[Courses] [Security] Books and mailing lists

Raven, corporate courtesan raven at oneeyedcrow.net
Tue Mar 5 17:33:34 EST 2002 

Heya --

Quoth Laura Bowser (Tue, Mar 05, 2002 at 10:51:29AM -0500):
> I think the bugtraq vulnerability database at security focus is more
> essential than the mailing list - all the cruft has been cleaned out. 

	That's a good resource too.  Personally, I use Bugtraq's mailing
list just so that I know I hear about it when a bug is found that
impacts my systems.  Once I know it's there, I can generally look up the
details in several places.  But Bugtraq is the place that I hear about
it in the first place.   (Either that or the panicked call from one of
my fellow sysadmins.  [grin]) 

> CERT is sometimes useful, but almost always "late" in keeping up with
> issues.  although they and SANS have good "synopsis" e-mails that they
> send out every quarter or so.
 
	Yah, SANS is great.  Someday I'll be independently wealthy and
be able to afford one of their courses.

	For the newbies, SANS (http://www.sans.org/) is one of the most
respected groups in the security community.  They publish lots of
helpful books, run technical training courses, and hold conferences
where people can share knowledge about network security.  They also
are responsible for large amounts of online information about security,
in just about any form you can think of.  Check out their website; it's
well worth it.

	I think the recent SNMP vulnerability announced makes a good
example case.  I first heard about the hole from Bugtraq's mailing list.
Just as I was reading the advisory
(http://online.securityfocus.com/archive/1/255807), I heard swearing
from the next cubicle over.  The post to Bugtraq was the CERT advisory.
Once I knew about it, I started looking at the systems affected to see
which of those I administered.  Then I could take steps to deal with the
problem.  The relevant parts for me were the Cisco advisory, the FreeBSD
advisory, and this:

NET-SNMP      

	All  ucd-snmp  version  prior  to  4.2.2  are  susceptible to
this vulnerability  and  users  of  versions  prior to version 4.2.2 are
encouraged   to   upgrade   their  software  as  soon  as  possible
(http://www.net-snmp.org/download/).  Version  4.2.2 and higher are not
susceptible.

	So I had to upgrade versions on the systems that used SNMP.  No
big deal -- but it could have been if I didn't know about the problem.

	It definitely was the case this time that CERT was not the
fastest of places.  The problems had been discovered months ago, but
were not announced to the public until the vendors had had time to
produce patches and test their own systems.  (But I think full
disclosure vs. notifying only the vendor is an argument for another
time.)

Cheers,
Raven

More information about the Courses mailing list