Linux Advisory Watch – June 3rd 2005

Organizations today rely on IT for distributed processing, automation
of repetitive tasks, and electronic commerce. Processing that would
have been done by hand years ago, is now completely executed on
computers. This has evolved so much that it is no longer feasible and
in some cases impossible to conduct business processing by hand. In
the event of only a temporary loss of IT services, results could be
catastrophic. Without a secure IT infrastructure, an organization
risks the possibility of complete operational failure. The primary
aim of information security is to preserve the confidentiality,
integrity, and availability of information from unauthorized
disclosure, unauthorized modification, destruction, or misuse.
Failure to appropriately manage information security will put an
organization at risk of loss of income, loss of competitive
advantage, or possible legal penalties if not compliant with
relevant regulations. Having the right information at the right
time in the right hands of the right people is often the
difference between profit/loss, and success/failure. It must
be understood that information is a key business asset and
preserving confidentiality, integrity, and availability to
crucial to the continued success of any organization.

Importance of Confidentiality

Proper information security management can help protect against
confidentiality breaches. In the event of an unauthorized
disclosure of proprietary information, a company could loose
millions to a competitor due to the loss of research and
development time/capital and the competitive advantage of
being first to market. Across the world, nations are passing
legislation protecting the privacy of personal information.
Failure to adequately protect against breaches in confidentiality
may result in strictpenalties or prosecution for negligence.

Importance of Integrity

Ensuring data integrity is vital to ensure that appropriate
business decisions are made with the information available.
An unauthorized modification can either be intentional or
unintentional. In either scenario, the outcome can be
catastrophic. Data that has beenimproperly modified has
the potential to result in bad information. Faulty information
can lead to bad business decisions, which can ultimately result
in business failure. At a financial institution a single
misplaced digit could result in the loss of millions. It is
extremely important that organizations have the ability to
detect any violations of integrity and mitigate any possible
damages that may occur from a breach.

Importance of Availability

Information availability is also a key aspect of information security management.
Ensuring proper information availability will help an organization maintain
its highest level of productivity. Information security availability planning
involves contingency and disaster recovery as well as protecting against temporary
technical glitches or recovering information from backup archives. By appropriately
managing information availability, planning and facilitating a recovery strategy
can ensure that business impact and loss of assets is minimized in the event
of an incident.

LinuxSecurity.com
Feature Extras:

Getting
to Know Linux Security: File Permissions – Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.

The
Tao of Network Security Monitoring: Beyond Intrusion Detection
– To be honest, this was one of the best books that I’ve read on network security.
Others books often dive so deeply into technical discussions, they fail to
provide any relevance to network engineers/administrators working in a corporate
environment. Budgets, deadlines, and flexibility are issues that we must all
address. The Tao of Network Security Monitoring is presented in such a way
that all of these are still relevant.

Encrypting
Shell Scripts – Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn’t have a “ps -ef” loop running in an attempt to capture
that sensitive info (though some applications mask passwords in “ps” output).

 

Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.

Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline.