Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Possible compromised openssh packages from RedHat for RHEL4 and RHEL5

http://www.redhat.com/security/data/openssh-blacklist.html - RedHats distribution servers were infiltrated and some openssh packages were compromised. There is a small possibility that some RHEL4 and RHEL5 systems who updated during the compromise have installed malicious openssh packages. RedHat has released a script to determine if the system has been compromised. It is suggested that the script (available at the URL above) be run on all RHEL4 and RHEL5 machines to determine compromise.

Possible compromised openssh packages from RedHat for RHEL4 and RHEL5

http://www.redhat.com/security/data/openssh-blacklist.html - RedHats distribution servers were infiltrated and some openssh packages were compromised. There is a small possibility that some RHEL4 and RHEL5 systems who updated during the compromise have installed malicious openssh packages. RedHat has released a script to determine if the system has been compromised. It is suggested that the script (available at the URL above) be run on all RHEL4 and RHEL5 machines to determine compromise.

Advisory ID: cisco-sa-20080610-snmpv3

3750 crashed. Cisco recommends upgrading the code. I will upgrade the internal-fw-untrusted switch on Thursday, 3/20 and use those copper GBICs for the internal-fw-campus uplinks to gateway.campus.ias.edu. That will free up 4 fiber gbics. I will use one of those for outside-fw-bbc4 and two for BBC4-server.net.ias.edu.

I need to order the SM fiber and mode-conditioning fiber SOON!!

BIND DNS Cache Poisoning Issue

http://www.isc.org/index.pl?/sw/bind/bind-security.php - A weakness in the DNS protocol could lead to DNS poisoning of caching recursive name servers. This affects all non-DNSSEC protected domains. Newer versions of BIND utilize Query Port Randomization for BIND 9 which helps to mitigate the problem, but is not a full solution. The only proven solution to protect your domain from this attack is to implement DNSSEC on your authoritative name servers.

BIND DNS Cache Poisoning Issue

http://www.isc.org/index.pl?/sw/bind/bind-security.php - A weakness in the DNS protocol could lead to DNS poisoning of caching recursive name servers. This affects all non-DNSSEC protected domains. Newer versions of BIND utilize Query Port Randomization for BIND 9 which helps to mitigate the problem, but is not a full solution. The only proven solution to protect your domain from this attack is to implement DNSSEC on your authoritative name servers.

BIND DNS Cache Poisoning Issue

http://www.isc.org/index.pl?/sw/bind/bind-security.php - A weakness in the DNS protocol could lead to DNS poisoning of caching recursive name servers. This affects all non-DNSSEC protected domains. Newer versions of BIND utilize Query Port Randomization for BIND 9 which helps to mitigate the problem, but is not a full solution. The only proven solution to protect your domain from this attack is to implement DNSSEC on your authoritative name servers.

Serious SSL vulnerability for Debian/Ubuntu

http://lists.debian.org/debian-security-announce/2008/msg00152.html - Debian released this announcement today pertaining to their openssl libraries. It has been determined that a Debian specific patch to openssl has been using a weak and easily determined pseudo random number generator for creating ssl certificates. This patch was made to fix CVE-2008-0166, but ended up creating a new issue. This was introduced into Debians testing environment in September 2006, and was moved into their etch release.

Serious SSL vulnerability for Debian/Ubuntu

http://lists.debian.org/debian-security-announce/2008/msg00152.html - Debian released this announcement today pertaining to their openssl libraries. It has been determined that a Debian specific patch to openssl has been using a weak and easily determined pseudo random number generator for creating ssl certificates. This patch was made to fix CVE-2008-0166, but ended up creating a new issue. This was introduced into Debians testing environment in September 2006, and was moved into their etch release.

Serious SSL vulnerability for Debian/Ubuntu

http://lists.debian.org/debian-security-announce/2008/msg00152.html - Debian released this announcement today pertaining to their openssl libraries. It has been determined that a Debian specific patch to openssl has been using a weak and easily determined pseudo random number generator for creating ssl certificates. This patch was made to fix CVE-2008-0166, but ended up creating a new issue. This was introduced into Debians testing environment in September 2006, and was moved into their etch release.

Pages