- About Us
In all business environments management must give a certain level of trust to staff in order for work to get done. In security, trust is extremely important. Security managers must trust staff to properly setup and configure systems, give appropriate access, and fix vulnerabilities as they arise. Trusting staff to get the job done is a fundamental part of doing business. As a manager, how can one be sure that the security staff is properly addressing security issues? How can one be sure that vulnerabilities are fixed and logs are monitored? Peter F. Drucker, a well known writer on business management topics once wrote, "if you cannot measure it, you cannot manage it."
This is directly relevant to security. How can a manager be sure that the backups are getting done? Are the IDS and firewall logs properly monitored? A manager can easily have trust in employees, but assurance also must be provided. Management should require staff to log backups, log reviews, server patching, etc. Rather than trusting staff to get the job done, it is necessary to have assurance. All general security maintenance tasks can be, and should be audit-able.
How will extra paper work help security? Will staff get fed up with all of the extra documentation? The purpose of extra documentation is not to burden staff, it is to increasingly justify security spending. If a security department is properly doing its job, incidents will have little affect. However, if the department isn't doing its job, something catastrophic could happen. It is hard for people not in security to see the value in spending more money when there are no security incidents. Having audit-able documented evidence of thwarted security attempts, log reviews, etc. can have a huge impact on the image of the security department. Rather than relying on trust, giving assurance and quantifying security will help get the budget necessary to have the appropriate level of protection.
Until next time, cheers!
Benjamin D. Thomas
LinuxSecurity Feature Extras:
Managing Linux Security Effectively in 2004 - This article examines the process of proper Linux security management in 2004. First, a system should be hardened and patched. Next, a security routine should be established to ensure that all new vulnerabilities are addressed. Linux security should be treated as an evolving process.
FEATURE: OSVDB - An Independent and Open Source Vulnerability Database - This article outlines the origins, purpose, and future of the Open Source Vulnerability Database project. Also, we talk to with Tyler Owen, a major contributor.
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe ]
By requesting malformed modules a remote attacker can attempt to create files and directories on the server's root file system.
This vulnerability could be exploited by an attacker who is able to send about 2Gb of data to the user's screen session.
A carefully constructed .VCF file, if opened or previewed, could cause the execution of arbitrary code with the victim's privileges.
A malicious archive (such as a .tar file) could cause arbitrary code to be executed if opened by Midnight Commander.
A number of buffer overflows could be exploited to crash tcpdump, or execute arbitrary code with the privileges of tcpdump.
|1/19/2004||netpbm-free Insecure temporary files|
Many of these programs were found to create temporary files in an insecure manner.
| MIPS version
of mremap() fix
A flaw in bounds checking in mremap() in the Linux kernel may allow a local attacker to gain root privileges.
| Heap buffer
This vulnerability could grant a local attacker "slocate" group privileges, which can access the list of all file pathnames on the system.
|1/19/2004||'tcpdump' multiple vulnerabilities|
| Heap buffer
By sending specially constructed packets across the wire a malicious remote attacker could cause tcpdump to crash or potentially run arbitrary code as the user under which tcpdump was being run.
Several buffer overflows were recently discovered in tcpdump which could cause tcpdump to crash or run arbitrary code.
Identification of Honeyd installations allows an adversary to launch attacks specifically against Honeyd.
| SA deletion
Several message handling flaws in isakmpd(8) have been reported by Thomas Walpuski.
This vulnerability allows remote attackers to execute arbitrary code during symlink conversion.
| Heap overflow
A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database.
Exploiting this would allow an attacker to obtain a list of all files in the filesystem.
| and tcpdump
lftp: buffer overflow tcpdump: multiple vulnerabilities