This week, perhaps the most interesting articles include "Security Scans with OpenVAS," "Billy Hoffman On AJAX Security and Browser Attacks," and "Port Knocking Tool with Single Packet Authorization."

Earn your MS in Info Assurance online

Norwich University's Master of Science in Information Assurance (MSIA) program, designated by the National Security Agency as providing academically excellent education in Information Assurance, provides you with the skills to manage and lead an organization-wide information security program and the tools to fluently communicate the intricacies of information security at an executive level. Learn more

LinuxSecurity.com Feature Extras:

Never Installed a Firewall on Ubuntu? Try Firestarter - When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing.

Read on for more information on Firestarter.

Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

EnGarde Secure Community 3.0.21 Now Available (Oct 7)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.21 (Version 3.0, Release 21). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Security Scans with OpenVAS (Oct 13)

As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. You need a way to both automate tests and make sure you're running the most appropriate and up-to-date tests. Open Vulnerability Assessment System (OpenVAS) is a network security scanner that includes a central server and a graphical front end.

Do you want to run network vulnerability tests (NVTs) to identify vulnerabilities in your network? Check out this open source client/server application which provides a graphical front-end for running automated NVTs written in Nessus Attack Scripting Language (NASL).

news/network-security/security-scans-with-openvas
Billy Hoffman On AJAX Security and Browser Attacks (Oct 10)

As more and more computing moves to the Web, Web application security has become a high priority -- at least for users. In this interview, Executive Editor Dennis Fisher talks to Billy Hoffman, manager of Hewlett-Packard Co.'s Web Security Research Group, about the security features in Google Chrome, the lack of security training for Web developers and how JavaScript has become the favored tool of attackers.

This article is an interview with Billy Hoffman, manager of Hewlett-Packard Co.'s Web Security Research Group. Which he talks about how JavaScript has become the favored tool of attackers.

news/network-security/billy-hoffman-on-ajax-security-and-browser-attacks
Firefox Extension Blocks Dangerous Web attack (Oct 9)

A popular free security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security problems facing the Web today.

NoScript is a small application that integrates into Firefox. It blocks scripts in programming languages such as JavaScript and Java from executing on untrusted Web pages. The scripts could be used to launch an attack on a PC.

There are tons of security extensions for Firefox, this article looks at one that helps block dangerous web pages. What is your favorite Firefox security plug-in?

news/network-security/firefox-extension-blocks-dangerous-web-attack
Monitor Your Network With GroundWork Monitor Community Edition (Oct 8)

GroundWork Monitor Community Edition is a free edition of GroundWork Monitor Enterprise, a commercial open source network monitoring solution geared toward large enterprise customers. Free editions often have some limited functionality, but GroundWork Monitor Community Edition offers the visibility a small- to medium-sized network needs by harnessing the power of popular tools such as Nagios, MRTG, NeDi, Ganglia, Nmap, MySQL, and RRDtool.

Have you ever used an open source network monitoring tool to keep tabs on your network devices? Check out this free open source application which allows you to integrate popular network tools into a comprehensive network monitoring system.

news/network-security/monitor-your-network-with-groundwork-monitor-community-edition
Fwknop - Port Knocking Tool with Single Packet Authorization (Oct 8)

Port Knocking came about in around 2003, but it has various weaknesses. There are plenty of implentations though (some quite advanced). Most of the problems are fixed however by fwknop! fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports both iptables on Linux systems and ipfw on FreeBSD and Mac OS X systems) and libpcap.

Have you ever tested the port knocking software called "FireWall KNock OPerator? The interesting feature of it is that it only needs a single packet to get information on a host.

news/security-projects/fwknop-port-knocking-tool-with-single-packet-authorization
EnGarde Secure Community 3.0.21 Now Available (Oct 7)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.21 (Version 3.0, Release 21). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
NSA Shows The Way To Develop Secure Systems (Oct 7)

The Tokeneer project was commissioned by the NSA from Praxis High Integrity Systems as a demonstrator of high-assurance software engineering. Developed using Praxis' Correctness by Construction (CbyC) methodology it uses the SPARK Ada language and AdaCore's GNAT Pro environment. The project has demonstrated how to meet or exceed Evaluation Assurance Level (EAL) 5 in the Common Criteria thus demonstrating a path towards the highest levels of security assurance.

Have you heard the NSA has released their security research project called Tokeneer as open source? I found interesting about the project is that it uses the SPARK Ada programming language. What do you think about this project?

news/government/nsa-shows-the-way-to-develop-secure-systems
The Top 10 Security Land Mines (Oct 6)

Companies can actually worsen their risks by failing to take these commonsense approaches to security.Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable.

This is a list of common security risks computer user's should never do. Have you ever mistakenly done?