+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  January 26th, 2004                             Volume 5, Number 4n |
|                                                                     |
|  Editorial Team:  Dave Wreski             [EMAIL PROTECTED]    |
|                   Benjamin Thomas         [EMAIL PROTECTED]     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "An Introduction
To SQL Injection Attacks For Oracle Developers," "Linux as a Firewall
Foundation," "Problems and Challenges with Honeypots," and "Extrusion or
Intrusion."

>> Enterprise Security for the Small Business <<
Never before has a small business productivity solution been designed with
such robust security features.  Engineered with security as a main focus,
the Guardian Digital Internet Productivity Suite is the cost-effective
solution small businesses have been waiting for.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn07

---

LINUX ADVISORY WATCH:
This week, advisories were released for cvs, screen, kdepim, mc, tcpdump,
kernel, slocate, honeyd, isakmpd, and lftp. The distributors include
Conectiva, Debian, Guardian Digital EnGarde Secure Linux, Gentoo, OpenBSD,
Red Hat, Trustix, and Turbolinux.

http://www.linuxsecurity.com/articles/forums_article-8802.html

---

Managing Linux Security Effectively in 2004

This article examines the process of proper Linux security management in
2004.  First, a system should be hardened and patched.  Next, a security
routine should be established to ensure that all new vulnerabilities are
addressed.  Linux security should be treated as an evolving process.

http://www.linuxsecurity.com/feature_stories/feature_story-157.html

---

Guardian Digital Customers Protected From Linux Kernel Vulnerability As a
result of the planning and secure design of EnGarde Secure Linux, the
company's flagship product, Guardian Digital customers are securely
protected from a vulnerability that lead to the complete compromise of
several high-profile open source projects, including those belonging to
the Debian Project.

http://www.linuxsecurity.com/feature_stories/feature_story-155.html

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Security group warns of hole in Linux kernel
January 23rd, 2004

The kernel is the core of the Linux operating system and provides basic
services for all other parts of the operating system such as allocating
processor time for the programs running on the computer and managing the
system's memory or storage.

http://www.linuxsecurity.com/articles/host_security_article-8804.html


* An Introduction To SQL Injection Attacks For Oracle Developers
January 23rd, 2004

Most application developers underestimate the risk of SQL injection
attacks against web applications that use Oracle as the back-end database.
This paper is intended for application developers, database
administrators, and application auditors to highlight the risk of SQL
injection attacks and demonstrate why web applications may be vulnerable.

http://www.linuxsecurity.com/articles/server_security_article-8807.html

* Linux beefs up standards
January 20th, 2004

Red Hat corporate Linux distributors will next month introduce their
Enterprise Directory Services and Authentication course to Australia. By
all accounts, the skills it seeks to impart, in conjunction with others in
the Red Hat Certified Engineer (RHCE) program, are going to be in
increasing demand.

http://www.linuxsecurity.com/articles/general_article-8789.html


* Standardizing on Security
January 19th, 2004

Things that are created in an open fashion tend to be the best of breed.
They benefit from the entire world seeing them at their most basic level,
and parties collaborating to enhance them and make them better. Open
technology is an example of this.

http://www.linuxsecurity.com/articles/general_article-8781.html


+------------------------+
| Network Security News: |
+------------------------+

* Book Review: Designing Network Security - 2nd Edition
January 25th, 2004

This is a very good book. It provides a good foundation of basic universal
security practice and then goes into detail on how to implement network
security using Cisco hardware and software. No single aspect is covered in
exceptional depth- the book is meant to give a little information on the
whole range of security rather than mastering any one area of network
security.

http://www.linuxsecurity.com/articles/network_security_article-8808.html


* Security by Obscurity
January 23rd, 2004

A response by Bob Alberti, CISSP President of Sanction, Inc. to MSNBC's
report by Brock N. Meeks titled "Fort N.O.C.'s" [Network Operating
Center].  Ah yes, "Security by obscurity":  "Many people believe that
'security through obscurity' is flawed because... secrets are hard to
keep."

http://www.linuxsecurity.com/articles/general_article-8805.html


* Linux as a Firewall Foundation
January 23rd, 2004

For a few days in NYC, LinuxWorld is the center of the open source
universe.  In keeping with that spirit, we examine some AO member
recommendations on firewalls based on the open-source OS.  Whether it's
used to power complex datacenters or breathe new life into aging machines,
Linux has undoubtedly established itself as a formidable IT presence.

http://www.linuxsecurity.com/articles/firewalls_article-8801.html


* Wireless Security Basics
January 22nd, 2004

You've just bought a wireless router so you can use your laptop all over
the house.  You get it all setup and surprise, surprise it works. Now that
should be the end of it right? Wrong.  The default setup for wireless
networks is setup to get the network up and running but does nothing to
protect your network.

http://www.linuxsecurity.com/articles/network_security_article-8796.html


* Extrusion or Intrusion - which is the real threat?
January 20th, 2004

In the hit-parade of security technology buzz words, Anti-virus and IDS
(Intrusion Detection Systems) are in the top 5.  After all, there are a
lot of bad guys out there writing worms and trying to break in.

http://www.linuxsecurity.com/articles/intrusion_detection_article-8783.html


* Problems and Challenges with Honeypots
January 20th, 2004

For the past 18 months we have seen a tremendous growth in honeypot
technologies. Everything from OpenSource solutions such as Honeyd and
Honeynets, to commercial offerings such as KFSensor are commonly
available. However, as with any relatively new technology, there are still
many challenges and problems. In this paper we take an overview of what
several of these problems are, and look at possible approaches on how to
solve them.

http://www.linuxsecurity.com/articles/intrusion_detection_article-8788.html



+------------------------+
| General Security News: |
+------------------------+

* How to hit an elliptic curveball
January 23rd, 2004

It was at the end of an IT security event hosted by the Canadian Advanced
Technology Alliance last October that someone called to Ian McKinnon from
the back of the room. His cheeks flushed and eyes beaming, he approached
somewhat awkwardly, nervously, as though he was slightly out of breath.

http://www.linuxsecurity.com/articles/cryptography_article-8806.html


* Code That Can't Be Cracked
January 21st, 2004

Want to win a million bucks and a high-paying job for life?  That's what
Mississauga-based Certicom Corp. is offering anyone who can crack the code
to its products and patents surrounding Elliptic Curve Cryptology (ECC) --
a combination of algebra and algorithms that ensure everything from
cellphone chatter to wireless e-mail sent and received on an
Internet-enabled phone or a Blackberry PDA can't be hacked.

http://www.linuxsecurity.com/articles/cryptography_article-8791.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email [EMAIL PROTECTED]
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn'
in the BODY of the mail.

Reply via email to