboLinux.

http://www.linuxsecurity.com/articles/forums_article-7875.html


FEATURE: A Practical Approach of Stealthy Remote Administration

This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your
enterprise firewall console or IDS).

http://www.linuxsecurity.com/feature_stories/feature_story-149.html

--------------------------------------------------------------------

> > FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

 Click Command:
 http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache

--------------------------------------------------------------------

Basic Intrusion Prevention using Content-based Filtering

This article will discuss a very useful but seemingly overlooked
functionality of Netfilter, a firewall code widely used in Linux, that
provides content matching and filtering capabilities.

http://www.linuxsecurity.com/feature_stories/feature_story-148.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Security Protection: Block That Port!
August 29th, 2003

So I started digging into the reality of this situation and find that
buried in all this information is another weakness that isn't widely
publicized. One port that could be a problem is the port used by trivial
file transfer, which happens to be port 69 for those of you that keeping
track. This port wasn't named by the feds as a target.

http://www.linuxsecurity.com/articles/network_security_article-7877.html


* Secure programmer: Developing secure programs
August 29th, 2003

This column explains how to write secure applications; it focuses on the
Linux operating system, but many of the principles apply to any system. In
today's networked world, software developers must know how to write secure
programs, yet this information isn't widely known or taught.

http://www.linuxsecurity.com/articles/security_sources_article-7880.html


* Secure Cooking with Linux, Part 2
August 28th, 2003

Recipe 3.12. Restricting Access by Time of Day.  Author's note: Most Linux
systems control access to their network services using inetd or xinetd,
two popular superdaemons. This recipe, excerpted from Chapter 3, "Network
Access Control," demonstrates how to make inetd and xinet restrict access
to those services depending on the time of day.

http://www.linuxsecurity.com/articles/documentation_article-7872.html


* Secure Cooking with Linux, Part 3
August 28th, 2003

Recipe 4.3, Creating Access Control Lists with PAM.  Author's note: PAM
(Pluggable Authentication Modules) is a flexible infrastructure for
controlling authentication on Linux systems. In this recipe, taken from
Chapter 4, "Authentication Techniques and Infrastructures," we show you
how to restrict authentication to a given set of users by creating an
access control list.

http://www.linuxsecurity.com/articles/documentation_article-7873.html



+------------------------+
| Network Security News: |
+------------------------+

* Building Secure Wireless Networks with 802.11
August 29th, 2003

Information security experts Khan and Kwaja combined their WiFi knowledge
and created this step-by-step guide covering all the major aspects of
802.11 networks. They cover the whole circle, from initial network and
product considerations, over installation and security, to troubleshooting
the existing network.

http://www.linuxsecurity.com/articles/documentation_article-7876.html


* Blocking Kazaa traffic with Linux/IPTables firewall.
August 29th, 2003

The "p2pwall" project has developed a GPL add-in for iptables based
firewalls that allows blocking of traffic to and from "Fast-Track"
software such as "Kazaa", Kazaa-lite, iMesh and grokster. The software is
designed for use in "permissive" firewall configurations where home-net
hosts are permitted more or less unlimited access to the public internet,
but are protected from in-bound connections.

http://www.linuxsecurity.com/articles/firewalls_article-7879.html


* Running custom DNS Queries - Stealthily Managing iptables Rules
August 28th, 2003

The only thing that's left in our procedure is how exactly we can create
these fake DNS requests on various machines.  We need to send DNS queries
to our machine with a hostname that matches one of the %mapping hash keys
in order to trigger the commands. Assuming our key is openssh, we can use
any of the following commands, depending on what software you have
installed and what operating system you're running.

http://www.linuxsecurity.com/articles/documentation_article-7867.html


* Slow Down Internet Worms With Tarpits
August 25th, 2003

Worms, worms are everywhere! The recent and prolific spread of Internet
worms has yet again demonstrated the vulnerability of network hosts, and
it's clear that new approaches to worm containment need to be
investigated. In this article, we'll discuss a new twist on an
under-utilized technology: the tarpit.

http://www.linuxsecurity.com/articles/network_security_article-7851.html


+------------------------+
| General Security News: |
+------------------------+

* Surprising percentage of public fears cyberattacks
August 29th, 2003

About half of Americans fear terrorists will launch cyberattacks on the
large networks that operate the banking, electrical transportation and
water systems, disrupting everyday life and possibly crippling economic
activity, according to a survey conducted by Federal Computer Week and the
Pew Internet & American Life Project.

http://www.linuxsecurity.com/articles/hackscracks_article-7882.html


* Information Security Program Development
August 29th, 2003

Formal adherence to detailed security standards for electronic information
processing systems is necessary for industry and government survival.
Security standards are needed by organizations because of the amount of
information, the value of the information, and ease with which the
information can be manipulated or moved.

http://www.linuxsecurity.com/articles/security_sources_article-7883.html


* Linux Review: The Concept of Security
August 26th, 2003

As I sat one morning working on some loose ends, my e-mail inbox signaled
the arrival of some new message. Experience is the best teacher, and my
experience told me this was a new worm or virus.  The attachment was
zipped, so I saved it to my Windows desktop and then FTPed it to one of my
Linux boxes.

http://www.linuxsecurity.com/articles/security_sources_article-7854.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.