[ISN] Linux Security Week - April 5th 2004

InfoSec News isn at c4i.org
Tue Apr 6 10:08:09 EDT 2004


+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  April 5th, 2004                               Volume 5, Number 14n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "File And Email
Encryption With GnuPG," "The Layered Approach to Security is Dead," and
"Protecting yourself against mini-DDoS attacks."

----

>> NEW Step-by-Step SSL Guide for Apache from Thawte <<

Thawte's new guide will show you how to test, purchase, install and use a
Thawte Digital Certificate on your Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.

http://ad.doubleclick.net/clk;7739216;9007465;r

----

LINUX ADVISORY WATCH:
This week, advisories were released for mc, openssl, ethereal, libxml2,
emil, Linux kernel, apache, UUDeview, courier, oftpd, fetchmail, squid,
OpenLDAP, mplayer, Mozilla, and apache. The distributors include
Conectiva, Debian, FreeBSD, Gentoo, Mandrake, Red Hat, Trustix, and
Turbolinux.

http://www.linuxsecurity.com/articles/forums_article-9129.html


Interview with Siem Korteweg: System Configuration Collector

In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.

http://www.linuxsecurity.com/feature_stories/feature_story-162.html

----

>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digitals
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the
network.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04

--------------------------------------------------------------------

Security: MySQL and PHP

This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one
has to abide by the following guidelines.

http://www.linuxsecurity.com/feature_stories/feature_story-130.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+


* File And Email Encryption With GnuPG (PGP)
April 5th, 2004

File and mail security is easy to achieve with the right tools. PGP has
proven itself the leader, and GnuPG is the tool of choice in the Linux
world.

http://www.linuxsecurity.com/articles/cryptography_article-9134.html


* Security Enhanced Linux
March 31st, 2004

Operating system security is (or at least should be) of critical
importance to us all.  However, the varying levels of security required
differ for each systems administrator.

http://www.linuxsecurity.com/articles/host_security_article-9114.html


* Back to Linux Basics With Debian GNU/Linux
March 31st, 2004

Debian GNU/Linux: Reliable, solid, and free infrastructure server. As the
bigger guns in the enterprise Linux space move to commercialize their
software as much as possible, the Debian project continues to provide a
Linux distribution that offers organizations the sort of commodity
infrastructure for which Linux was originally known.

http://www.linuxsecurity.com/articles/vendors_products_article-9119.html


* Serve up your Next Presentation
March 29th, 2004

You'll notice that I haven't said much about security.  With small
audiences in isolated locations you may not need much security at all.
If you are doing a weekend retreat way out in the woods (using portable
generators, maybe) with nobody else around for miles, you probably can get
by with just knowing your audience members and watching what they are
doing when your Web server is up and running.

http://www.linuxsecurity.com/articles/general_article-9103.html


+------------------------+
| Network Security News: |
+------------------------+

* Announcing the Fourth WorldWide WarDrive (WWWD)
April 2nd, 2004

The WorldWide WarDrive is an effort by security professionals and
hobbyists to generate awareness of the need by individual users and
companies to secure their access points. The goal of the WorldWide
WarDrive (or WWWD) is to provide a statistical analysis of the many access
points that are currently deployed.

http://www.linuxsecurity.com/articles/organizations_events_article-9127.html


* The Layered Approach to Security is Dead... Long Live Layered
Security
April 1st, 2004

Life isn't the same as it used to be, the good old days of leaving your
door unlocked are gone, never to return. Business isn't the same either.
IT has brought into the workplace, organisational and cultural challenges.

http://www.linuxsecurity.com/articles/general_article-9126.html


* Protecting yourself against mini-DDoS attacks
March 30th, 2004

These are distributed denial of service attacks small enough to fly below
the security radars of ISPs and law enforcement agencies, but potent
enough to shut down cable or DSL modems connections. As evidenced by my
inability to do anything about an attack on my connection (which I use to
get my job done, but is shared with other family members for personal
use), the perpetrators can wreak havoc without fear of reprisals.

http://www.linuxsecurity.com/articles/network_security_article-9108.html


+------------------------+
| General Security News: |
+------------------------+

* Forrester questions Linux security
April 5th, 2004

A new study from Forrester Research has concluded that the Linux operating
system is not necessarily more secure than Windows. The report finds that
on average, Linux distributors took longer than Microsoft to patch
security holes, although Microsoft flaws tended to be more severe.

http://www.linuxsecurity.com/articles/host_security_article-9133.html


* Task force urges security collaboration
April 2nd, 2004

Improving software security will demand a concerted effort from
government, industry and higher education, said members of a national task
force on software development in a report released today.

http://www.linuxsecurity.com/articles/general_article-9130.html


* Human Nature vs. Security
March 31st, 2004

If you're asked to picture security for a house, the image that might jump
to mind is of that pimply faced kid who comes around every few months with
promises of free-installation of an alarm system or 6 months of free
monitoring.

http://www.linuxsecurity.com/articles/general_article-9117.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list