This week, perhaps the most interesting articles include "Perspectives Extension Improves HTTPS Security," "Quantum Cryptography: As Awesome As It Is Pointless," and "Let PAM Take Care of GNU/Linux Security for You."

Earn your MS in Info Assurance online

Norwich University's Master of Science in Information Assurance (MSIA) program, designated by the National Security Agency as providing academically excellent education in Information Assurance, provides you with the skills to manage and lead an organization-wide information security program and the tools to fluently communicate the intricacies of information security at an executive level. Learn more

LinuxSecurity.com Feature Extras:

Never Installed a Firewall on Ubuntu? Try Firestarter - When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing.

Read on for more information on Firestarter.

Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

EnGarde Secure Community 3.0.21 Now Available (Oct 7)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.21 (Version 3.0, Release 21). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Virtualization--The Next Frontier For Hackers? (Oct 21)

Virtualization, with its rapid pace of adoption, is becoming a frontier for attackers, but not all businesses are aware of, or act on the risks adequately, according to market observers. Graham Titterington, principal analyst at Ovum, told ZDNet Asia in an e-mail interview that with the increasing prominence of virtualization, threats to virtual machines (VMs) are becoming more significant.

With any new technology attackers are going to try compromise it, this is true with virtualization. What do you think will it create new security risks?
MITM attacks - Do They Really Happen? (Oct 20)

The man-in-the-middle (MITM) attack is the attempt by an attacker to implant himself between the client (browser, mail client, IM client) and a server serving some web page or other content. The attacker receives all requests and responses to and from the server, reads the content and passes it along to either side.

Do you think we need to educate the users about Digital Certificates of web browsers? This article reviews the MITM attacks and how it should be prevented if it really happen. Read on for more information.

news/network-security/mitm-attacks-do-they-really-happen
Perspectives Extension Improves HTTPS Security (Oct 20)

Ah, cryptographic security: a boon to those who understand the algorithms, but all too often a lost cause to those who don't. The secure HTTPS protocol for Web surfing is widely accepted, but has one fatal flaw: users ignore certificate error warnings. A Firefox extension called Perspectives aims to close that security hole.

What do you think about the Firefox extension called Perpsectives? I find it to report to many fail negatives.

news/network-security/perspectives-extension-improves-https-security
Quantum Cryptography: As Awesome As It Is Pointless (Oct 17)

The idea behind quantum crypto is that two people communicating using a quantum channel can be absolutely sure no one is eavesdropping. Heisenberg's uncertainty principle requires anyone measuring a quantum system to disturb it, and that disturbance alerts legitimate users as to the eavesdropper's presence. No disturbance, no eavesdropper -- period.

Do you think Quantum Cryptography has any future? This article reviews cryptography, analyzing its past and future. Read on for more information...

news/cryptography/quantum-cryptography-as-awesome-as-it-is-pointless
Ajax Validation With Struts 2 (Oct 17)

Support for Ajax and JavaScript takes the pain out of Web-form validation. Writing code to validate Web-form input can be even more of a chore than implementing form-processing logic. But help is at hand, thanks to the Struts 2 framework. Oleg Mikheev looks under the hood of the Struts 2 validation mechanism and shows you how its Java, JavaScript, and Ajax support can take the pain out of Web-form validation.

Do you take the time to validate your Ajax applications? This ariticle looks at way you can use the Struts 2 Framework to help.
Firewalk - Firewall Ruleset Testing Tool (Oct 16)

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response.

Do you need to test your firewall? This article look at the firewall rulset testing tool called Firwalk. Test it how and let us know what you think?

news/firewall/firewalk-firewall-ruleset-testing-tool
Let PAM Take Care of GNU/Linux Security for You (Oct 15)

When they hear the word PAM, most people think of a certain blonde Canadian Playmate, but readers of this Web site surely will recognize the basic element of Linux security: the Pluggable Authentication Modules. So let's talk about how this PAM works, and look at some examples of how it is used.

Do you know how to use Pluggable Authentication Modules (PAM) to provide security for applications running on your Linux box? Find out in this informative guide to PAM which gives you the basics.
SELinux and Security Changes in the 2.6.27 Kernel (Oct 15)

This patch by Stephen Smalley addresses the case where "alien" SELinux security labels need to be written to the local filesystem, for example, in the case of building RPMs where the local policy is different to the policy on the system where the RPM is to be installed. This will help with enabling SELinux on build systems (e.g. in the Fedora infrastructure) and more generally with packagers and ISVs shipping third party policy with RPMS.

In the recently released 2.6.27 kernel there are some functional changes in security particularly in SELinux. This article looks at those changes.
Apache and Setting Up SSL (Oct 14)

The self-signed certificate is a certificate that you can create yourself that will provide SSL encryption but without the verification of your website from an outside source. The outside verification does cost money. In other words, you can get the protection you need, encryption by doing it yourself. One thing to note, if you are taking people's credit card information then you will need to get a signed certificate as a warning appears when you are using self-signed certificates.

Have you every wanted to make your website more secure by using SSL? This article will show you everything you need to setup your own SSL Apache server.

news/server-security/apache-and-setting-up-ssl
Security Scans with OpenVAS (Oct 13)

As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. You need a way to both automate tests and make sure you're running the most appropriate and up-to-date tests. Open Vulnerability Assessment System (OpenVAS) is a network security scanner that includes a central server and a graphical front end.

Do you want to run network vulnerability tests (NVTs) to identify vulnerabilities in your network? Check out this open source client/server application which provides a graphical front-end for running automated NVTs written in Nessus Attack Scripting Language (NASL).

news/network-security/security-scans-with-openvas