Section A.1 Mailing ListsThe Mandatory Ones

   


A.1 Mailing Lists The Mandatory Ones

These are the mailing lists where new exploits and defenses first are publicized to the world. Certainly, the crackers read these lists and immediately will try each new exploit, so it is imperative that that you respond to these reported exploits immediately. I consider subscribing to these lists and reading the e-mails in a timely fashion to be mandatory for maintaining security. It is this author's opinion that where misery goes, lawyers follow making sure that someone pays for it. Major Web-related lawsuits have been very sparse to date. As the Web matures and becomes a major part of everyday life, that is likely to change.

It is my understanding that a major reason PAN AM Airlines, once one of the largest U.S airlines, no longer exists is because quite literally it was sued out of existence by relatives of passengers on Flight 103, which was blown out of the sky by terrorists over Lockerbie, Scotland, in 1988.

Even though there was very strong evidence that the bomb was planted by terrorists Fhimah and al-Megrahi, who were employed by Libya's Intelligence Service and who had infiltrated airport security in Malta, PAN AM was successfully sued.


It can be frustrating as these "critical" security mailing lists constitute roughly 1,000 lines of e-mail per day. That's 20 pages. Most have a "digest" option to group individual messages into fewer larger messages. At the start of most is a Table of Contents that may be quickly scanned for mention of problems associated with Linux or common cross-platform issues. For those many shops that maintain a variety of platforms, the discussion of security on these other platforms, most notably the various UNIX vendors and variations on Windows and Windows NT, will also be quite useful.

A.1.1 U.S. Government's CERT Coordination Center

CERT Coordination Center is the U.S. government's clearinghouse for computer security matters, especially incidents, exploits, and responses. CERT originally stood for Computer Emergency Response Team. It was and still is funded by the U.S. Department of Defense's Defense Advanced Research Projects Agency (DARPA, formerly ARPA). It is managed by Carnegie Mellon University and was formed in December 1988 after Morris' worm crippled about 10 percent of all Internet-connected computers. They provide excellent analysis and notification of security problems, frequently supplying fixes to reported problems.

 
 echo hi | Mail -s 'SUBSCRIBE you@somewhere.com' \   cert-advisory-request@cert.org 

Additionally, they have a Web site at

www.cert.org/

A.1.2 U.S. Government's CIAC

This is another good mailing list. Subscribe by sending e-mail to

majordomo@tholia.llnl.gov

and include the following in the body of the letter:

 
 subscribe ciac-bulletin 

CIAC also offers a Web site at

http://ciac.llnl.gov/

Their bulletin on securing Web server sites is useful, though after reading this book, it should seem quite familiar. Find it at

http://ciac.llnl.gov/ciac/bulletins/j-042.shtml

A.1.3 Bugtraq

This mailing list keeps its subscribers up to date on the latest bugs and fixes or workarounds. It includes Linux, UNIX, Windows, and less-common operating systems. Also, it covers programs that are distributed independently of the OS "distribution" and even covers commercial products. It is my favorite security mailing list. It typically is sent out every two to five days and contains roughly 1,000 lines in each e-mail. However, it provides a short Table of Contents at the beginning with an excellent description of each item to be discussed, so that in under 30 seconds you can decide if any of the problems affect your configuration.

As this is being written, today's Table of Contents includes two chapters on vulnerabilities in the Linux 2.2.x kernel's IP Masquerading code that allows any remote intruder to tunnel through a firewall. Any UDP traffic that is Masqueraded to the outside is vulnerable, including DNS and NetBIOS. Interested?

To subscribe, send e-mail to LISTSERV@NETSPACE.ORG with the body of the mail being

 
 SUBscribe BUGTRAQ 

Complete instructions for using the list, including posting, will be sent to you.

A.1.4 ISS' X-Force

Internet Security Systems (ISS) is a company in Atlanta, Georgia, that provides security products and consulting. It has very knowledgeable people and it is one of the top security firms in the world; ISS provides a lot of security information for free. One of its top people, Mike Warfield, was a technical reviewer for this book.

When vulnerabilities are reported in the mailing list, it is common for fixes or workarounds to be provided. Its database of threats and vulnerabilities is called X-Force and this name appears in the e-mail. Its ISS Security Alert Summary may be subscribed to via the following:

 
 echo subscribe alert you@isp.com \   | Mail -s '' majordomo@iss.net 

Additionally, ISS has a free Web site with a large searchable database of vulnerabilities, found at

www.iss.net/security_center/

A.1.5 The mail-abuse.org Site

This site is about stopping spam both how to block spam from coming into your site and how to test your site and configure it so that it will not relay (forward) spam to other sites. It may be reached at

www.mail-abuse.org/

If you telnet to

mail-abuse.org

it will test your mail server and report whether it appears willing to relay spam to third parties. By appears, it is meant that it accepts such a request. Some mailers will accept the spam and then delete it.


       
    Top


    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net