Novell would like to release a Linux with security management made easy according to the news on Security Focus. They have decided to not use security modifications by the National Security Agency because of the difficulty in configuring it. They have with it AppArmor though.

According to an article on Security Focus, the latest additions to SuSE Linux Enterprise Desktop (SLED) have been discussed in LinuxWorld. The focus was on AppArmor.

What’s up with AppArmor?

The AppArmor will be concerned with making access a bit more restrictive. There are some applications which need root access — these applications could make changes that would affect the entire system and if you want to make sure it would not happen, AppArmor could be the way for you to restrict access.

It is said to be that it is easy to use. Aside from that your system could be protected from internal and external attacks. This would be a plus factor, especially if you think about the costs of recovering from attacks that could affect your data.

How simple is simple?

• You have a name-based access control system.
• There is a graphical user interface.
• There are predefined profiles.
• There are wizards you could use to build security profiles for third party applications.

Check it out

Novell Linux is surely geared towards the users in the enterprise. If you want something that has a robust set of open source applications, a good user interface and tools, it is definitely one to try. You might not enjoy tweaking around too much and from the looks of things, SLED could be the Linux to give you an easy transition, in case you are migrating from proprietary to open source software.

[tags]novell,linux,security,applications[/tags]

Tags: applications, linux, novell, Operating Systems, Real-World Issues, security

Categories: Operating Systems, Real-World Issues

Comments Off

This year has seen a steady increase in the number of books being published on security-related topics. Since the year is about to end, I thought I’d round up a few of the best I’ve read, seen, or heard about, and comment briefly on each one!

Apache Security
O’Reilly
Published March 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596007248/

This book covers installing a secure Apache web server, discusses a variety of attack techniques, and looks at securing a multi-user hosting environment. All round, an excellent book for webhosts or anyone running Apache on an Internet-accessible system!

SSH, The Secure Shell: The Definitive Guide, Second Edition
O’Reilly
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008953/

This book takes a look at the SSH program, a replacement for telnet or rsh, providing an encrypted link over which programs can be run. SSH also contains programs for file copy, replacing rcp and perhaps even FTP! The book looks at the latest developments in OpenSSH and other SSH implementations, and includes some powerful examples including setting up SSH tunnels and forwarding systems.

Security And Usability
O’Reilly
Published February 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008279/

This book reaches a compromise between the two design goals of security and usability. I haven’t actually read this one, but everyone I speak to that has thinks its worthwhile!

Extrusion Detection
Addison-Wesley
Published June 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321349962/

One of the few books in publication which covers the important topic of internal attacks! Again, I haven’t read this, but it is an important topic, and its nice to see books finally starting to appear to bridge the gap between the generic security books and the knowledge that network administrators need!

Cryptography In The Database
Addison-Wesley
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321320735/

This book approaches security from the opposite end to many; from the innermost structure in many applications. Databases are often left open to attack because it is assumed that the outer layers of a program protect any database access against exploitation. Using cryptography in the database helps to prevent attacks which take advantage of most peoples false sense of local security! Once again, this book is a much-needed addition to the stores!

If I’ve left out your favourite security book of the year, or, if you’re one of the lucky few, the book you wrote this year, don’t be offended! I just chose a few of the ones that stood out most to me. There were, as I said, a large number of books dealing specifically with security this year, from VPNs to SSH, rootkits to software vulnerabilities, Apache to IIS, and PHP to SQL. In each case, the books have contributed new and fresh ideas, shown the latest attack patterns, and offered advice for prevention, or, failing that, cure.

As the threat from malware, malicious hackers and even corporate software with unintentional (or intentional) security issues grows, books like these serve not only to educate the developer and system administrator in prevention, but also to alert the user to the threat. Most technical users cannot fail to notice the distinct rise in security related books this year, and should easily be able to correlate this to the ever-increasing threat as our world becomes ever more connected!

Tags: Cryptography, IT Security Basics, Real-World Issues, Review, Tips

Categories: Cryptography, IT Security Basics, Real-World Issues, Review, Tips

2 Comments

Recently, a programmer named Patrick Stach released unto the world his working source code for generating an MD5 collision within a very reasonable amount of time for most desktop PC’s. Leave it to the media to sensationalize it and proclaim that MD5 is now BROKEN! Run! Go out and buy duct tape! While it is true that no true security product should be relying on MD5 for anything serious, it’s not quite the end of the world that many of these news geniuses are painting it as.

The fact of the matter is that most Linux and other UNIX distributions use the MD5 hashing algorithm to handle their password database for the users. It takes your password, hashes it using MD5, and then stores that. When a user attempts to login via SSH for example, the system takes the password they typed and then hashes it using whatever algorithm it was configured to do (which is MD5 in most cases) and then compares it to the hash that’s in its database. If it matches, then the user entered the correct password and is granted access to the system. If they don�t match, they obviously didn’t type in the right password. The security in these hashing algorithms lies in the fact that each and every series of letters will have a unique hash. In English, I can rest easy at night knowing that the hash of “cat” will NEVER be the same hash of “dog“.

So the security community is up in arms about the fact that they now have an actual implementation of generating MD5 collisions, instead of it being a hypothetical paper that the general public would never understand. So what exactly is the impact of this little release you might be wondering? Well, you can put away that duct tape because your NIX servers will remain running tomorrow just fine. The truth is you can’t use this utility to be able to break a hashed password any faster. Instead what this does it allows you to find a pair of “plaintexts” (term for normal words/letters) that will come out to the exact same hash value. This is not supposed to be possible, but because of the discovered weakness in MD5, it is. Either way, the release utility does not help anyone find the “plaintext” from an MD5 hash. That is still impossible and does require you to brute force crack any hashes. It also means that MD5 is STILL safe to use as a file verification tool. While I’m not advocating the continued use of MD5, it’s still not the end of its life.

Tags: Cryptography

Categories: Cryptography

1 Comment

Recently, the blogosphere has been rocked by the bit of news about AOL users’ search being made public. It was supposed to be used for a research or something but there was a security breach. As such, those information were made known to many.

Searching online is probably one of the most common things that people do. Whether it is for personal purposes or otherwise, they have the right to make their search private. The problem here is that the people from AOL should have been more careful about it.

What’s with protecting people from having their search history made public?

I personally see it as something important because people could get suspected of something they are not guilty of, depending on who is the one interpreting the data. Think of it this way: You are college student and you are studying literature. What if you happen to be studying literary works involving crime? On your computer, you will have different readings, perhaps? What kinds of searches would you make? What keywords will you use? You will look for materials on crime, etc. If someone sees your search history and starts thinking that there is a pattern like you have been temperamental and a bit violent compared to your usual self, this person might turn you in just because.

It would be nice to have search histories researched on so that search engines could yield better results when we use them. However, it could be abused too. Hopefully, all the other major groups behind search engines would learn from this gaffe AOL had. That way, people won’t be too paranoid that someone is watching them and accuse them.

Tags: General

Categories: General

Leave a Comment

File transfers through instant messaging (IM) is one of the causes of vulnerabilities in a network. It is so easy to send files to each other via IM — it is just a couple of clicks away. Before you know it, your pictures are transferred to your online buddy’s computer and vice versa. What network administrators do sometimes is tighten the security by setting up a firewall that restricts it.

There is a product called Aladdin eSafe which blocks file transfers through IM. What happens is that the messages still get through but no file transfers happen. The following IM protocols are assessed by the software: ICQ/AOL Messenger, MSN Messenger, Windows Messenger and Yahoo Messenger. It could also block Skype.

eSafe is targeted to help the organizations that will use it in terms of increasing the productivity of the people. By limiting or blocking file transfers, the people will have less distractions and so they could focus on working. They could keep on using IM in order to communicate with each other.

First and foremost, you could try to make sure that you are clear about your company’s policy on the use of IM software. The way you deal with the people involved would be critical because they are the ones who will be directly affected. As such, you might try recommending other ways of sending files like maybe through email or maybe you could have a file server of sorts but to determine how to limit access might be the difficult part.

Tags: Instant Messaging, IT Security Basics, News

Categories: IT Security Basics, Instant Messaging, News

Leave a Comment

Blogs are popularly being read on RSS aggregators these days. That or via Atom feeds and recently, it has been said that attackers could use Javascript to take advantage of this. According to an article on USA Today, this could be any kind of information as long as it is in this format. In the said article, you could also find out the list of vulnerable readers: Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader.

This kind of news is actually not so new. Mark Pilgrim was one of the bloggers who has written about this before. He even set up an experiment of sorts, wherein subscribers to his blog feed saw a screen full of platypi. He has mentioned in his blog entry that the difficulty with RSS is that there is a lot of arbitrary HTML and it could include Javascript — it could be malicious Javascript as designed by some attackers. Mark Pilgrim even listen down the elements that should be stripped off by RSS readers, just to be safe:
script tags, embed tags, object tags, frameset tags, iframe tags, meta tags, link tags, style tags, style attributes from every tag.

If you are always subscribing to different blogs, forums and mailing lists through RSS, you should be careful about it. If there are comments RSS, you could also take precautionary measures by not subscribing to it. It is possible to get attacked through the RSS of comments. Aside from that, if you have set up your own personal aggregator, make sure that you have a ’smart’ aggregator which strips off the said tags. If you have an aggregator on your computer, check if it is vulnerable. Maybe you could install something else that isn’t prone to attacks via RSS. It is better to be secure after all.

Tags: IT Security Basics, Malware, News, Tips

Categories: IT Security Basics, Malware, News, Tips

Leave a Comment

Tunneling is a method of using an internetwork infrastructure to transfer data for one network over another network. The data to be transferred (or payload) can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate internetwork.

The encapsulated packets are then routed between tunnel endpoints over the internetwork. The logical path through which the encapsulated packets travel through the internetwork is called a tunnel. Once the encapsulated frames reach their destination on the internetwork, the frame is decapsulated and forwarded to its final destination. Tunneling includes this entire process (encapsulation, transmission, and decapsulation of packets).

Tags: IT Security Basics, Network Security, Physical Security, Privacy-&-Anonymity, Security Policies

Categories: IT Security Basics, Network Security, Physical Security, Privacy & Anonymity, Security Policies

1 Comment