Linux Security Week - August 18th 2003

    Date17 Aug 2003
    Posted ByAnthony Pell
    This week, perhaps the most interesting articles include "2.6 Kernel Cures Some Security Shortcomings," "Honeypot Farms," "How Secure Is Your SAN," and "Advanced Encryption Standard by Example.". . . This week, perhaps the most interesting articles include "2.6 Kernel Cures Some Security Shortcomings," "Honeypot Farms," "How Secure Is Your SAN," and "Advanced Encryption Standard by Example."

    ...FREE Apache SSL Guide from Thawte - Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs.

    LINUX ADVISORY WATCH -This week, advisories were released for lynx, zblast, perl, kernel, signal, iBCS2, ddskk, konquerer, man-db, xpcd, stunnel, postfix, and php. The distributors include Conectiva, Debian, FreeBSD, Gentoo, Red Hat, SuSe, Trustix, and TurboLinux.

    LinuxSecurity Feature Extras:

    Basic Intrusion Prevention using Content-based Filtering - This article will discuss a very useful but seemingly overlooked functionality of Netfilter, a firewall code widely used in Linux, that provides content matching and filtering capabilities.

    Expert vs. Expertise: Computer Forensics and the Alternative OS - No longer a dark and mysterious process, computer forensics have been significantly on the scene for more than five years now. Despite this, they have only recently gained the notoriety they deserve.

    [ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]


    Take advantage of our Linux Security discussion list!  This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

    Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

    Icon Host SecurityHost Security News:

    August 15th, 2003 -- NIST Security Certification and Accreditation Project -- The second public draft of NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems (.pdf file), has been completed and is available for public comment. This document is one of a series of security standards and guidelines being developed by NIST's Computer Security Division in response to the Federal Information Security Management Act of 2002.

    August 14th, 2003 -- Detecting and Understading Rootkits -- Well, well, well. You have installed the latest Linux distribution and stopped all unnecessary services. You also set-up a set of Netfilter rules that would make the Pentagon Sec urity Department envy you. You drool with delight. But.

    August 11th, 2003 -- 2.6 Kernel Cures Some Security Shortcomings -- The technology exists today to create and manage reasonably secure environments for Linux enterprises. In the hands of a competent administrator, Linux is roughly as secu re as the other operating systems. That's not to say that improvements aren't needed. [In] the next version of the kernel, we'll have significant security enhancements, particularly in the area of policies. So enterprise Linux security continues to improv e.

    August 11th, 2003 -- Winning the War on Spam: Comparison of Bayesian SPAM Filters -- Spam e-mail has become an ever increasing problem, and these days it is next to impossible to use e-mail without receiving it in large amounts. Various t echniques exits to combat the problem; keyword-based filters, source blacklists, signature blacklists, source verification and combinations of these to name a few.

    Icon Network SecurityNetwork Security News:

    August 15th, 2003 -- Wireless Networking -- How about a project that combines hardware construction, community building, network hacking and, of course, Linux and other free software? Best of all, the stuff you need to get started is cheap and standardized, and there's a great balance of helpful resources and unanswered questions. We're talking about wireless networks.

    August 14th, 2003 -- Keeping Out The Intruders -- A recent report from research group Gartner, Inc. caused a ruckus in the intrusion detection/intrusion prevention system market. In the Information Security Hype Cycle, Richard Stiennon, r esearch vice president for Gartner, concluded that IDSs has failed to offer up any value to companies relative to their associated costs, and would fall away by 2005.

    August 14th, 2003 -- Making the Right Connection -- Choosing the ideal virtual private network is difficult enough for enterprise buyers, without the decision being complicated by rumblings that up-and-coming secure socket layer (SSL) VPN s will quickly overtake, and maybe replace, traditional internet protocal security virtual private networks (IPsec VPNs).

    August 13th, 2003 -- Honeypot Farms -- For the past six months this series of papers has covered a breadth of honeypot topics. We have covered everything from what honeypots are, their value and different types, to common misconceptions a nd legal issues. However, one thing we have yet to discuss is deployment. How can you deploy honeypots in your environment?

    August 13th, 2003 -- How Secure Is Your SAN -- With all they've got to worry about these days, most IT executives don't lose a lot of sleep over whether the data stored on their companies' tape and disk devices is secure. Most have come t o believe that data, particularly mission-critical data residing in the corporate data center, is capably guarded by the usual protections such as firewalls, user authentication, and intrusion-detection systems.

    Icon GeneralGeneral News:

    August 15th, 2003 -- Spam fuels boom in secure content market -- IDC predicts that anti-spam products will be a key driver for the secure content management (SCM) software market which it expects to grow by 19 per cent a year to reach $6.4 billion in 2007.

    August 15th, 2003 -- Recovery firms respond to blackout -- Thursday's power outage in the eastern United States led some companies to invoke their disaster-recovery services. But many businesses that have contracts with disaster-recovery providers appeared not to lose their data or applications, thanks to onsite power generators. SunGard, which has about 7,000 disaster-recovery clients in North America, said about 30 customers activated their service Thursday.

    August 13th, 2003 -- Advanced Encryption Standard by Example -- The following document provides a detailed and easy to understand explanation of the implementation of the AES (RIJNDAEL) encryption algorithm. The purpose of this paper is t o give developers with little or no knowledge of cryptography the ability to implement AES.

    August 12th, 2003 -- Research Suggests New Way To Can Spam -- Internet Service Providers (ISPs) should lower their monthly fees if they permit spam to reach their paying customers, say researchers at the University of Missouri in Columbia (UMC). In the brave new world of lower access fees in exchange for spam, satisfied consumers would pay less for Internet service, claim UMC associate professor of journalism Clyde Bentley and doctoral student Anca Micu.


    Mail Ad


    INTRODUCING: Secure Mail Suite from Guardian DigitalUnparalleled E-Mail Security. Secure Mail Suite is the most Dynamic, Rigorous Protection for Your Email System on the market today. It Clobbers Spam. Detects and Disables Viruses. And its Killer Firewall Keeps Your Data -- and Your System and Safe and Secure. All in an Easy-to-Manage Application that's Simple to Administer and Maintain.

    Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security. It's based on Open-Source Engineering, so it's constantly Improving. And with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard for You -- for Many Reliable Years. Secure Mail Suite. Sweet! From the First Name in Open-Source Security. Guardian Digital.




    LinuxSecurity Poll

    What is your favorite page/section?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"73","title":"News","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"74","title":"Advisories ","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]},{"id":"75","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"76","title":"Latest Features ","votes":"1","type":"x","order":"4","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.