The final part of this chapter deals with softer security concerns, such as maintaining awareness of security issues.
Security problems with software are found and fixed on an almost daily basis. It is important to be aware of any security vulnerabilities that affect software you have running on your system as soon as they are discovered . Perhaps the easiest way to do this is to subscribe to a security alert service. Red Hat provides its own through the Red Hat Network, and it is very useful because you will be notified only of problems that affect the RPMs that you have installed on your system. You ll also get notified immediately if there s an update to a Red Hat supplied RPM that you ve just installed.
In addition to the Red Hat Network, many Web sites offer useful security information. A few of them are described in the following subsections.
Red Hat provides another Web site ( www.redhat.com/apps/support/errata ) that you can use to check out security-related fixes for the packages that you have installed. From this page, you can access Security Alerts, Bug Fixes, and Enhancements for all currently supported releases of Fedora Core. There s also a link to the Red Hat Security Resource Center, where you can subscribe to a monthly security newsletter and find links to other, security- related resources.
The Software Engineering Institute of Carnegie Mellon University runs the CERT Coordination Center. Their web site, www.cert.org , provides a wealth of up-to-date information about security problems. You can also subscribe to a mailing list so that you receive security alerts by e-mail.
Bugtraq is a mailing list for the detailed discussion of computer security issues. You can access the Bugtraq archives at www.securityfocus.com , and find several mailing lists to which you can subscribe. Click the Mailing Lists button on the toolbar, and then click on the [ info ] link to the mailing list of interest. A pop-up window that includes instructions on how to subscribe appears.
Mailing lists you might want to check out include the following:
It is vital that whenever you leave a computer system that you logged into (such as your Fedora Core server, or your online banking Web site), you log out again. If you do not, there is a risk that someone else can come along and take over your connection, accessing the system as you without having to go to the trouble of cracking passwords or intercepting network traffic.
With increasing awareness of security issues, more and more online resources (Web sites, RPM downloads, and so on) are authenticated in some way. When you access these resources, you may have an opportunity to verify their authenticity. This may be a pop-up window from your Web browser, or a checksum for an RPM. Whatever mechanism exists, you should always use it to check that the Web page you are accessing or the RPM package you are about to install, is the genuine article, and has not been tampered with by anyone else.