≡ Menu

network security

Red hat issued update for NSPR and NSS packages that fix a bug and add an enhancement are now
available for download via RHN for RHEL 5.x systems.

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic
memory management (malloc and free) and shared library linking.

The program would hang when using the batch processing feature of the certutil tool. These packages fix this issue so that the program does not hang when using the batch processing feature of the certutil tool.

These updated packages provide base and cryptography services required by Mozilla Firefox 3.

How do I update my system?

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Simply login as root and type the following command:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package yelp.x86_64 0:2.16.0-19.el5 set to be updated
---> Package nspr.i386 0:4.7.1-1.el5 set to be updated
---> Package nspr.x86_64 0:4.7.1-1.el5 set to be updated
---> Package nss.i386 0:3.12.0.3-1.el5 set to be updated
---> Package nss-tools.x86_64 0:3.12.0.3-1.el5 set to be updated
---> Package nss.x86_64 0:3.12.0.3-1.el5 set to be updated
---> Package xulrunner.x86_64 0:1.9-1.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 nspr                    i386       4.7.1-1.el5      rhel-x86_64-server-5  119 k
 nspr                    x86_64     4.7.1-1.el5      rhel-x86_64-server-5  117 k
 nss                     i386       3.12.0.3-1.el5   rhel-x86_64-server-5  1.1 M
 nss                     x86_64     3.12.0.3-1.el5   rhel-x86_64-server-5  1.1 M
 nss-tools               x86_64     3.12.0.3-1.el5   rhel-x86_64-server-5  2.2 M
 xulrunner               x86_64     1.9-1.el5        rhel-x86_64-server-5   10 M
 yelp                    x86_64     2.16.0-19.el5    rhel-x86_64-server-5  583 k
Transaction Summary
=============================================================================
Install      0 Package(s)
Update       7 Package(s)
Remove       0 Package(s)
Total download size: 16 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): xulrunner-1.9-1.el 100% |=========================|  10 MB    00:09
(2/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB    00:00
(3/7): nss-tools-3.12.0.3 100% |=========================| 2.2 MB    00:02
(4/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB    00:00
(5/7): nspr-4.7.1-1.el5.x 100% |=========================| 117 kB    00:00
(6/7): nspr-4.7.1-1.el5.i 100% |=========================| 119 kB    00:00
(7/7): yelp-2.16.0-19.el5 100% |=========================| 583 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : nspr                         ####################### [ 1/14]
  Updating  : nss                          ####################### [ 2/14]
  Updating  : xulrunner                    ####################### [ 3/14]
  Updating  : nspr                         ####################### [ 4/14]
  Updating  : yelp                         ####################### [ 5/14]
  Updating  : nss-tools                    ####################### [ 6/14]
  Updating  : nss                          ####################### [ 7/14]
warning: /etc/pki/nssdb/cert8.db created as /etc/pki/nssdb/cert8.db.rpmnew
warning: /etc/pki/nssdb/key3.db created as /etc/pki/nssdb/key3.db.rpmnew
  Cleanup   : yelp                         ####################### [ 8/14]
  Cleanup   : nspr                         ####################### [ 9/14]
  Cleanup   : nspr                         ####################### [10/14]
  Cleanup   : nss                          ####################### [11/14]
  Cleanup   : nss-tools                    ####################### [12/14]
  Cleanup   : nss                          ####################### [13/14]
  Cleanup   : xulrunner                    ####################### [14/14]
Updated: nspr.i386 0:4.7.1-1.el5 nspr.x86_64 0:4.7.1-1.el5 nss.i386 0:3.12.0.3-1.el5 nss.x86_64 0:3.12.0.3-1.el5 nss-tools.x86_64 0:3.12.0.3-1.el5 xulrunner.x86_64 0:1.9-1.el5 yelp.x86_64 0:2.16.0-19.el5
Complete!

Recently I started to play with scapy - a powerful interactive packet manipulation and custom packet generation program written using Python. Please note that this tool is not for a new Linux / UNIX users. This tool requires extensive knowledge of network protocols, packets, layers and other hardcore networking concepts. This tool is extermly useful for
a] Understanding network headers
b] Testing network security
c] Write your own utilities using scapy
d] Decoding protocols etc

From the man page:

You can use this tool to check the security of your own network as it allows to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics such as VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, etc.

[click to continue…]