LinuxSecurity.com: Weekly Newsletter, April 15th, 2002

|  LinuxSecurity.com                            Weekly Newsletter     |
|  April 15th, 2002                             Volume 3, Number 15n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@linuxsecurity.com    |
|                   Benjamin Thomas         ben@linuxsecurity.com     |
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Incident
Analysis of a Compromised RedHat Linux 6.2 Honeypot," "Basic Steps in
Forensic Analysis of Unix Systems," "Configuring a FreeBSD Access Point
for your Wireless Network," and "Using SCP Through a Gateway."

==> FREE SSL Guide from Thawte

Are you planning your Web Server Security? Click here to get a FREE Thawte
SSL guide and find the answers to all your SSL security issues.


This week, advisories were released for logwatch, ucdsnmp, IMP/HORDE,
tcpdump, mail, and rshd.  The vendors include OpenBSD, Red Hat, and SuSE.


Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
| Host Security News: | <<-----[ Articles This Week ]-------------

* Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot
April 10th, 2002

Your job, as a forensic investigator, is to do your best to comb through
the sources of evidence -- disc drives, log files, boxes of removable
media, whatever -- and do two things: make sure you preserve as much of
this data in its original form, and to try to re-construct the events that
occurred during a criminal act and produce a meaningful starting point for
police and prosecutors to do their jobs.


* Basic Steps in Forensic Analysis of Unix Systems
April 9th, 2002

Your job, as a forensic investigator, is to do your best to comb through
the sources of evidence -- disc drives, log files, boxes of removable
media, whatever -- and do two things: make sure you preserve as much of
this data in its original form, and to try to re-construct the events that
occurred during a criminal act and produce a meaningful starting point for
police and prosecutors to do their jobs.


* Serious SOAP::Lite Security Hole Discovered
April 9th, 2002

"This is a big one, and relates to how SOAP::Lite dispatches method calls
at runtime, and how Perl executes dynamic method calls. The very best
thing you can do is take down your SOAP servers until an update is


| Network Security News: |

* Can you trust an ethical hacker?
April 12th, 2002

Here is an interview with Bill Pepper of CSC who uses ethical hackers for
testing and security processes. "Bill Pepper is head of security risk
management at consulting firm CSC, a role which involves advising clients
on security issues and managing the company's so-called ethical hackers.  
He has worked in information security for over 35 years, including time
with the Royal Air Force, and is currently deputy chairman of the British
Computer Society's Certificate in Information Security Management Board."


* Configuring a FreeBSD Access Point for your Wireless Network
April 11th, 2002

This article describes how to configure a PC running FreeBSD to serve as
an access point (AP) for your wireless network. This FreeBSD access point
does not need to be a server or desktop machine. Indeed, many people
recommend using an old laptop. You don't need much processing power
either; a 386 or 486 will do.


* Using SCP Through a Gateway
April 11th, 2002

Quick summary on some scp tricks. "Recall that the command: "$ scp ...
S:file ..."  actually runs ssh in a subprocess to connect to S and invoke
a remote scp server. Now that we've gotten ssh working from client C to
server S, you'd expect that scp would work between these machines with no
further effort.


* Monitoring reduces security risks
April 11th, 2002

Counterpane today released statistics to back its claim that customers of
its monitoring services are far less likely to have their networks
penetrated.  In the first quarter of 2002, Counterpane monitored approx.
200 networks worldwide and processed 31 billion network events.


* Denial-of-service attacks still a threat
April 10th, 2002

Denial-of-service (DOS) attacks continue to present a significant security
threat to corporations two years after a spate of incidents brought down
several high-profile sites, including those of Yahoo Inc. and eBay Inc.,
users and analysts report.


* Setting up a strong Linux firewall
April 10th, 2002

In most organisations, network security has become interwoven with
standard network and system administration. Threats in the form of
malicious hackers, self-propagating worms, denial of service attacks, and
other nefarious security problems loom large for administrators.

|  Cryptography:         |

* The Risks of Short RSA Keys
April 12th, 2002

Millions of users of the World Wide Web rely on a single cryptographic
protocol, SSL, to make secure connections to remote web servers. The
flexibility and ease of use of SSL, which is built into browser and server
software, gives them confidence in the security of their data.


|  Vendor/Products:      |
* How to detect intruders with ACID
April 11th, 2002

All it takes is time and free software to set up a powerful intrusion
detection system for your Unix system. Follow along as Joe Barr installs
ACID on his system and discovers a big security hole. I wanted to try ACID
ever since someone rooted my server last year. Mind you, not the
hallucinogen LSD, though at the time I might have been tempted.


* Snort Version 1.8.6 Released
April 11th, 2002

This is the first official announcement of a new Snort version in several
months and it contains a multitude of fixes over previous versions.  
While the official releases have gone very slowly lately, the development
of snort has picked up immensely.


|  General:              |
* IT security a must for small-business survival
April 11th, 2002

The Computer Emergency Response Team (Cert) has released a report
pinpointing the six fastest evolving trends in the black hat world of
internet security.  The organisation, which has been monitoring hacker
activity since 1998, found that the most notable trend to evolve over
recent years is the automation and speed of attack tools.


* Overview of Attack Trends
April 8th, 2002

The CERT Coordination Center has been observing intruder activity since
1988. Much has changed since then, from our technology to the makeup of
the Internet user community, to attack techniques. In this paper, we give
a brief overview ofrecent trends that affect the ability of organizations
(and individuals) to use the Internet safely.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis