A Penton Media Property
June 25, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991602-0-0-0-1-2-207
----------------------------------------
ADVERTISEMENT
St. Bernard Software
Win a 50" Plasma TV for Attending an Online Demo
See the #1 iPrism Web Filter in action and you could win a 50" TV. Just
for attending, you'll get a cool t-shirt! iPrism delivers unsurpassed
defense against spyware, malware, anonymizers, IM and P2P in the
powerful h-Series appliances. Sign up today and be a winner!
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991603-0-0-0-1-2-207
----------------------------------------
IN FOCUS
--Harden Your Ubuntu Systems with AppArmor
by Mark Joseph Edwards, News Editor
A lot of you probably use Linux for some of your application server
needs. Although there are a lot of different Linux flavors, most of them
are based on Debian or Red Hat code. I've worked with several Red
Hat-based Linux platforms, such as Red Hat Enterprise Linux and CentOS,
but I prefer Debian-based systems -- in particular Ubuntu Server. The
reasons are simple: Ubuntu Server is very mature, it's easy to
administer and keep up to date, it rarely ever breaks, it's fast, it's
free, and community support is phenomenal.
As you might know, when Canonical (the company that leads Ubuntu
development) released version 7.10, the company included AppArmor, which
helps limit the file resources that an application can access. AppArmor
was maintained by Novell until last year and now the open-source
community has picked up the ball (see the FAQ about AppArmor at the URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991604-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991605-0-0-0-1-2-207)
In a nutshell, AppArmor is a kernel-level subsystem that works by using
a unique policy profile for each of the applications and services that
you want to protect. Profiles contain lists of capabilities and file
system access rights that reduce potential attack surface area. All
forms of access not specifically defined in an application or service
profile are denied. So for example, if someone finds a way to inject and
launch malicious code through Apache, that exploit most likely won't
work if Apache is protected by AppArmor and the associated profile does
not allow any sort of execute privileges. The same goes for MySQL Server
and other common applications such as Firefox.
If you haven't enabled AppArmor on your Ubuntu desktops and servers then
you're missing out on some incredibly powerful security defenses.
Consider checking it out. The following basic information will help you
get started.
AppArmor is a service, so first of all you need to make sure the service
is started on your system. Secondly, you might want to install some
basic profiles that have been made available to the Ubuntu community.
Use your package manager to install "apparmor-profiles." With that done,
you need to know that AppArmor uses profiles in two different modes:
Enforce and Complain. Enforce mode is used to completely enforce your
application or service policy. Anything not implicitly allowed is
disallowed, which might break functionality if your policy profile isn't
broad enough. That's where Complain mode comes in handy. You can think
of Complain mode as a learning mode. Any application or service whose
profile is in Complain mode will run as usual, but its policy is not
enforced. Instead, its policy is compared with real-time activity, and
any problems or errors that might occur if the policy were in Enforce
mode are logged. This gives you the opportunity to review the logs and
debug your profiles before making them live on the system.
You also need to know that before you can automatically generate
policies, the target service or application must be running. Not only
that, but after enabling AppArmor you must restart any applications or
services. Also note that policy profiles are text-based files stored in
the /etc/apparmor.d directory. Finally, you need to know a few commands
because as far as I know there's no GUI for AppArmor on Ubuntu systems.
Below is a list of common commands along with a brief description of
what they each do:
/etc/init.d/apparmor {stop|start|reload} -- This command controls the
service itself
aa-status -- Displays a list of policies in use as well as which ones
are in Complain or Enforce mode
aa-unconfined -- Displays a list of applications and services with open
network ports that do not have AppArmor protection enabled
aa-complain -- Forces a policy into Complain mode for debugging purposes
aa-enforce -- Forces a policy into Enforce mode for real-time live
protection
aa-autodep -- Attempts to generate a profile for an application or
service, and the generated profile will most likely need further tuning
aa-genprof -- Attempts to generate a profile using aa-autodep, sets the
profile to Complain mode, and writes a marker to the system log
aa-logprof -- Powerful log analyzer that can show access errors and help
you automatically add new rules to a profile
When I enabled AppArmor for Apache2, there were problems with the base
policy. I had to add file access rights for Apache's configuration
files, PHP libraries, the Web content files, etc., and figuring it all
out took quite a while. To get a head start on the process, have a look
at the Maven blog at the first URL below, which will give you a good
idea of what might be required for your particular installation. You
might also want to install the Apache module, libapache2-mod-apparmor,
to handle issues where Apache might have to "change hats" to interact
with Perl scripts, etc. You can read about the change_hat functionality
of AppArmor at the second URL below.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991606-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991607-0-0-0-1-2-207)
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991608-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991609-0-0-0-1-2-207)
If you need more help getting started with AppArmor, be sure to review
the "man" pages for each command. Also, have a look at the AppArmor wiki
pages at Ubuntu's Web site at the first URL below, and refer to Novell's
AppArmor documentation at the second URL below.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991610-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991611-0-0-0-1-2-207)
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991612-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991613-0-0-0-1-2-207)
----------------------------------------
ADVERTISEMENT
Captaris
Fundamentals eBook--Introducing You to the IT Benefits of Fax Servers
Fax servers are rarely at the top of an IT professional's list of cool
technologies. But faxing is something that customers are comfortable
with, even if they aren't particularly computer literate. From IT's
perspective, implementing a fax server solution benefits both the users
and those who support them and the business process.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991614-0-0-0-1-2-207
----------------------------------------
SECURITY NEWS AND FEATURES
--Third Brigade Snaps Up Open-Source Security Project
Third Brigade announced that it has acquired OSSEC, an open-source
host-based intrusion detection system (IDS). The project will remain
open source and licensed under GPL, and Third Brigade intends to expand
the range of support for the tool.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991615-0-0-0-1-2-207
--More Servers Discovered Packed With Stolen Data
Between botnets, Trojans, and other exploits, plenty of data is stolen
from unsuspecting users. Where does it wind up? In some cases it ends up
on centralized servers run by intruders.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991616-0-0-0-1-2-207
--Cyveillance Ramps Up Phishing Protection
In addition to numerous other types of phishing protection, Cyveillance
recently added support for Microsoft Systems Management Server (SMS)
messaging.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991617-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991618-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991619-0-0-0-1-2-207)
GIVE AND TAKE
--SECURITY MATTERS BLOG: Microsoft Offers Help for Broken Security
Update Process
by Mark Joseph Edwards
When Microsoft released its batch of security updates for June, some
users of Systems Management Server (SMS) and System Center Configuration
Manager (ConfigMgr) 2007 discovered that they could not install the
updates properly. Help to work around that problem is now available.
Read the details in this blog article on our Web site.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991620-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991621-0-0-0-1-2-207)
--FAQ: Get Rid Of Cached Passwords
by John Savill
Q: How do I remove a cached password from a read-only domain controller
(RODC)?
Find the answer at
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991622-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991623-0-0-0-1-2-207)
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions.
Email your contributions to r2r@windowsitpro.com
(mailto:r2r@windowsitpro.com). If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.
PRODUCTS
--Protection Against SQL Injection and XSS Attacks
by Lavon Peters, Security Editor
The latest version of ThreatSentry, which is a software-based Microsoft
IIS Web application firewall and intrusion prevention solution from
Privacyware, provides more effective protection against SQL injection
attacks, cross-site scripting (XSS) attacks, and other Web application
and database attacks. ThreatSentry detects and blocks known and new
attacks, as well as unwanted Web application traffic. In addition, the
product aids compliance with Section 6.6 of the Payment Card Industry
Data Security Standard (PCI DSS). For more information, contact
Privacyware at 732-212-8110 or visit http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991624-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991625-0-0-0-1-2-207.
RESOURCES AND EVENTS
Learn the Fundamentals of Messaging Management Systems
IT security pros need to ensure that their messaging defense strategy
pulls its weight. A secure mail and messaging infrastructure is
fundamental to your business, and every organization needs to plan for
message hygiene, availability, and control services from the start.
Download this free resource before you evaluate a new message management
solution.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991626-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991627-0-0-0-1-2-207)
Delivering Reliable and Effective Web-Based Applications
Web-based services have become critical components of organizations'
line-of-business applications, and they need to be highly available to
prevent workflow disruption. To achieve that high availability, you need
to understand the operation of applications and be able to monitor the
components that make up your Web application infrastructure. Because
failing to meet service levels can have a company-wide impact,
implementing the tools and techniques that enable IT to live up to its
promises is a key requirement for delivering reliable and effective
Web-based services.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991628-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991629-0-0-0-1-2-207)
Best Practices for Managing ESI
Are you storing too much electronic information? It's absolutely
essential to implement and automate effective email retention policies
in balance with managing the costs and risks associated with
electronically stored information (ESI). However, it's tough to know
whether your retention policies and approach dovetail effectively with
today's complex regulations, standards, and guidelines for retaining
business records. Get expert legal advice and a better understanding of
what you're required to do in this on-demand Web seminar.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991630-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991631-0-0-0-1-2-207)
FEATURED WHITE PAPER
Why SaaS Is the Right Solution for Log Management
In the past five years, both governmental and industry-specific
regulations have included log management as a required control within an
infrastructure. Read this white paper to learn how an on-demand log
management solution is both cost effective and efficient.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991632-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991633-0-0-0-1-2-207)
ANNOUNCEMENTS
Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro
and SQL Server Magazine, plus bonus Web-exclusive content on
fundamentals and hot topics. Order today to receive the VIP CD and a
subscription to your choice of Windows IT Pro or SQL Server Magazine!
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991634-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991635-0-0-0-1-2-207)
Windows IT Pro Master CD: Take the Experts with You!
Find the solutions you need within the thousands of searchable articles,
helpful bonus content, and loads of expert advice on the Windows IT Pro
Master CD. A Master CD subscription buys you portable access to the
entire Windows IT Pro article database plus access to all the new
articles that we publish exclusively on WindowsITPro.com every day. It's
like having a team of consultants in your pocket! Get real-world
solutions fast--order the Windows IT Pro Master CD today.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991636-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991637-0-0-0-1-2-207)
Black Hat USA
Attend Black Hat USA, the world's premier technical event for ICT
security experts, August 2-7 in Las Vegas. Featuring 40 hands-on
training courses and 90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from 50 nations. Visit
product displays by 30 top sponsors in a relaxed setting. A special
Training session called Defend The Flag (DTF) is a unique two-day
hands-on training course designed to take the traditionally dry Windows
security training workshop and make it interactive, personal, and
visceral for each attendee. Students will gain the understanding of
modern exploitation tools and techniques in order to learn how to better
protect their Windows systems.
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991638-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991639-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991640-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991641-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991642-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991644-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-9765-803-202-62923-991645-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment