March 05, 2002, 12:00 AM — The worst thing that can happen to a security administrator is to be
oblivious to the newest, and thus most pressing, vulnerabilities that
can affect your systems. Without prompt action -- upgrades, patches,
increased access restrictions, or turning off software all together --
you are likely to fall victim to the latest exploits or worms.
So, whom should you turn to for this nay-crucial information? You can
find good Linux security information at a bunch of places, but I trust
very few sources that to provide me timely vulnerability announcements.
Most have both Web pages and email lists. Personally, I don't rely on
Web pages because I've never been good at checking things periodically
(and too many of them don't render well in lynx). I prefer email
because. It's something I check every few seconds and I can use
procmail to make sure important messages get sent to my pager in case
I'm doing something rare, like sleeping.
So, without further rambling, here are my suggestions for must-read
* CERT: The granddaddy of alert notification. CERT advisories are
usually reserved for the big problems, such as the widespread
SNMP problems, required careful coordination between multiple
vendors to avoid 'spilling the beans' too early, or the
latest 'Become the Windows Administrator user in 2 easy packets'
$ echo 'subscribe cert-advisory' | mail firstname.lastname@example.org
* SANS Security Alert Consensus: The SANS organization sends out
alerts similar to CERT, though usually with more useful
information such as custom tools you can use to audit your
systems. This newsletter is actually a weekly security summary,
but they use it for important alerts as well.
* Incidents: On this list, admins can submit information about
suspicious network activity they've captured. When new worms and
exploits start making the rounds, this is often the first place
they are seen on the radar. It can get pretty high volume as
folks try to figure out what they're seeing in the wild.
$ echo 'SUBS incidents Firstname Lastname' | mail
* Bugtraq: Bugtraq was the original full disclosure list, and it
is an absolute essential to any administrator. Vendors and
hackers alike announce vulnerabilities here. Often no solutions
are suggested, but folks on the list quickly discuss appropriate
responses to the problem.
$ echo 'SUBS bugtraq Firstname Lastname' | mail
* Linux Distro: Whichever Linux distribution you use likely has an
email list dedicated to security concerns.