General Esm W900
This week, perhaps the most interesting articles include "Transfer Files Securely With SFTP," "Armor SSH and Block Brute Force Attacks," and "."


Vyatta - Linux-based Router, Firewall & VPN - Vyatta software and appliances combine the features, performance and reliability of enterprise networking gear with the cost-savings and flexibility of open-source solutions. Vyatta empowers you to replace overpriced proprietary router, firewall and VPN equipment with commercially supported open-source solutions.

Download Free Vyatta Software


LinuxSecurity.com Feature Extras:

Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.

Security on your mind?

Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.

Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


Encrypt and Sign Gmail Messages With FireGPG
4th, June, 2007

Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.

news/cryptography/encrypt-and-sign-gmail-messages-with-firegpg
FreeBSD Project Integrates Support for the Camellia Block Cipher
9th, June, 2007

The Camellia Block Cipher is a new encryption algorithm which was developed by NTT and has been specified in several Internet RFCs as well as being one of the approved encryption methods to be used by the European Union.

Developers on the FreeBSD project worked with researchers from NTT to integrate their code, under a BSD license, into the CURRENT branch of FreeBSD, which will become the 7.0 release in the near future.

news/cryptography/freebsd-project-integrates-support-for-the-camellia-block-cipher
Transfer Files Securely With SFTP
4th, June, 2007

File Transfer Protocol (FTP) was once the most widely used protocol for transferring files between computers. However, because FTP sends authentication information and file contents over the wire unencrypted, it's not a secure way to communicate. Secure Copy (SCP) and the more robust SSH File Transfer Protocol (SFTP) address this security concern by providing data transfer over a fully encrypted channel. You can use these alternatives for transferring files securely over the Internet or any other untrusted network.

news/network-security/transfer-files-securely-with-sftp
Armor SSH and Block Brute Force Attacks
5th, June, 2007

OpenSSH is a good stout application; it's battle-tested and reliable. You can lock it down even further with a few simple tweaks. Best of all, these cause little or no inconvenience after they are set up. The first thing you should do is create some access controls that allow only authorized users to login.

news/network-security/armor-ssh-and-block-brute-force-attacks
SSL and IPsec - An Overview
8th, June, 2007

This is a short run down of the two popular security protocols of the Internet. Some familiarity with the basics is assumed. In short, SSL requires applications to be modified as it operates above the TCP layer and this happens in user space in linux and other OSes. Whereas IPsec works seamlessly no matter what application and what protocol the application uses. ICMP traffic, UDP traffic and TCP all are protected by IPsec without the user or application developer worrying about it.

news/network-security/ssl-and-ipsec-an-overview
Google: Attack code more likely on Microsoft IIS
6th, June, 2007

Web sites running Microsoft Corp.'s Web server software are twice as likely to be hosting malicious code as other Web sites, according to research from Google Inc. Last month, Google's Anti-Malware team looked at 70,000 domains that were either distributing malware or hosting attack code. "Compared to our sample of servers across the Internet, Microsoft IIS features twice as often as a malware-distributing server," wrote Google's Nagendra Modadugu, in a Tuesday blog posting.

news/server-security/google-attack-code-more-likely-on-microsoft-iis
How To Block Spam Before It Enters The Server (Postfix)
7th, June, 2007

The last few weeks have seen a dramatic increase in spam (once again). Estimates say that spam makes now up for 80 - 90% of all emails, and many mail servers have difficulties in managing the additional load caused by the latest spam, and spam filters such as SpamAssassin do not recognize large parts of that spam as they did before. Fortunately, we can block a big amount of that spam at the MTA level, for example by using blacklists, running tests on the sender and recipient domains, etc.

news/server-security/how-to-block-spam-before-it-enters-the-server-postfix-32066
With RHEL 5, Red Hat goes to bat for SELinux
6th, June, 2007

IT managers that want to secure their Linux environments and keep things running smoothly have a very powerful tool at their disposal: Security Enhanced Linux, or SELinux, an implementation of mandatory access controls originally developed by the National Security Agency (NSA) and integrated in to most mainstream Linux distributions.

news/security-projects/with-rhel-5-red-hat-goes-to-bat-for-selinux
Organizations Inadequately Secure Sensitive Data
5th, June, 2007

The results of a Ponemon Institute survey underscore the serious challenges organizations face in securing sensitive data. With more than 150 million data records exposed in the past two years, the survey also highlights an organizational disconnect between the realization of the threat and the urgency in addressing it.

Hackers use evasive manuevering to escape detection
5th, June, 2007

Hackers trying to host malicious code on otherwise innocent websites are using increasingly sophisticated techniques to avoid detection. Once hackers have subverted a Web site, it is in their interests to minimize the malicious code's window of exposure to help prevent detection and subsequent blocking by security software, according to a research paper produced by Finjan, the web security vendor.

How To Block Spam Before It Enters The Server (Postfix)
5th, June, 2007

The last few weeks have seen a dramatic increase in spam (once again). Estimates say that spam makes now up for 80 - 90% of all emails, and many mail servers have difficulties in managing the additional load caused by the latest spam, and spam filters such as SpamAssassin do not recognize large parts of that spam as they did before. Fortunately, we can block a big amount of that spam at the MTA level, for example by using blacklists, running tests on the sender and recipient domains, etc. An additional benefit of doing this is that it lowers the load on the mail servers because the (resource-hungry) spamfilters have to look at less emails.

news/server-security/how-to-block-spam-before-it-enters-the-server-postfix-32066
Security Study: Employees Take Unnecessary Risks
6th, June, 2007

The study surveyed 1000 mobile and desktop employees across five countries