Author: Benjamin D. Thomas
PERL, slypheed, libgal2, libsoup, evolution, gimp, procps, lsof, lockdev, xloadimage,
mailman, boost, kdelibs, firefox, thunderbird, mozilla, devhelp, epiphany, rxvt,
LTris, MySQL, ethereal, ipsec-tools, and ImageMagick. The distributors include
Conectiva, Debian, Fedora, Genotoo, Mandrake, Red Hat, and SuSE.Authentication: Passwords
For most, the subject of passwords is novel. However, it is important to take
a step back and analyze their strengths, weaknesses, and alternatives.
Using only passwords as a method of authentication is often
insufficient for critical data because they fundamentally have
weaknesses. Several of those include: users pick easy to guess
words, users often voluntarily give them away in order to make
work easier, and passwords are often easily intercepted. Many
applications/protocols that are still in use send passwords in
cleartext. A weak password is the equivalent of a faulty lock
on a safe. Passwords do not guarantee security, only increase
the time required to access data or information.
System administrators can improve password security for users
in several ways. First, a limit on log-in attempts should be
set. For example, user ids should be locked after a number of
failed login attempts. Next, passwords should have strength
requirements set. For example, passwords should have a minimum
length, special characters and capitalizations should be
required, and they should be checked against a dictionary
file. Password security can also be improved if there are
expiration dates set and passwords are not reused
consecutively.
Biometrics and other forms of authentication in addition to
passwords can dramatically increase security. Having a
second line of defense is critical. For example, ssh security
can be improved by using key-authentication and IP based
access controls. Passwords are slowly becoming obsolete with
improvements in technology, but will remain in use for many
years. Next week, I’ll discuss how using single sign-on
mechanisms can improve password security and management
for users.
Until next time, cheers!
Benjamin D. Thomas
LinuxSecurity.com
Feature Extras:Getting
to Know Linux Security: File Permissions – Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.The
Tao of Network Security Monitoring: Beyond Intrusion Detection
– To be honest, this was one of the best books that I’ve read on network security.
Others books often dive so deeply into technical discussions, they fail to
provide any relevance to network engineers/administrators working in a corporate
environment. Budgets, deadlines, and flexibility are issues that we must all
address. The Tao of Network Security Monitoring is presented in such a way
that all of these are still relevant.Encrypting
Shell Scripts – Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn’t have a “ps -ef” loop running in an attempt to capture
that sensitive info (though some applications mask passwords in “ps” output).
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline.
Contectiva | ||
Conectiva: cyrus-imapd Fix for multiple cyrus-imapd vulnerabilities |
||
17th, March, 2005
|
||
Conectiva: curl Fix for cURL vulnerability | ||
21st, March, 2005
|
||
Debian | ||
Debian: New xloadimage packages fix several vulnerabilities |
||
21st, March, 2005
|
||
Debian: New xli packages fix several vulnerabilities |
||
21st, March, 2005
|
||
Debian: New perl packages fix privilege escalation |
||
22nd, March, 2005
|
||
Fedora | ||
Fedora Core 2 Update: sylpheed-1.0.3-0.FC2 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: libgal2-2.2.5-1 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: libsoup-2.2.2-1.FC3 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: evolution-data-server-1.0.4-3 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: evolution-2.0.4-1 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: evolution-connector-2.0.4-1 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.89 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: policycoreutils-1.18.1-2.10 | ||
17th, March, 2005
|
||
Fedora Core 3 Update: gimp-2.2.4-0.fc3.3 | ||
18th, March, 2005
|
||
Fedora Core 3 Update: procps-3.2.3-5.2 | ||
18th, March, 2005
|
||
Fedora Core 3 Update: lsof-4.72-2.1 | ||
18th, March, 2005
|
||
Fedora Core 3 Update: lockdev-1.0.1-4.1 | ||
18th, March, 2005
|
||
Fedora Core 2 Update: xloadimage-4.1-34.FC2 | ||
18th, March, 2005
|
||
Fedora Core 3 Update: xloadimage-4.1-34.FC3 | ||
18th, March, 2005
|
||
Fedora Core 2 Update: mailman-2.1.5-10.fc2 | ||
22nd, March, 2005
|
||
Fedora Core 3 Update: mailman-2.1.5-32.fc3 | ||
22nd, March, 2005
|
||
Fedora Core 3 Update: boost-1.32.0-5.fc3 | ||
22nd, March, 2005
|
||
Fedora Core 2 Update: kdelibs-3.2.2-14.FC2 | ||
23rd, March, 2005
|
||
Fedora Core 3 Update: firefox-1.0.2-1.3.1 | ||
23rd, March, 2005
|
||
Fedora Core 3 Update: kdelibs-3.3.1-2.9.FC3 | ||
23rd, March, 2005
|
||
Fedora Core 3 Update: thunderbird-1.0.2-1.3.1 | ||
23rd, March, 2005
|
||
Fedora Core 3 Update: mozilla-1.7.6-1.3.2 | ||
23rd, March, 2005
|
||
Fedora Core 3 Update: devhelp-0.9.2-2.3.1 | ||
23rd, March, 2005
|
||
Fedora Core 3 Update: epiphany-1.4.4-4.3.1 | ||
23rd, March, 2005
|
||
Fedora Core 3 Update: evolution-2.0.4-2 | ||
23rd, March, 2005
|
||
Gentoo | ||
Gentoo: Grip CDDB response overflow | ||
17th, March, 2005
|
||
Gentoo: KDE Local Denial of Service | ||
19th, March, 2005
|
||
Gentoo: rxvt-unicode Buffer overflow | ||
20th, March, 2005
|
||
Gentoo: LTris Buffer overflow | ||
20th, March, 2005
|
||
Gentoo: Sylpheed, Sylpheed-claws Message reply overflow |
||
20th, March, 2005
|
||
Mandrake | ||
Mandrake: Updated KDE packages address | ||
21st, March, 2005
|
||
Mandrake: Updated MySQL packages fix | ||
21st, March, 2005
|
||
Red Hat |
||
RedHat: Moderate: ethereal security update | ||
18th, March, 2005
|
||
RedHat: Important: sylpheed security update |
||
18th, March, 2005
|
||
RedHat: Important: mailman security update | ||
21st, March, 2005
|
||
RedHat: Important: realplayer security update |
||
21st, March, 2005
|
||
RedHat: Low: libexif security update | ||
21st, March, 2005
|
||
RedHat: Moderate: ImageMagick security update |
||
23rd, March, 2005
|
||
RedHat: Moderate: ipsec-tools security update |
||
23rd, March, 2005
|
||
RedHat: Moderate: ImageMagick security update |
||
23rd, March, 2005
|
||
RedHat: Important: kdelibs security update | ||
23rd, March, 2005
|
||
RedHat: Critical: mozilla security update | ||
23rd, March, 2005
|
||
RedHat: Critical: mozilla security update | ||
23rd, March, 2005
|
||
RedHat: Critical: firefox security update | ||
23rd, March, 2005
|
||
RedHat: Critical: thunderbird security update |
||
23rd, March, 2005
|
||
SuSE | ||
SuSE: ImageMagick problems | ||
23rd, March, 2005
|
||