First thing: What’s in a name? We generally speak and write SSL, but what we really should mean is TLS. For this blog, I shall continue this convention of SSL but soon I shall speak TLS only!
Posted: February 17, 2015 |
Happy New Year! I wanted to provide you with a checklist of things you should do early this year. Here’s the list and then I’ll dive deeper into each item:
- Activate aixpert at level medium or stricter.
- Review or configure syslog.
- Review or configure audit.
- Set password algorithm to ssha256.
- Disable login/su for “idle” accounts.
Posted: January 15, 2015 |
I was daydreaming while enjoying a coffee. My thoughts this morning were about a whitepaper on sudo. I wonder what people are saying about sudo these days?
Posted: December 15, 2014 |
This year has been - different - for me. Generally speaking, my trips to customers are about 25% security related, and the rest is performance related. This year has been too light as far as security is concerned.
Posted: December 04, 2014 |
A question about the risk of being able to login as root either remotely or limited to the (virtual) console came up on a discussion group in LinkedIn recently. Ideally, there is no need to ever login as root (the big question or risk being: who is root today). Instead, users should be logging as as themselves and then using a mechanism to switchuser (su, sudo, super, etc.) to root.
Posted: October 20, 2014 |
This year has been difficult for me to be "security minded." Besides security, I also do performance trouble-shooting and consultancy and this year that has kept me very busy. So, I do not feel like I have anything "new and improved" to share with you about how to improve the AIX security layer.
Posted: July 14, 2014 |
Time just keeps slipping by. This feels like a New Years best-intention gone bad. Three times before I have started a SecuringAIX blog and three times I have not finished.
So today must be different. I must finish this blog entry – anything will be better than nothing.
Posted: June 10, 2014 |
What does it take to get management's attention, to get the higher ups to be serious about getting something done with securing systems?
I really enjoy discussing and implementing systems security.
Posted: December 17, 2013 |
I have an AIX server—on the Internet—and I have been naughty! Shame on me!
My intent is that this server is “open” just enough so "random" activity looking for servers to breach does not take it down. I say "random" because I doubt my ISP would be happy if I were the target of directed or sustained attacks. So, I try not to be too inviting.
Posted: October 14, 2013 |
Recently, I was at a customer site where I heard a conversation between an AIX admin and a Linux admin who were discussing their concerns regarding password-hash compatibility with Linux, active directory (AD) lightweight directory access protocol (LDAP) passwords and AIX.
Posted: September 23, 2013 |