Stories about: SSH

Reports of data losses and system breaches are almost becoming passe but from time to time events happen that take on a life of their own and have effects far beyond what the initial breach would normally represent.

A couple of weeks ago I reviewed WhatsUp Gold and liked what I found. Of course the topic of network management tools is one that is close to the heart of every network manager so a flurry of letters followed.

Ten great free network management tools were recently showcased. Readers responded with some of their own favorites, so I'm going to take a look at those tools and report on their capabilities and usage from my perspective as an experienced network manager.

If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday.

e-DMZ's Password Auto Repository (PAR) is delivered as a hardware appliance with all the services necessary for it to act as a privileged account password manager. All privileged account passwords are issued based on administratively designed rules. The passwords may be deemed valid for an indefinite life, for finite periods of time or for single purpose activities such as installations, upgrades or configuration changes.

Privileged IT staffers literally holds the keys to the castle. Access to those keys that open the doors to critical operating system and application resources must be carefully managed and legally audited. Enter the class of products referred to as privilege account management wares.

A supercomputing, pay-per-use service that would make supercomputing affordable to small and mid-sized businesses as well individuals who need added computation power, was announced Tuesday.

As enterprises seek out ways to reduce IT costs, optimize resources and improve operational efficiencies, three technology trends have started to dominate: virtualization, service-oriented architecture and mobility. More promising yet is the intertwining of these unique technologies.

With all the people out there willing to offer help on Linux, getting started should be pretty easy. But with many options in introductory books and easy-to-install distributions, choosing a place to start can be the hard part.

I first came across the Mu Security Analyzer when a co-worker on a multi-company government project raved about how the appliance found a zero-day vulnerability in an e-mail inspection device that was protecting a top secret government agency. It was a rather simple script bug in the other vendor's product, but it would have allowed uncontrolled code execution. The implication was that our top secret project could have been compromised by an external hacker running penetration tests against our e-mail services. Initially, the manufacturer of the compromised mail filter refused to believe that a weakness existed in its product. That is, until we sent the exploit, automatically generated by the Mu analyzer, that the vendor's engineers could run to see for themselves.