dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


LinuxSecurity.com: Linux Security Week, June 5th 2000

Jun 05, 2000, 11:27 (0 Talkback[s])

[ Thanks to Benjamin D. Thomas for this link. ]

"Greetings, issue number 5 is already here! We would like to take a moment to thank our readers for all of your support. The response has been tremendous for both our newsletter and website, LinuxSecurity.com If you have any suggestions regarding the website, newsletter, or anything else, please let us know! We are here to serve the open-source community; your voice should be heard."

"In the news, a few good articles were released. A few of my favorites included, Cracked! Part 4: The Sniffer, The Shell Game, and Who's Sniffing Your Network?.' 'Cracked' and 'Who's Sniffing your network' both are written about the use of packet sniffers. While both take different approaches to explain this topic, they are interesting to read. The Shell Game explains the rational for SSH and using encrypted communications. Take a moment to treat yourself to these three articles."

"Last week, the major topic of concern was The Top 10 System Security Threats released by SANS. Articles such as FBI, DOJ issue list of worst Internet threats and IT, Company Execs Add To Security Holes spawned from SANS' initial release. The top 10 threats include: connecting systems to the Internet before hardening them, connecting test systems to the Internet with default accounts/passwords, failing to update systems when security holes are found, using telnet and other unencrypted protocols for managing systems, giving passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated, failing to maintain and test backups, running unnecessary services, (especially ftpd telnetd finger rpc), implementing firewalls with rules that don't stop malicious or dangerous traffic (incoming or outgoing), failing to implement or update virus-detection software, and failing to educate users on what to look for and what to do when they see a potential security problem."

Complete Story

Related Stories: