Michael AM Felt

Michael AM Felt

Bookmark and Share

Recent Posts

  • Back to Basics: aixpert
    May 2, 2018
  • Determining Patching Responsibility
    March 22, 2018
  • AIX, Security and the Basics
    February 27, 2018
  • The Danger of SUID, and using FLRTVC to Identify Vulnerabilities
    February 8, 2018
  • Revealing the Obvious in OpenSSL
    January 2, 2018
  • OpenSSH-6.8p1 With LibreSSL (LibreSSH) Is Now!

    OpenSSH with LibreSSL is now available. I have tested LibreSSH on AIX 5.3 TL7, AIX 6.1 TL7 and AIX 7.1 TL3 and it works on all of them. The starting point in each case is that openssl.base and openssh.base were also installed. The special behavior is that aixtools.libressl.openssh copies the config files and keys from /etc/ssh to /var/openssh/etc and "downgrades" the ciphers and Key Exchange Algorithms (KexAlgorithms) so that they are equivalent (more on that later). This is to be sure you have connectivity with your current clients after installation. Note: the SRC subsystem for sshd is also modified to start "LibreSSH".

    Read More

    Posted: July 6, 2015 |

    Updating to the Latest AIX Technology Level

    How about an update on the latest Technology Level on AIX? Why bother updating to the latest TL? Well, hopefully you’re already using aixpert for your basic hardening. If you’re not, I recommend using -- as a starting point -- the CIS benchmark for AIX 6.1 or 7.1. 

    Read More

    Posted: June 24, 2015 |

    OpenSSH Built on LibreSSL

    Last year, OpenSSL got a lot of bad press. These concerns were addressed by the OpenSSL developers and we have newer versions available. Another group of developers (OpenBSD) is much more critical of the current state of OpenSSL and started their own branch of OpenSSL – naming it “LibreSSL.”

    Read More

    Posted: April 26, 2015 |

    Please Answer This

    What is your primary concern when you think about IT security?

    Read More

    Posted: April 2, 2015 |

    SSL – You Have a Choice Very Soon!

    First thing: What’s in a name? We generally speak and write SSL, but what we really should mean is TLS. For this blog, I shall continue this convention of SSL but soon I shall speak TLS only!

    Read More

    Posted: February 17, 2015 |

    Things To Have Done Early in 2015

    Happy New Year! I wanted to provide you with a checklist of things you should do early this year. Here’s the list and then I’ll dive deeper into each item:

    1. Activate aixpert at level medium or stricter.
    2. Review or configure syslog.
    3. Review or configure audit.
    4. Set password algorithm to ssha256.
    5. Disable login/su for “idle” accounts.

    Read More

    Posted: January 15, 2015 |

    Aixpert, the Low-Hanging Fruit

    I was daydreaming while enjoying a coffee. My thoughts this morning were about a whitepaper on sudo. I wonder what people are saying about sudo these days?

    Read More

    Posted: December 15, 2014 |

    Still Breathing

    Still breathing... This year has been - different - for me. Generally speaking, my trips to customers are about 25% security related, and the rest is performance related. This year has been too light as far as security is concerned. 

    Read More

    Posted: December 4, 2014 |

    Use Dual-Key Authentication for Special Accounts

    A question about the risk of being able to login as root either remotely or limited to the (virtual) console came up on a discussion group in LinkedIn recently. Ideally, there is no need to ever login as root (the big question or risk being: who is root today). Instead, users should be logging as as themselves and then using a mechanism to switchuser (su, sudo, super, etc.) to root.

    Read More

    Posted: October 20, 2014 |

    My Role-Based Security Questions for You

    This year has been difficult for me to be "security minded." Besides security, I also do performance trouble-shooting and consultancy and this year that has kept me very busy. So, I do not feel like I have anything "new and improved" to share with you about how to improve the AIX security layer.

    Read More

    Posted: July 14, 2014 |

    Displaying results 21-30 (of 47)
     |<  <  1 - 2 - 3 - 4 - 5  >  >|