Author: Benjamin D. Thomas
im-sdk, selinux-policy-targeted, gamin, pam, netpbm, mkinitrd, kde, arts, NetworkManager,
labraw, ckermit, httpd, gphoto, coreutils, iiimf, yum, gimp, redhead, zlib,
fetchmail, sandbox prsotext, proftpd, nbsmtp, dump, and SquirrelMail. The distributors
include Debian, Fedora, Gentoo, and Red Hat.Network Intrusion Prevention Systems – When They’re Valuable, and When
They’re Not and When They’re Not, Part II
By: Daniel Miessler
The true benefit of network IPS lies in what it can do for companies
that can’t keep their systems patched. This may sound negative, but
it’s almost as if the request for NIPS technology is analogous to the
requestor admitting that they cannot stay on top of system
administration.
For anyone willing to make this admission, however, the benefits of
network IPS are quite significant. Consider a medium to large sized
company where upper management doesn’t see the need for additional
(see enough) systems and/or security administrators. (This shouldn’t
require much imagination, by the way).
In an environment like this, vulnerabilities are likely to go
unpatched for weeks, months, or even years – even in the Internet-
facing areas. Many things can lead to machines not getting patched
in these sorts of companies – developers claiming that the main
bread-winning app will break if the patches are applied, administrator
fear of being the cause of downtime, apathy, stupidity – take your
pick.
The point is, a strategically-placed network IPS – say in front of
the Internet-facing environment – can do something absolutely magical
for an systems/security staff — it can buy them time. Consider a
site passing a ton of traffic into their DMZ via multiple protocols
to dozens or hundreds of machines, and let’s say several of the
applications being interfaced with have known vulnerabilities. If
the person in charge knows that they lack the ability to patch
all the vulnerable systems (inexcusable, I agree), then the NIPS
system can effectively serve as a multi-patch gateway.
If the NIPS product has a signature for 34 of the 42 exploits that
could potentially root 180 machines, then putting a network IPS at
the bottleneck becomes an alternative to 1. getting cracked, and
2. patching. Make no mistake, though – patching is the better
solution, but I recognize that there are sometimes circumstances
that prevent good admins from doing their jobs. There are also
situations where someone who knows the risks lacks the funding
to bring admins aboard that can help them keep their systems in
top shape. For either of these cases, network IPS seems like an
acceptable evil.
Read Entire Article:
http://www.linuxsecurity.com/content/view/119888/49/
LinuxSecurity.com
Feature Extras:
Linux File
& Directory Permissions Mistakes – One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I’ll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you’d like a refresher, one is available right here on linuxsecurity.com.Introduction:
Buffer Overflow Vulnerabilities – Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.Getting
to Know Linux Security: File Permissions – Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline.
Debian | ||
Debian: New gaim packages fix denial of service |
||
29th, July, 2005
|
||
Debian: New gopher packages fix insecure temporary file creation |
||
29th, July, 2005
|
||
Debian: New pdns packages fix denial of service |
||
1st, August, 2005
|
||
Debian: New apt-cacher package fixes arbitrary command execution |
||
3rd, August, 2005
|
||
Fedora | ||
Fedora Core 3 Update: ethereal-0.10.12-1.FC3.1 | ||
28th, July, 2005
|
||
Fedora Core 3 Update: im-sdk-12.1-10.FC3.1 | ||
28th, July, 2005
|
||
Fedora Core 4 Update: selinux-policy-targeted-1.25.3-6 | ||
28th, July, 2005
|
||
Fedora Core 3 Update: gamin-0.1.1-3.FC3 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: gamin-0.1.1-3.FC4 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: pam-0.79-9.4 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: netpbm-10.28-1.FC4.1 | ||
29th, July, 2005
|
||
Fedora Core 3 Update: netpbm-10.28-1.FC3.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: ethereal-0.10.12-1.FC4.1 | ||
29th, July, 2005
|
||
Fedora Core 3 Update: mkinitrd-4.1.18.1-1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdeaddons-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdesdk-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdepim-3.4.2-0.fc4.2 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdemultimedia-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdelibs-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdewebdev-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdebase-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdevelop-3.2.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdeutils-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdenetwork-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kde-i18n-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdegraphics-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdegames-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdeedu-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdebindings-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdeartwork-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdeadmin-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: kdeaccessibility-3.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: arts-1.4.2-0.fc4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: NetworkManager-0.4-20.FC4.1 | ||
29th, July, 2005
|
||
Fedora Core 4 Update: libraw1394-1.2.0-1.fc4 | ||
31st, July, 2005
|
||
Fedora Core 4 Update: selinux-policy-targeted-1.25.3-9 | ||
1st, August, 2005
|
||
Fedora Core 4 Update: ckermit-8.0.211-2.FC4 | ||
1st, August, 2005
|
||
Fedora Core 4 Update: httpd-2.0.54-10.1 | ||
2nd, August, 2005
|
||
Fedora Core 4 Update: kdegames-3.4.2-0.fc4.2 | ||
2nd, August, 2005
|
||
Fedora Core 3 Update: httpd-2.0.53-3.2 | ||
2nd, August, 2005
|
||
Fedora Core 4 Update: gphoto2-2.1.6-1.1 | ||
2nd, August, 2005
|
||
Fedora Core 4 Update: coreutils-5.2.1-48.1 | ||
2nd, August, 2005
|
||
Fedora Core 4 Update: iiimf-12.2-4.fc4.2 | ||
2nd, August, 2005
|
||
Fedora Core 3 Update: yum-2.2.2-0.fc3 | ||
2nd, August, 2005
|
||
Fedora Core 3 Update: ethereal-0.10.12-1.FC3.2 | ||
3rd, August, 2005
|
||
Fedora Core 4 Update: ethereal-0.10.12-1.FC4.2 | ||
3rd, August, 2005
|
||
Fedora Core 3 Update: gimp-2.2.8-0.fc3.2 | ||
3rd, August, 2005
|
||
Fedora Core 4 Update: gimp-2.2.8-0.fc4.2 | ||
3rd, August, 2005
|
||
Fedora Core 4 Update: readahead-1.1-1.16_FC4 | ||
3rd, August, 2005
|
||
Gentoo | ||
Gentoo: Ethereal Multiple vulnerabilities | ||
28th, July, 2005
|
||
Gentoo: Shorewall Security policy bypass | ||
29th, July, 2005
|
||
Gentoo: zlib Buffer overflow | ||
29th, July, 2005
|
||
Gentoo: fetchmail Buffer Overflow | ||
29th, July, 2005
|
||
Gentoo: Kopete Vulnerability in included Gadu library |
||
29th, July, 2005
|
||
Gentoo: Mozilla Suite Multiple vulnerabilities | ||
29th, July, 2005
|
||
Gentoo: Clam AntiVirus Integer overflows | ||
29th, July, 2005
|
||
Gentoo: sandbox Insecure temporary file handling |
||
29th, July, 2005
|
||
Gentoo: AMD64 x86 emulation base libraries Buffer overflow |
||
30th, July, 2005
|
||
Gentoo: pstotext Remote execution of arbitrary code |
||
31st, July, 2005
|
||
Gentoo: Compress:Zlib: Buffer overflow | ||
1st, August, 2005
|
||
Gentoo: ProFTPD Format string vulnerabilities | ||
1st, August, 2005
|
||
Gentoo: ProFTPD Format string vulnerabilities | ||
1st, August, 2005
|
||
Gentoo: nbSMTP Format string vulnerability | ||
2nd, August, 2005
|
||
Red Hat |
||
RedHat: Low: dump security update | ||
3rd, August, 2005
|
||
RedHat: Moderate: SquirrelMail security update |
||
3rd, August, 2005
|
||