Security News > 2002 > May > Linux Security Week - May 6th 2002
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 6th, 2002 Volume 3, Number 18n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Honeynet Project: The Reverse Challenge," "Network Forensics: Tapping the Internet," "Building an IDS Solution Using Snort," and "How a Virtual Private Network Works." * SECURE YOUR APACHE SERVERS WITH 128-BIT SSL ENCRYPTION * Guarantee transmitted data integrity, secure all communication sessions and more with SSL encryption from Thawte- a leading global certificate provider for the Open Source community. Learn more in our FREE GUIDE--click here to get it now: --> http://www.gothawte.com/rd253.html This week, advisories were released for fileutils, imlib, sudo, webalizer, openssh, squid, docbook, modpython, nautilis, and radiusd-cistron. The vendors include Caldera, Conectiva, EnGarde, Red Hat, SuSE, and Trustix. http://www.linuxsecurity.com/articles/forums_article-4921.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Honeynet Project: The Reverse Challenge May 2nd, 2002 The Reverse Challenge is an effort to allow incident handlers around the world to all look at the same binary -- a unique tool captured in the wild -- and to see who can dig the most out of that system and communicate what they've found in a concise manner. http://www.linuxsecurity.com/articles/intrusion_detection_article-4917.html * Challenging the Man-in-the-Middle May 1st, 2002 When logging in, several users reported seeing themselves already logged in from strange locations or running funny processes. Most of these folks are generally security-conscious, use strong passwords, and don't fall for the standard social engineering tricks. http://www.linuxsecurity.com/articles/cryptography_article-4902.html * Network Forensics: Tapping the Internet April 29th, 2002 Methods of archiving network data for forensic analysis. "Another approach to monitoring is to examine all of the traffic that moves over the network, but only record information deemed worthy of further analysis. The primary advantage of this approach is that computers can monitor far more information than they can archive -- memory is faster than disk. http://www.linuxsecurity.com/articles/intrusion_detection_article-4895.html +------------------------+ | Network Security News: | +------------------------+ * When Hackers Attack May 5th, 2002 What does it take to work in computer security? Beyond the basic math, science, and analytical skills, "you need tremendous patience and persistence--and you need to not have to sleep much," says Chet Hosmer, cofounder and chief executive officer of Wetstone Technologies Inc. ( http://www.linuxsecurity.com/articles/hackscracks_article-4927.html * How a Virtual Private Network Works May 3rd, 2002 For years, voice, data, and just about all software-defined network services were called "virtual private networks" by the telephone companies. The current generation of VPNs, however, is a more advanced combination of tunneling, encryption, authentication and access control technologies and services used to carry traffic over the Internet, a managed IP network or a provider's backbone. http://www.linuxsecurity.com/articles/network_security_article-4924.html * Good firewalls make good policy May 3rd, 2002 A well-designed computer network, like well-designed policy in a federation like Canada, depends on good firewalls. In a computer network, a good firewall alerts users to potential harmful interactions between the computer and the local network, and also between the local network and the Internet. http://www.linuxsecurity.com/articles/firewalls_article-4925.html * TCP/ IP and tcpdump Flyer (PDF) May 1st, 2002 Sans has provided a TCP/IP and tcpdump flyer guide. http://www.linuxsecurity.com/articles/network_security_article-4904.html * Building an IDS Solution Using Snort April 29th, 2002 This document provides a step-by-step guide to building an intrusion detection system using open-source software. The process involves Installing RedHat Linux 7.1, Compiling/Installing and configuration of MySql/Apache/ACID/Snort, Setup of Snort rules f Hardening of Machine The document assumes a basic level understanding of linux and computer technologies. http://www.linuxsecurity.com/articles/intrusion_detection_article-4893.html +------------------------+ | Vendor/Products: | +------------------------+ * Biometric Security Not Quite Ready to Replace Passwords May 2nd, 2002 Biometrics vendors are doing their best to supplant passwords as the chief form of computer security, but Government Computer News Lab tests indicate that many of their products are not quite ready. Some developers have continued to improve already good devices, but others need to go back to the drawing board. http://www.linuxsecurity.com/articles/vendors_products_article-4910.html +------------------------+ | General: | +------------------------+ * The Art of Misusing Technology May 3rd, 2002 Hacking has been described as a crime, a compulsion, an often troublesome end result of insatiable curiosity run amok. Rarely has anyone who is not a hacker attempted to portray the creation, exploration. http://www.linuxsecurity.com/articles/hackscracks_article-4922.html * Network Forensics: Tapping the Internet May 2nd, 2002 During the Gulf War, computer hackers in Europe broke into a UNIX computer aboard a warship in the Persian Gulf. The hackers thought they were being tremendously clever -- and they were -- but they were also being watched. http://www.linuxsecurity.com/articles/server_security_article-4915.html * Interior security flagged again May 2nd, 2002 A month after getting permission to reconnect some of its sites to the Internet, the Interior Department's Minerals Management Service is back in the hot seat. MMS has once again caught the attention of court-appointed Special Master Alan Balaran for failing to protect individual American Indian trust data. http://www.linuxsecurity.com/articles/government_article-4913.html * Security Agents Head For Cybercrime School April 29th, 2002 Security agents from both sides of the Atlantic are being sent to school so they can trace and prosecute computer criminals. The FBI, U.S. Customs, the High Technology Crime Investigation Association, Europol and the U.K.'s National High-Tech Crime Unit are among the agencies that have sent staff to learn about cybercrime, fraud, hacking and software bugs, according to the company, Massachusetts-based QinetiQ Trusted Information Management. http://www.linuxsecurity.com/articles/government_article-4890.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.