Author: Benjamin D. Thomas
ekg, phpbb2, setarch, openoffice, pvm, fetchmail, mozilla,devhelp, yelp, subversion,
zlib, kdenetwork, perl, module-init-tools, mgetty, system-config-netboot, libsepol,
gnbc-kernel, dlm-kernel, cman-kernel, util-linux, tar, gcc, libtool, audit,
zlib, apr, pam_ldap, fetchmail, sandbox, Koptete, Clam, Ethereal, cpio, kdenetwork,
httpd, and dhcpd. The distributors include Debian, Fedora, Gentoo, and Red Hat.Network Intrusion Prevention Systems – When They’re Valuable, and When
They’re Not and When They’re Not
By: Daniel Miessler
Anyone keeping track of the security vendor/technology hype knows that IPS
has quickly replaced IDS as the “next big thing”. Depending on who you are,
you may chalk this up to yet another infosec fad, or you could be of the opinion
that IPS is actually making good on the promises that IDS never lived up to.
I think it can be both – depending on your situation.
What NIPS Isn’t
First and foremost, NIPS is not a tool for stopping elite crackers. That
may be how it’s being marketed, but it’s crap. If you’re the type to fall
for that sort of hype then you’re probably in a lot more danger than any
given technology can help you with.
Whether or not IPS is worthless or a godsend to your organization hinges
on a single question – “How good is your organization at staying patched?”
This is the single question that organizations need to be asking themselves
when considering network intrusion prevention technology.
The reason this question matters is because of the fact that NIPS only
protects you against vulnerabilities that you can mitigate by applying
patches and/or implementing other controls. If you are a relatively small
organization with a highly technical administrative/security staff that
keeps your systems constantly patched and locked down, a network IPS can’t
offer you much of anything. Despite claims to the contrary, a network IPS
system is about as good at stopping zero-day attacks as wordpad.exe.
Remember, stout security teams knows their systems. They read advisories
daily and know what’s in the wild and what’s likely to be there soon. A
team like this can more than likely patch their systems and/or mitigate
the risk to their organization in other ways before a NIPS vendor can
release a signature for their product. The benefit gained from someone
blocking exploits at the perimeter at that point is virtually null. In
short, anything that’s going to compromise a fully patched and locked
down system is going to walk right through a NIPS as well.
Read Entire Article:
http://www.linuxsecurity.com/content/view/119888/49/
LinuxSecurity.com
Feature Extras:
Linux File
& Directory Permissions Mistakes – One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I’ll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you’d like a refresher, one is available right here on linuxsecurity.com.Introduction:
Buffer Overflow Vulnerabilities – Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.Getting
to Know Linux Security: File Permissions – Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline.
Debian | ||
Debian: New cacti packages fix several vulnerabilities |
||
21st, July, 2005
|
||
Debian: New webcalendar package fixes information disclosure |
||
27th, July, 2005
|
||
Debian: New heimdal packages fix arbitrary code execution |
||
27th, July, 2005
|
||
Debian: New ekg packages fix arbitrary code execution |
||
27th, July, 2005
|
||
Debian: New phpbb2 packages fix cross-site scripting |
||
27th, July, 2005
|
||
Fedora | ||
Fedora Core 4 Update: setarch-1.8-1.FC4 | ||
21st, July, 2005
|
||
Fedora Core 4 Update: openoffice.org-1.9.117-3.1.0.fc4 | ||
21st, July, 2005
|
||
Fedora Core 3 Update: pvm-3.4.5-5_FC3 | ||
21st, July, 2005
|
||
Fedora Core 4 Update: pvm-3.4.5-5_FC4 | ||
21st, July, 2005
|
||
Fedora Core 4 Update: fetchmail-6.2.5-7.fc4.1 | ||
21st, July, 2005
|
||
Fedora Core 3 Update: fetchmail-6.2.5-7.fc3.1 | ||
21st, July, 2005
|
||
Fedora Core 3 Update: mozilla-1.7.10-1.3.1 | ||
22nd, July, 2005
|
||
Fedora Core 3 Update: epiphany-1.4.4-4.3.5 | ||
22nd, July, 2005
|
||
Fedora Core 3 Update: devhelp-0.9.2-2.3.5 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: mozilla-1.7.10-1.5.1 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: epiphany-1.6.3-2 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: devhelp-0.10-1.4.1 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: yelp-2.10.0-1.4.1 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: subversion-1.2.1-2.1 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: zlib-1.2.2.2-5.fc4 | ||
22nd, July, 2005
|
||
Fedora Core 3 Update: zlib-1.2.1.2-3.fc3 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: kdenetwork-3.4.1-0.fc4.2 | ||
22nd, July, 2005
|
||
Fedora Core 3 Update: kdenetwork-3.3.1-3.2 | ||
22nd, July, 2005
|
||
Fedora Core 3 Update: perl-5.8.5-14.FC3 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: module-init-tools-3.1-4 | ||
22nd, July, 2005
|
||
Fedora Core 3 Update: mgetty-1.1.31-3_FC3 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: system-config-netboot-0.1.22-1_FC4 | ||
22nd, July, 2005
|
||
Fedora Core 3 Update: system-config-netboot-0.1.22-1_FC3 | ||
22nd, July, 2005
|
||
Fedora Core 4 Update: setools-2.1.1-2 | ||
24th, July, 2005
|
||
Fedora Core 4 Update: nfs-utils-1.0.7-10 | ||
24th, July, 2005
|
||
Fedora Core 4 Update: libsepol-1.5.10-1.1 | ||
25th, July, 2005
|
||
Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.43 | ||
25th, July, 2005
|
||
Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.10 | ||
25th, July, 2005
|
||
Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.9 | ||
25th, July, 2005
|
||
Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.9 | ||
25th, July, 2005
|
||
Fedora Core 4 Update: gnome-panel-2.10.1-10.2 | ||
26th, July, 2005
|
||
Fedora Core 4 Update: system-config-printer-0.6.131.3-1 | ||
26th, July, 2005
|
||
Fedora Core 3 Update: util-linux-2.12a-24.4 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: tar-1.15.1-7.FC4 | ||
27th, July, 2005
|
||
Fedora Core 3 Update: tar-1.14-5.FC3 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: util-linux-2.12p-9.7 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: gcc-4.0.1-4.fc4 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: libtool-1.5.16.multilib2-2 | ||
27th, July, 2005
|
||
Fedora Core 3 Update: gcc-3.4.4-2.fc3 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: system-config-bind-4.0.0-20_FC4 | ||
27th, July, 2005
|
||
Fedora Core 3 Update: system-config-bind-4.0.0-20 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: mgetty-1.1.33-3_FC4 | ||
27th, July, 2005
|
||
Fedora Core 3 Update: mgetty-1.1.31-4_FC3 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: apr-0.9.6-3.1 | ||
27th, July, 2005
|
||
Fedora Core 4 Update: audit-0.9.19-2.FC4 | ||
27th, July, 2005
|
||
Gentoo | ||
Gentoo: zlib Buffer overflow | ||
22nd, July, 2005
|
||
Gentoo: Shorewall Security policy bypass | ||
22nd, July, 2005
|
||
Gentoo: Mozilla Thunderbird Multiple vulnerabilities |
||
24th, July, 2005
|
||
Gentoo: pam_ldap and nss_ldap Plain text authentication |
||
24th, July, 2005
|
||
Gentoo: fetchmail Buffer Overflow | ||
25th, July, 2005
|
||
Gentoo: sandbox Insecure temporary file handling |
||
25th, July, 2005
|
||
Gentoo: Kopete Vulnerability in included Gadu library |
||
25th, July, 2005
|
||
Gentoo: Mozilla Suite Multiple vulnerabilities | ||
26th, July, 2005
|
||
Gentoo: Clam AntiVirus Integer overflows | ||
26th, July, 2005
|
||
Gentoo: GNU Gadu, CenterICQ, Kadu, EKG, libgadu Remote code execution in Gadu library |
||
27th, July, 2005
|
||
Gentoo: Ethereal Multiple vulnerabilities | ||
28th, July, 2005
|
||
Red Hat |
||
RedHat: Important: firefox security update | ||
21st, July, 2005
|
||
RedHat: Low: cpio security update | ||
21st, July, 2005
|
||
RedHat: Important: zlib security update | ||
21st, July, 2005
|
||
RedHat: Important: thunderbird security update |
||
21st, July, 2005
|
||
RedHat: Critical: kdenetwork security update |
||
21st, July, 2005
|
||
RedHat: Important: mozilla security update | ||
22nd, July, 2005
|
||
RedHat: Moderate: httpd security update | ||
25th, July, 2005
|
||
RedHat: Important: fetchmail security update |
||
25th, July, 2005
|
||
RedHat: Moderate: dhcpcd security update | ||
27th, July, 2005
|
||
RedHat: Moderate: kdelibs security update | ||
27th, July, 2005
|
||