Security Sources Linux

There are a LOT of good sites out there for Unix security in general and Linux security
specifically. It’s very important to subscribe to one (or more) of the security mailing
lists and keep current on security fixes. Most of these lists are very low volume, and
very informative.

LinuxSecurity.com References
The LinuxSecurity.com web site has numerous Linux and open source security references
written by the LinuxSecurity staff and people collectively around the world.
• Linux Advisory Watch95 -- A comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability.
• Linux Security Week96 -- The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headlines.
• Linux Security Discussion List97 -- This mailing list is for general security-related
questions and comments.
• Linux Security Newsletters98 -- Subscription information for all newsletters.
• comp.os.linux.security FAQ99 -- Frequently Asked Questions with answers for the
comp.os.linux.security newsgroup.
• Linux Security Documentation100 -- A great starting point for information pertaining
to Linux and Open Source security.
FTP Sites
CERT is the Computer Emergency Response Team. They often send out alerts of current
attacks and fixes. See ftp://ftp.cert.org for more information.
ZEDZ (formerly Replay) (http://www.zedz.net) has archives of many security programs.
Since they are outside the US, they don’t need to obey US crypto restrictions.
Matt Blaze is the author of CFS and a great security advocate. Matt’s archive is available
at ftp://ftp.research.att.com/pub/mab
tue.nl is a great security FTP site in the Netherlands. ftp.win.tue.nl104
Web Sites
• The Hacker FAQ is a FAQ about hackers: The Hacker FAQ105
• The COAST archive has a large number of Unix security programs and information:
COAST106
• SuSe Security Page: http://www.suse.de/security/
• Rootshell.com is a great site for seeing what exploits are currently being used by
crackers: http://www.rootshell.com/
• BUGTRAQ puts out advisories on security issues: BUGTRAQ archives109
• CERT, the Computer Emergency Response Team, puts out advisories on common
attacks on Unix platforms: CERT home110
• Dan Farmer is the author of SATAN and many other security tools. His home
site has some interesting security survey information, as well as security tools:
http://www.trouble.org
• The Linux security WWW is a good site for Linux security information: Linux Security
WWW112
• Infilsec has a vulnerability engine that can tell you what vulnerabilities affect a
specific platform: http://www.infilsec.com/vulnerabilities/
• CIAC sends out periodic security bulletins on common exploits:
http://ciac.llnl.gov/cgi-bin/index/bulletins
• A good starting point for Linux Pluggable Authentication modules can be found
at http://www.kernel.org/pub/linux/libs/pam/.
• The Debian project has a web page for their security fixes and information. It is at
http://www.debian.com/security/.
• WWW Security FAQ, written by Lincoln Stein, is a great web security reference.
Find it at http://www.w3.org/Security/Faq/www-security-faq.html
Mailing Lists
Bugtraq: To subscribe to bugtraq, send mail to listserv@netspace.org containing the
message body subscribe bugtraq. (see links above for archives).
CIAC: Send e-mail to majordomo@tholia.llnl.gov. In the BODY (not subject) of the
message put (either or both): subscribe ciac-bulletin
Red Hat has a number of mailing lists, the most important of which is the redhatannounce
list. You can read about security (and other) fixes as soon as they come out.
Send email to redhat-announce-list-request@redhat.com with the Subject Subscribe
See https://listman.redhat.com/mailman/listinfo/ for more info and archives.
The Debian project has a security mailing list that covers their security fixes. See
http://www.debian.com/security/ for more information.
Books - Printed Reading Material
There are a number of good security books out there. This section lists a few of them.
In addition to the security specific books, security is covered in a number of other
books on system administration.
• Building Internet Firewalls By D. Brent Chapman & Elizabeth D. Zwicky, 1st Edition
September 1995, ISBN: 1-56592-124-0
• Practical UNIX & Internet Security, 2nd Edition By Simson Garfinkel & Gene Spafford,
2nd Edition April 1996, ISBN: 1-56592-148-8
• Computer Security Basics By Deborah Russell & G.T. Gangemi, Sr., 1st Edition July
1991, ISBN: 0-937175-71-4
• Linux Network Administrator’s Guide By Olaf Kirch, 1st Edition January 1995,
ISBN: 1-56592-087-2
• PGP: Pretty Good Privacy By Simson Garfinkel, 1st Edition December 1994, ISBN:
1-56592-098-8
• Computer Crime A Crimefighter’s Handbook By David Icove, Karl Seger &
William VonStorch (Consulting Editor Eugene H. Spafford), 1st Edition August
1995, ISBN: 1-56592-086-4
• Linux Security By John S. Flowers, New Riders; ISBN: 0735700354, March 1999
• Maximum Linux Security : A Hacker’s Guide to Protecting Your Linux Server and
Network, Anonymous, Paperback - 829 pages, Sams; ISBN: 0672313413, July 1999
• Intrusion Detection By Terry Escamilla, Paperback - 416 pages (September 1998),
John Wiley and Sons; ISBN: 0471290009
• Fighting Computer Crime, Donn Parker, Paperback - 526 pages (September 1998),
John Wiley and Sons; ISBN: 0471163783
Glossary
Included below are several of the most frequently used terms in computer security.
A comprehensive dictionary of computer security terms is available in the LinuxSecurity.
com Dictionary120
• authentication: The process of knowing that the data received is the same as the data
that was sent, and that the claimed sender is in fact the actual sender.
• bastion Host: A computer system that must be highly secured because it is vulnerable
to attack, usually because it is exposed to the Internet and is a main point of
contact for users of internal networks. It gets its name from the highly fortified
projects on the outer walls of medieval castles. Bastions overlook critical areas of
defense, usually having strong walls, room for extra troops, and the occasional
useful tub of boiling hot oil for discouraging attackers.
• buffer overflow: Common coding style is to never allocate large enough buffers, and
to not check for overflows. When such buffers overflow, the executing program
(daemon or set-uid program) can be tricked in doing some other things. Generally
this works by overwriting a function’s return address on the stack to point to
another location.
• denial of service: An attack that consumes the resources on your computer for things
it was not intended to be doing, thus preventing normal use of your network resources
for legitimate purposes.
• dual-homed Host: A general-purpose computer system that has at least two network
interfaces.
• firewall: A component or set of components that restricts access between a protected
network and the Internet, or between other sets of networks.
• host: A computer system attached to a network
• IP spoofing: IP Spoofing is a complex technical attack that is made up of several
components. It is a security exploit that works by tricking computers in a trust
relationship into thinking that you are someone that you really aren’t. There is an
extensive paper written by daemon9, route, and infinity in the Volume Seven, Issue
Forty-Eight issue of Phrack Magazine.
• non-repudiation: The property of a receiver being able to prove that the sender of
some data did in fact send the data even though the sender might later deny ever
having sent it.
• packet: The fundamental unit of communication on the Internet.
• packet filtering: The action a device takes to selectively control the flow of data to
and from a network. Packet filters allow or block packets, usually while routing
them from one network to another (most often from the Internet to an internal network,
and vice-versa). To accomplish packet filtering, you set up rules that specify
what types of packets (those to or from a particular IP address or port) are to be
allowed and what types are to be blocked.
• perimeter network: A network added between a protected network and an external
network, in order to provide an additional layer of security. A perimeter network
is sometimes called a DMZ.
• proxy server:Aprogram that deals with external servers on behalf of internal clients.
Proxy clients talk to proxy servers, which relay approved client requests to real
servers, and relay answers back to clients.
• superuser: An informal name for root.