[ISN] Linux Security Week - February 12th 2001 (fwd)

Dave Dittrich dittrich at cac.washington.edu
Mon Feb 12 07:18:31 PST 2001

---------- Forwarded message ----------
Date: Mon, 12 Feb 2001 00:48:25 -0500
Subject: [ISN] Linux Security Week - February 12th 2001
From: newsletter-admins at linuxsecurity.com


| LinuxSecurity.com Weekly Newsletter |

| February 12th, 2001 Volume 2, Number 7n |

| |

| Editorial Team: Dave Wreski dave at linuxsecurity.com |

| Benjamin Thomas ben at linuxsecurity.com |


Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security

This week, a few good network security related papers were released.
I would recommend reading, "Penetration Testing Exposed," "Traffic
analysis almost for free, part 2," and "Using IPSec for Remote
Administration on Linux Firewalls." If you are using Debian or
any similar Linux, you may want to read the "Securing Debian HOWTO."
If you are using FreeBSD, "Armoring FreeBSD" can be helpful.

In this FAQ, Paul answers some of the more frequently asked questions
surrounding the bind-members forum mailing list. There has been quite
a bit of controversy surrounding this action by the ISC. In this FAQ,
Paul talks about why it was formed, what the intentions of the ISC
are, and how he feels it will actually improve the level of security
of BIND.


This week, advisories were released for glibc, proftp, bind,
ja-xklock, ja-elvis, ja-helvis, dc20ctrl, mars_nwe, XEmacs, SSH1,
slocate, and the 2.2/2.4 kernel. The vendors include Caldera,
Conectiva, FreeBSD, Immunix, Red Hat, and TurboLinux.


** OpenDoc Publishing **

Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.


HTML Version available:


| Host Security News: | <<-----[ Articles This Week ]-----------------+


* Two Kernel Vulnerabilities [Updated]
February 10th, 2001

The recent outbreak of the worm known as Ramen poses a familiar
question: How can we keep worms and viruses from intruding on and
infecting our systems? The first thing to do, recommends Unix
Insider writer Dev Zaborav, is take some basic hardening and security
measures, and stop putting Linux servers on the Internet in a
default installation.


* Armoring FreeBSD
February 9th, 2001

This guide outlines the basics of FreeBSD security. It has
information on general security, using SSH2 key authentication,
keeping your source updated, using a firewall,and disabling services.
"With more and more script kiddies being born, we all need to learn a
few basic rules of protecting ourselves. This guide will outline the
basics of FreeBSD security, and works best with FreeBSD version 4.x.


* OpenWall Updates for 2.0 and 2.2 kernels
February 9th, 2001

The recent outbreak of the worm known as Ramen poses a familiar
question: How can we keep worms and viruses from intruding on and
infecting our systems? The first thing to do, recommends Unix
Insider writer Dev Zaborav, is take some basic hardening and security
measures, and stop putting Linux servers on the Internet in a
default installation.


* Security Issues in Perl Scripts
February 7th, 2001

Perl is one of the most widely used languages for writing interactive
applications on the Web, and Perl programs are widely used for
various system administration tasks. Applications that serve these
tasks must provide reliable access to security sensitive functions
and information, and at the same time ensure that no one is granted
access to data or functionality that was not intended for them.


* Securing Debian HOWTO Updated
February 5th, 2001

This document describes the process of securing and hardening the
default Debian installation. In addition this document just gives a
overview of what you can do to increase the security of your Debian
GNU/Linux installation. Many parts of this HOWTO can be transferred
to other distributions.



| Network Security News: |


* Penetration Testing Exposed
February 8th, 2001

Part three of our series on "Audits, Assessments & Tests (Oh, My)"
explores penetration testing, the controversial practice of
simulating real-world attacks by discovering and exploiting system
vulnerabilities. We are routinely deluged with news reports detailing
the exploits of attackers who have breached the security of some of
the world's most venerable institutions.


* Traffic analysis almost for free, part 2
February 8th, 2001

IPtraf is a console-based network monitoring utility for Linux (the
latest version, 2.3.1, is available for download). Written by Gerard
Paul Riker, IPtraf tops my list of easy-to use-network analysis
tools. IPtraf is distributed in a compressed tar format, and the
full source code is included. But don't worry, a ready-to-run
executable file is included in the distribution so you won't have to
spend time compiling this package.


* Using IPSec for Remote Administration on Linux Firewalls
February 7th, 2001

This August 2000 SANS article does a great job of describing
cost-effective methods for implementing IPSec using NIST Cerberus
IPSec Reference Implementation. "We experimented with different
approaches to provide a cost-effective method of remote logon
activities including SSH scripting and S/WAN IPSec implementation but
due to the private network we are using for our core business


* Case Study: Building a small-business VPN
February 6th, 2001

It was a common enough problem for a small business: AMT Asset
Management, a Marlboro, New Jersey-based brokerage with six
employees, needed a way to connect its Boca Raton, Florida office to
headquarters. The goal was to provide the smaller office access to
the Web-based securities-pricing information that amt was already
receiving at its New Jersey location.


* Attacking DoS Attacks
February 6th, 2001

To combat such attacks on routers, a new company called Arbor
Networks Inc.-funded by Cisco Systems Inc. (stock: CSCO) and Intel
Corp. (stock: INTC)-this week will launch a managed availability
service that aims to detect, trace, and block DoS attacks.



| Cryptography News: |


* AESCrypt: Rijndael encryption for shell scripts.
February 8th, 2001

How cool is this. "This is a program for encrypting/decrypting
streams of data using Rijndael and Cipher Block Feedback mode
(CFB-128). Encrypt/decrypt stdin using the Advanced Encryption
Standard winner "Rijndael" encryption algorithm in Cipher Block
Feedback (stream) mode.


* RSA: Rumors of crypto algorithm demise greatly exaggerated
February 7th, 2001

A Filipino math whiz claimed in newspaper reports this week that he
had discovered a faster way of decoding RSA's popular encryption
algorithm. If proven, the claim will have called into question the
validity of what has become, essentially, the de facto encryption
standard in the computer industry.


* An Overview of Cryptography in Java, Part 1: Random Numbers and
Cryptographic Security Providers
February 6th, 2001

The Java Cryptography Architecture is split into two different
packages, part lies within the JDK, while the other lies within the
Java Cryptology Extension. Sun had to split the architecture due to
US export laws which prohibits software encryption technology from
being released outside of the United States or Canada (certain types
of cryptographic software are considered "weapons" by the U.S.


* Pinoy who discovered new faster way of decoding RSA encryption
explains claim
February 5th, 2001

Mathematics enthusiast Leo de Velez who claims to have discovered a
faster way of decoding RSA encryption believes that his findings are
solid since nobody is still using his formula of 2^X = 1 mod N where
N is given as the public key, find X. Rivest noted that any
technique that can find a multiplicative inverse of e modulo
lambda(n) can be used to factor n.



| Vendors/Tools/Products: |


* RazorBack v0.1 - SNORT Intrusion Detection Front-End
February 6th, 2001

RazorBack is a log analysis program that interfaces with the SNORT
open source Intrusion Detection System to provide real time visual
notification when an intrusion signature has been detected on the
network. RazorBack is designed to work within the GNOME 1.2
framework on Unix platforms.



| General News: |


* How quickly should security flaws be made public?
February 11th, 2001

Indeed, many vendors, network administrators and security companies
adopt a policy of less-is-more when it comes to the question of how
much information to release to the public about a particular
software bug, exploit or attack.


* Don't be fooled: DCS1000 still a 'Carnivore' at heart
February 9th, 2001

The FBI has dressed its online wolf in sheep's clothing, changing the
name of its controversial e-mail surveillance system, known to this
point as Carnivore. Carnivore now goes by the less beastly moniker
of DCS1000, drawn from the work it does as a "digital collection


* Organizations need to adopt a security policy
February 8th, 2001

The extent of the challenge facing companies looking to protect
themselves from a host of security risks is underlined by the fact
that the quantifiable bill for virus and denial of service attacks
alone runs into billions of pounds globally each year.


Distributed by: Guardian Digital, Inc. LinuxSecurity.com

To unsubscribe email newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.

ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERV at SecurityFocus.com with a message body of

More information about the Linux mailing list