LINUX SECURITY --- September 12, 2000
Published by ITworld.com, the IT problem-solving network
http://www.itworld.com/newsletters
*********************************************************************
HIGHLIGHTS
* Web sites and mailing lists to keep up with all of the latest in
security news
*********************************************************************
Keeping up to Date with Information
by Rick Johnson
If you are reading this newsletter, you obviously place a premium on
staying up to date with the latest security information. This author
finds uncovering decent Linux security information an issue of
particular annoyance. So much data is being published each day, finding
it all in one place is virtually impossible. You could spend the entire
day reading and still not learn it all.
Of course, each of you being a faithful ITworld.com reader and a
subscriber to numerous security newsletters (written by the most skilled
professionals) know it is always prudent to enhance your knowledge with
as much useful information as possible. So here I present a compendium
of other Web sites and mailing lists I find essential to daily security
administration.
Security News and Informational Websites:
* Security Focus (http://www.securityfocus.com/) -- By far, one of
the best sites around for security tools and information. They
have the most complete vulnerability database available, covering
virtually every popular software title and operating system.
* Technotronic (http://www.technotronic.com/) -- An outstanding
collection of information for all platforms. Particularly worthy
of note, their FTP archive contains copies of code for almost
every exploit ever published. If you are looking to duplicate an
attack on your network, look no further.
* LinuxSecurity.com (http://www.linuxsecurity.com/) -- Conceived by
David Wreski, this site is an excellent source of news and
information from around the Internet. It provides a concise, no
nonsense listing of the latest in the Linux security arena.
Security Mailing Lists:
* CERT (http://www.cert.org/nav/alerts.html) -- Carnegie Mellon sets
the standard in security advisories. If it shows up on CERT, you
had better heed the warning. To subscribe to the cert-advisory
mailing list, send email to cert-advisory-request@cert.org. In
the subject line, type "SUBSCRIBE" and your email address.
* BugTraq (http://www.securityfocus.com/forums/bugtraq/intro.html)
-- For the most respected discussion about computer security
vulnerabilities, go to BugTraq. What they are, how to exploit
them, and how to fix them. To subscribe, send an e-mail message to
LISTSERV@SECURITYFOCUS.COM with a message body of: "SUBSCRIBE
BUGTRAQ" Lastname, Firstname.
* SANS (http://www.sans.org/) -- Well respected for its commitment
and dedication to the security world, SANS (System Administration,
Networking, and Security) Security Alert Consensus is a weekly
summary of new security alerts and countermeasures. It offers one
definitive weekly summary of new alerts and countermeasures week
with announcements from: SANS, CERT, the Global Incident Analysis
Center, the National Infrastructure Protection Center, the
Department of Defense, Security Portal, NTBugTraq, Sun, and
several other vendors. To subscribe, visit
http://www.sans.org/sansnews/.
To truly stay up to date on all of the latest security information, you
would literally have to spend the entire week reading. By using the
resources mentioned above, hopefully you will not only find all of the
essential information to perform your job, but also find some time to
get a little work done.
Resources
Making the grade
We need to protect consumers from lousy software
http://www.linuxworld.com/linuxworld/lw-2000-04/lw-04-devnul_2_p.html
Linux security classes
ISS founder is a cracker in a white hat
http://www.linuxworld.com/linuxworld/lw-2000-06/lw-06-iss.html
Ugly mistake for Pretty Good
Security is jeopardized in rush to add new features
http://www.sunworld.com/sunworldonline/swol-09-2000/swol-0908-unixsecurity
-jdd.html
************************************************************************
About the author
----------------
Rick Johnson is currently involved in a number of projects, none of
which he can discuss at this time. Aren't non-disclosure agreements
wonderful? When not involved with those, he heads the development team
for PMFirewall, an Ipchains Firewall and Masquerading Configuration
Utility for Linux. Rick can be contacted via email at rick@pointman.org
or on the web at http://www.pointman.org.
*********************************************************************
<<attachment: winmail.dat>>