A.1 Mailing Lists The Mandatory OnesThese are the mailing lists where new exploits and defenses first are publicized to the world. Certainly, the crackers read these lists and immediately will try each new exploit, so it is imperative that that you respond to these reported exploits immediately. I consider subscribing to these lists and reading the e-mails in a timely fashion to be mandatory for maintaining security. It is this author's opinion that where misery goes, lawyers follow making sure that someone pays for it. Major Web-related lawsuits have been very sparse to date. As the Web matures and becomes a major part of everyday life, that is likely to change.
It can be frustrating as these "critical" security mailing lists constitute roughly 1,000 lines of e-mail per day. That's 20 pages. Most have a "digest" option to group individual messages into fewer larger messages. At the start of most is a Table of Contents that may be quickly scanned for mention of problems associated with Linux or common cross-platform issues. For those many shops that maintain a variety of platforms, the discussion of security on these other platforms, most notably the various UNIX vendors and variations on Windows and Windows NT, will also be quite useful. A.1.1 U.S. Government's CERT Coordination CenterCERT Coordination Center is the U.S. government's clearinghouse for computer security matters, especially incidents, exploits, and responses. CERT originally stood for Computer Emergency Response Team. It was and still is funded by the U.S. Department of Defense's Defense Advanced Research Projects Agency (DARPA, formerly ARPA). It is managed by Carnegie Mellon University and was formed in December 1988 after Morris' worm crippled about 10 percent of all Internet-connected computers. They provide excellent analysis and notification of security problems, frequently supplying fixes to reported problems. echo hi | Mail -s 'SUBSCRIBE you@somewhere.com' \ cert-advisory-request@cert.org Additionally, they have a Web site at www.cert.org/ A.1.2 U.S. Government's CIACThis is another good mailing list. Subscribe by sending e-mail to majordomo@tholia.llnl.gov and include the following in the body of the letter: subscribe ciac-bulletin CIAC also offers a Web site at http://ciac.llnl.gov/ Their bulletin on securing Web server sites is useful, though after reading this book, it should seem quite familiar. Find it at http://ciac.llnl.gov/ciac/bulletins/j-042.shtml A.1.3 BugtraqThis mailing list keeps its subscribers up to date on the latest bugs and fixes or workarounds. It includes Linux, UNIX, Windows, and less-common operating systems. Also, it covers programs that are distributed independently of the OS "distribution" and even covers commercial products. It is my favorite security mailing list. It typically is sent out every two to five days and contains roughly 1,000 lines in each e-mail. However, it provides a short Table of Contents at the beginning with an excellent description of each item to be discussed, so that in under 30 seconds you can decide if any of the problems affect your configuration. As this is being written, today's Table of Contents includes two chapters on vulnerabilities in the Linux 2.2.x kernel's IP Masquerading code that allows any remote intruder to tunnel through a firewall. Any UDP traffic that is Masqueraded to the outside is vulnerable, including DNS and NetBIOS. Interested? To subscribe, send e-mail to LISTSERV@NETSPACE.ORG with the body of the mail being SUBscribe BUGTRAQ Complete instructions for using the list, including posting, will be sent to you. A.1.4 ISS' X-ForceInternet Security Systems (ISS) is a company in Atlanta, Georgia, that provides security products and consulting. It has very knowledgeable people and it is one of the top security firms in the world; ISS provides a lot of security information for free. One of its top people, Mike Warfield, was a technical reviewer for this book. When vulnerabilities are reported in the mailing list, it is common for fixes or workarounds to be provided. Its database of threats and vulnerabilities is called X-Force and this name appears in the e-mail. Its ISS Security Alert Summary may be subscribed to via the following: echo subscribe alert you@isp.com \ | Mail -s '' majordomo@iss.net Additionally, ISS has a free Web site with a large searchable database of vulnerabilities, found at www.iss.net/security_center/ A.1.5 The mail-abuse.org SiteThis site is about stopping spam both how to block spam from coming into your site and how to test your site and configure it so that it will not relay (forward) spam to other sites. It may be reached at www.mail-abuse.org/ If you telnet to mail-abuse.org it will test your mail server and report whether it appears willing to relay spam to third parties. By appears, it is meant that it accepts such a request. Some mailers will accept the spam and then delete it. |
Top |