for cvs, screen, kdepim, mc, tcpdump, kernel, slocate, honeyd, isakmpd, and
lftp. The distributors include Conectiva, Debian, Guardian Digital EnGarde Secure
Linux, Gentoo, OpenBSD, Red Hat, Trustix, and Turbolinux.
In all business environments
management must give a certain level of trust to staff in order for work to
get done. In security, trust is extremely important. Security managers must
trust staff to properly setup and configure systems, give appropriate access,
and fix vulnerabilities as they arise. Trusting staff to get the job done is
a fundamental part of doing business. As a manager, how can one be sure that
the security staff is properly addressing security issues? How can one be sure
that vulnerabilities are fixed and logs are monitored? Peter F. Drucker, a well
known writer on business management topics once wrote, "if you cannot measure
it, you cannot manage it."
This is directly relevant to security.
How can a manager be sure that the backups are getting done? Are the IDS and
firewall logs properly monitored? A manager can easily have trust in employees,
but assurance also must be provided. Management should require staff to log
backups, log reviews, server patching, etc. Rather than trusting staff to get
the job done, it is necessary to have assurance. All general security maintenance
tasks can be, and should be audit-able.
How will extra paper work help security?
Will staff get fed up with all of the extra documentation? The purpose of extra
documentation is not to burden staff, it is to increasingly justify security
spending. If a security department is properly doing its job, incidents will
have little affect. However, if the department isn't doing its job, something
catastrophic could happen. It is hard for people not in security to see the
value in spending more money when there are no security incidents. Having audit-able
documented evidence of thwarted security attempts, log reviews, etc. can have
a huge impact on the image of the security department. Rather than relying on
trust, giving assurance and quantifying security will help get the budget necessary
to have the appropriate level of protection.
Until next time, cheers!
Benjamin D. Thomas
Linux Security Effectively in 2004
- This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security routine
should be established to ensure that all new vulnerabilities are addressed.
Linux security should be treated as an evolving process.
OSVDB - An Independent and Open Source Vulnerability Database
- This article outlines the origins, purpose, and future of the Open Source
Vulnerability Database project. Also, we talk to with Tyler Owen, a major
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
By requesting malformed modules a remote attacker can attempt to create
This vulnerability could be exploited by an attacker who is able to send
A carefully constructed .VCF file, if opened or previewed, could cause the
A malicious archive (such as a .tar file) could cause arbitrary code to
A number of buffer overflows could be exploited to crash tcpdump, or execute
Insecure temporary files
Many of these programs were found to create temporary files in an insecure
| MIPS version
of mremap() fix
A flaw in bounds checking in mremap() in the Linux kernel may allow a local
| Heap buffer
This vulnerability could grant a local attacker "slocate" group privileges,
| Heap buffer
By sending specially constructed packets across the wire a malicious remote
Several buffer overflows were recently discovered in tcpdump which could
Identification of Honeyd installations allows an adversary to launch attacks
| SA deletion
Several message handling flaws in isakmpd(8) have been reported by Thomas
This vulnerability allows remote attackers to execute arbitrary code during
| Heap overflow
A local user could exploit this vulnerability to gain "slocate" group privileges
Exploiting this would allow an attacker to obtain a list of all files in
| and tcpdump
lftp: buffer overflow tcpdump: multiple vulnerabilities