Thomas
This week, advisories were released for apache, kernel, nfs-utils, cups, phpgroupware,
fdclone, several, gnupg, phpgroupware, mpg123, mozilla, semi, ethereal, and
xpdf. The distributors include Conectiva, Debian, Guardian Digital’s EnGarde
Linux, Gentoo, Mandrake, Red Hat, Trustix, TurboLinux, and YellowDog Linux.– by Benjamin D.
Thomas
This week, advisories were released for apache, kernel, nfs-utils, cups, phpgroupware,
fdclone, several, gnupg, phpgroupware, mpg123, mozilla, semi, ethereal, and
xpdf. The distributors include Conectiva, Debian, Guardian Digital’s EnGarde
Linux, Gentoo, Mandrake, Red Hat, Trustix, TurboLinux, and YellowDog Linux.
When a child wants to get a candy bar at a local market, what normally happens?
Most often, the child pleads a case to his/her parents and hopes for the best.
If he/she is well behaved, the child may get the candy bar. However, if the
child has recently been disobedient, the parent would probably refuse to buy
it. How does this relate to information security? A healthy security budget
can be considered your candy bar. It can be difficult to lock down a security
budget. In today’s sluggish economy, all money spent must be fully justified
and approved. How can decision makers in an organization be persuaded to spend
adequate money on security?
Decision makers in an organization need justification for every project. Rather
than using FUD for persuasion, it can be more effective to prepare a business
case for each project. For example, if an upgrade to the current email server
farm is seriously needed to better manage Spam and Viruses, a business case
would be helpful to provide proper justification. Writing one forces the proper
amount of research and consideration of alternatives.
What is normally found in a business case? Generally, an executive summary
is the first major section included. It should be no more than a single type
written page, and summarize all information found in the remaining portion of
the document. It is advisable to write the executive summary last. Next, it
is logical to include an introduction section. This section should provide background
information, the purpose of the particular business case, and information regarding
the subject matter. It is a good idea to provide a bulleted list with key goals
& objectives, and discuss organizational environmental factors. The analysis
portion of the newsletter should follow. It should include an explanation of
the project goals & objectives, the scope, justification of business risks,
and alternative solutions. Finally, the business case should include a section
on business impact. This should include benefits, a high-level ROI analysis,
proposed time frame, and a listing of project risks.
Business cases can be written many different ways. It is most important that
the audience is considered. More information can on writing business cases can
be found on Google. Also, if you contact me, I can point you to several helpful
resources.
Until next time,
Benjamin D. Thomas
LinuxSecurity Feature Extras:
REVIEW:
Linux Security Cookbook – There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.Real-Time
Alerting with Snort – Real-time alerting is a feature of an IDS or
any other monitoring application that notifies a person of an event in an
acceptably short amount of time. The amount of time that is acceptable is
different for every person.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
that outlines the security vulnerabilities that have been announced throughout
the week. It includes pointers to updated packages and descriptions of each
vulnerability.
[ Subscribe
]
| Distribution: | Conectiva | ||
| 7/22/2003 | nfs-utils buffer overflow vulnerability | ||
| denial of service vulnerability
|
|||
| 7/22/2003 | kernel | ||
| multiple vulnerabilities
|
|||
| 7/22/2003 | cups | ||
| multiple vulnerabilities
|
|||
| 7/24/2003 | phpgroupware | ||
| XSS vulnerability
|
|||
| 7/24/2003 | apache | ||
| denial of service vulnerability
|
|||
| Distribution: | Debian | ||
| 7/24/2003 | fdclone | ||
| insecure tmp file vulnerability
|
|||
| Distribution: | EnGarde | ||
| 7/24/2003 | several | ||
| local ‘kernel’ vulnerabilities
|
|||
| Distribution: | Gentoo | ||
| 7/19/2003 | gnupg | ||
| Unauthorized acess
|
|||
| 7/19/2003 | nfs-utils Denial of service | ||
| Unauthorized acess
|
|||
| Distribution: | Mandrake | ||
| 7/24/2003 | phpgroupware | ||
| multiple vulnerabilities
|
|||
| 7/24/2003 | xpdf | ||
| arbitrary command execution vulnerability
|
|||
| 7/24/2003 | mpg123 | ||
| denial of service vulnerability
|
|||
| Distribution: | RedHat | ||
| 7/21/2003 | 2.4 kernel mulitple vulnerabilities | ||
| denial of service vulnerability
|
|||
| 7/21/2003 | mozilla | ||
| heap overflow vulnerability
|
|||
| 7/24/2003 | semi | ||
| arbitrary code execution vulnerability
|
|||
| Distribution: | Trustix | ||
| 7/18/2003 | ‘nfs-utils’ Denial of Service | ||
| arbitrary code execution vulnerability
|
|||
| Distribution: | TurboLinux | ||
| 7/24/2003 | nfs-utils off-by-one vulnerability | ||
|
arbitrary code execution vulnerability
|
|||
| Distribution: | Yellow Dog Linux | ||
| 7/18/2003 | nfs-utils Buffer overflow vulnerability | ||
| arbitrary code execution vulnerability
|
|||
| 7/18/2003 | ethereal | ||
| Multiple vulnerabilities
|
|||
| 7/24/2003 | semi | ||
| arbitrary code execution vulnerability
|
|||
| 7/24/2003 | xpdf | ||
| arbitrary command execution vulnerability
|
|||
Category:
- Security
