Security News > 2003 > June > Linux Advisory Watch - June 20th 2003
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | June 20th, 2002 Volume 4, Number 24a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for apache2, webmin, mikmod, typespeed, noweb, jnethack, ethereal, lprng, gzip, man, kon2, ghostscript, cups, gzip, BitchX, Xpdf, kernel, and mgetty. The distributors include Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSe, and TurboLinux. Like last week, many of the advisories are fixes to older issues and minor problems. The Gentoo and Debian security teams were most active. Recently, there has been a lot of noise in the community about Gartner's latest report (Information Security Hype Cycle) suggesting that IDS technology fails to provide value relative to its costs and "will be obsolete by 2005." The report indicates that IDS' do not add an extra of security and they are a product of vendor puffery. Gartner's recommendation is to direct any budgeted IDS funds into better firewalls. "Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities." According to the research, IDS technology fails because the typical IT department does not have the resources to sift through all of the false positives and false negatives generated by normal traffic. If you've ever administered an IDS, I'm sure that you would agree with that. One conclusion that I have made over the past few years is that an IDS is not for the faint of heart. To reap benefit, a very skilled administrator is required and onethat has the ability to write custom signatures and configure in such a way that false positives/negatives can be minimized. Although this may be considered my topic, I feel compelled to mention it. No matter how many intrusion detection/prevention systems, firewalls, scanners, and applications are installed to improve security, systems will ultimately remain insecure until sysadmins start regularly patching vulnerabilities in a timely matter. I find it appalling that scriptkiddies are able to find an insecure application fingerprint, search on Google to find vulnerable hosts, then exploit it. Negligence is the greatest cause of problems today. I apologize for lecturing, it is the "don't care" mindset that frustrates me. The ironic part about all of this is that if you're reading this, you probably agree with me and your systems are up-to-date. Education and awareness are very important. One must realize that there is no magic bullet. Until next time, Benjamin D. Thomas ben () linuxsecurity com