Last year, OpenSSL got a lot of bad press – and some felt very deserved bad press. These were addressed by the OpenSSL developers and we have newer versions that have patched these “concerns.”
Another group of developers (OpenBSD) is much more critical of the current state of OpenSSL – even after the patches – because they feel there are inherent problems with the way OpenSSL has developed. They took the course of “putting their money where their mouth is” and started their own branch of OpenSSL – naming it “LibreSSL.”
Posted: April 26, 2015 |
What is your primary concern when you think about IT security?
Posted: April 02, 2015 |
First thing: What’s in a name? We generally speak and write SSL, but what we really should mean is TLS. For this blog, I shall continue this convention of SSL but soon I shall speak TLS only!
Posted: February 17, 2015 |
Happy New Year! I wanted to provide you with a checklist of things you should do early this year. Here’s the list and then I’ll dive deeper into each item:
- Activate aixpert at level medium or stricter.
- Review or configure syslog.
- Review or configure audit.
- Set password algorithm to ssha256.
- Disable login/su for “idle” accounts.
Posted: January 15, 2015 |
I was daydreaming while enjoying a coffee. My thoughts this morning were about a whitepaper on sudo. I wonder what people are saying about sudo these days?
Posted: December 15, 2014 |
This year has been - different - for me. Generally speaking, my trips to customers are about 25% security related, and the rest is performance related. This year has been too light as far as security is concerned.
Posted: December 04, 2014 |
A question about the risk of being able to login as root either remotely or limited to the (virtual) console came up on a discussion group in LinkedIn recently. Ideally, there is no need to ever login as root (the big question or risk being: who is root today). Instead, users should be logging as as themselves and then using a mechanism to switchuser (su, sudo, super, etc.) to root.
Posted: October 20, 2014 |
This year has been difficult for me to be "security minded." Besides security, I also do performance trouble-shooting and consultancy and this year that has kept me very busy. So, I do not feel like I have anything "new and improved" to share with you about how to improve the AIX security layer.
Posted: July 14, 2014 |
Time just keeps slipping by. This feels like a New Years best-intention gone bad. Three times before I have started a SecuringAIX blog and three times I have not finished.
So today must be different. I must finish this blog entry – anything will be better than nothing.
Posted: June 10, 2014 |
What does it take to get management's attention, to get the higher ups to be serious about getting something done with securing systems?
I really enjoy discussing and implementing systems security.
Posted: December 17, 2013 |