+---------------------------------------------------------------------+ | LinuxSecurity.com Linux Security Week | | September 4, 2000 Volume 1, Number 18n | | | | Editorial Team: Dave Wreski dave@linuxsecurity.com | | Benjamin Thomas ben@linuxsecurity.com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. Security advisories can now be found in our new publication, "Linux Advisory Watch," distributed on Friday mornings. We hope that this change in format makes focusing on patching system vulnerabilities easier. If you were a subscriber of this newsletter prior to 09/01/00, you have automatically been included as a member of the new advisory list. Advisories: http://www.linuxsecurity.com/advisories.html Our feature this week, "Setting up a Linux Log Server to enhance System Security," provides clear step-by-step information on how to setup a log server. The article covers topics ranging from configuring /etc/syslogd.conf to adding firewall rules. It complements last weeks article, "A Complete Reference Guide to Creating a Remote Log Server." This article will prove to be very helpful. http://www.linuxsecurity.com/feature_stories/feature_story-65.html Our sponsor this week is WebTrends. Their Security Analyzer has the most vulnerability tests available for Red Hat & VA Linux. It uses advanced agent-based technology, enabling you to scan your Linux servers from your Windows NT/2000 console and protect them against potential threats. Now with over 1,000 tests available. http://www.webtrends.com/redirect/linuxsecurity1.htm HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Intrusion Detection Level Analysis of Nmap and Queso August 31st, 2000 The purpose of this paper is to help Intrusion detection analysts and firewall administrators identify NMAP & QUESO scans. This paper will provide bit level analysis in detecting NMAP and QUESO scans. This type of analysis is vital for individuals who are performing firewall administration and need to understand more details relating to these scanners and the scans they perform. http://www.linuxsecurity.com/articles/intrusion_detection_article-1471.html * PAM - Pluggable Authentication Modules August 31st, 2000 PAM (Pluggable Authentication Modules) provides the backbone of most authentication in modern Linux systems (and can be implemented in others, such as Solaris), yet it is typically ignored and woefully under-utilized. Anytime you log into a modern Linux system, whether via telnet, ssh, pop, ftp, and so on, you are using PAM to process the authentication request. http://www.linuxsecurity.com/articles/host_security_article-1474.html * Anyone with a Screwdriver Can Break In! August 28th, 2000 This article will discuss the second weakest layer of computer security, Physical Security1. As we'll see, any attacker with physical access to a computer, a little ingenuity, and sufficient time can compromise the system. By way of example, I'll demonstrate attack and defense on a Red Hat Linux box and show how you might slow down, or even prevent, these kinds of attacks. You don't need a Linux machine, or even technical responsibility, for this article to be useful. http://www.linuxsecurity.com/articles/general_article-1444.html +------------------------+ | Network Security News: | +------------------------+ * Inexpensive measures to solve security problems September 1st, 2000 Computer security is difficult to achieve. It requires constant vigilance, and it involves inconvenience. Sometimes, expensive products are offered that are claimed to solve your security problems with no problems, and they do not deliver. However, there are a number of inexpensive measures that would seem to solve a lot of security problems that aren't being used. http://www.linuxsecurity.com/articles/network_security_article-1480.html * Attacking Linux August 30th, 2000 Network scanning, password grabbing, trojaned software -- all are the bane of the righteous sysadmin. Craig Ozancin reveals how to beef up network security and ward off attackers at the LinuxWorld Expo, as reported by Rick Moen. http://www.linuxsecurity.com/articles/hackscracks_article-1468.html * Firewalls - Placement August 29th, 2000 Security is no good if it isn't in the right place. Think about a modern office building - where are the doors with locks? The lobby doors can always be locked, and usually the doors on each floor have locks as well. If only the office doors had locks, the building would be less secure. More security guards would be needed to make sure no one is trying to force a door. http://www.linuxsecurity.com/articles/firewalls_article-1460.html +--------------------+ | Cryptography News: | +--------------------+ * The Emotional Side of Cryptography August 31st, 2000 Encrypting data before storage or transmission involves a bit of extra work. This often means that people who ought to be using encryption, instead of relying on the assumption that their data will not be intercepted, fail to do so. But it is also true that some of the people who use encryption are keenly aware of the importance of keeping their information secret. http://www.linuxsecurity.com/articles/cryptography_article-1473.html * Ain't no network strong enough August 31st, 2000 Master cryptographer Bruce Schneier's "Secrets and Lies" explains why computer security is an oxymoron. Bruce Schneier, master cryptographer and idol of the computer underground, targets those short-attention-spanners in his latest book, "Secrets and Lies: Digital Security in a Networked World." Aiming straight for the vaunted "general audience," he peppers the 400-plus pages with Yogi Berra quotes, analogies drawn from "Star Wars" and trivia tidbits from Greek mythology. http://www.linuxsecurity.com/articles/cryptography_article-1476.html * Encryption Could Starve Carnivore August 28th, 2000 Even as the FBI slowly releases details of its Carnivore e-mail wiretap technology, software developers are readying schemes to starve Carnivore of meaningful data. ChainMail and Sigaba are among the companies promoting encryption technology designed to render any captured e-mail meaningless to third parties. http://www.linuxsecurity.com/articles/cryptography_article-1453.html * The next era for Internet security August 28th, 2000 Security insiders have had the date circled on their calendars for years. What's going to happen when RSA's encryption and decryption patents expire next month? A milestone in the history of technology is set to occur next month when RSA Security Inc. patents, fundamental to most Internet security, expire. http://www.linuxsecurity.com/articles/general_article-1451.html +----------------------------+ | Vendor/Product/Tools News: | +----------------------------+ * Review of Debian 2.2 Security August 30th, 2000 I wanted to write a really positive article about Debian 2.2, which was just released a few weeks ago. Unfortunately, I can't. While Debian itself is a reasonably well-done Linux distribution, it has some major security issues. http://www.linuxsecurity.com/articles/host_security_article-1465.html * Justice shops for Carnivore review August 28th, 2000 The Justice Department has officially begun shopping for a university to conduct an independent technical review of Carnivore, the e-mail bugging system. The request for proposals was posted on the department's World Wide Web site Aug. 23, and Attorney General Janet Reno said proposals are due Sept. 6. http://www.linuxsecurity.com/articles/government_article-1448.html +---------------+ | General News: | +---------------+ * ICMP Usage in Scanning version 2.0 September 3rd, 2000 The Internet Control Message Protocol is one of the debate full protocols in the TCP/IP protocol suite regarding its security hazards. There is no consent between the experts in charge for securing Internet networks (Firewall Administrators, Network Administrators, System Administrators, Security Officers, etc.) regarding the actions that should be taken to secure their network infrastructure in order to prevent those risks. In this paper Ofir Arkin has tried to outline what can be done with the ICMP protocol regarding scanning. http://www.linuxsecurity.com/articles/documentation_article-1485.html * Justice shops for Carnivore review September 1st, 2000 Since the public learned of Carnivore in early July, members of Congress, privacy advocates and civil liberties organizations have expressed serious concerns over its use and potential for abuse. The request for proposals notes some of the concerns, including that the system could provide investigators with more information than legally allowed by a court order or be used for unlawful invasions of privacy. http://www.linuxsecurity.com/articles/privacy_article-1478.html * Interview with Lance Spitzner September 1st, 2000 Lance is a former officer in the Army's Rapid Deployment Force, and the author of numerous Whitepapers on computer security. In his own words: "I'm a geek who constantly plays with computers, especially network security. I love security because it is a constantly changing environment, your job is to do battle with the bad guys." http://www.linuxsecurity.com/articles/forums_article-1481.html * To Tell, or Not to Tell? August 30th, 2000 Some "bug hunters" who uncover security flaws in computer software and rush to issue public warnings may be helping hackers more than consumers, industry officials worry. It's a thorny issue that divides security specialists. Many argue that fast, full disclosure of a vulnerability alerts computer users to take precautions and pushes software makers to provide a quick solution. http://www.linuxsecurity.com/articles/hackscracks_article-1469.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV@SecurityFocus.com with a message body of "SIGNOFF ISN".