Comments for Open Source Security

Comment on Bare Metal Versus Hosted Hypervisor Security by Klaus Heinrich Kiwi

Klaus Heinrich Kiwi — Wed, 18 Aug 2010 15:12:50 +0000

Hey George,
I completely agree.

Network port sharing with bridges, as a simple example, should be clearly part of the TCB and is often done in a privileged guest in Type I hypervisors.

Speaking of which, I guess this whole concept of “privileged guest” that is common among Type I hypervisors must be taken into account when looking into virtualization security.

And also the fact that “bare metal” hypervisors doesn’t necessarily mean it’s a thinner layer.

Comment on Cryptographic Snake Oil by Snake-oil security claims on crypto security product at Playhouse of privacy, security, hacking, encryption, intelligence and some business stuff

Mon, 19 Jul 2010 20:35:34 +0000

[...] can see this very good Cryptographic Snake Oil Examples by Emility Ratliff (IBM Architect at Linux Security), that tried to make clear example on how to [...]

Comment on Systems Security Seven for Dec. 11 by Sergio Chaves

Sergio Chaves — Sun, 16 May 2010 20:31:21 +0000

Hi, I was wondering if it would be possible for you to answer a few questions for a research paper I’m writing for school about the benefits of open-source in security.

Comment on sVirt Stronger Security for Linux Virtualization by Michael

Michael — Thu, 22 Apr 2010 20:37:19 +0000

That is why security is very important in Virtual machines. One bug could crash a lot of servers because of one bug only

Comment on Password length by Maximum Password Length On Linux » Anthony R. Thompson's Blog

Maximum Password Length On Linux » Anthony R. Thompson's Blog — Sun, 07 Feb 2010 10:35:14 +0000

[...] looking at this blog post on Password Length, I figured the program would stop at 79 or 127 or something, but to my surprise it didn’t, it [...]

Comment on sVirt Stronger Security for Linux Virtualization by Year In Review | Tek-Tools

Year In Review | Tek-Tools — Fri, 01 Jan 2010 18:24:20 +0000

[...] Open Source Security » Blog Archive » sVirt Stronger Security for … – While Virtualization offers many benefits, there can also be increased security risks. For example, consider a system running two hundred virtual images. All two hundred images are at risk if a flaw in the hypervisor (or configuration) … [...]

Comment on Explaining Linux Security by Tony

Tony — Thu, 13 Aug 2009 13:11:23 +0000

Perfect and to the point! Linux (actually any *nix) security has always been a bit of a dark art. There are documents (policies) that describe how to harden or minimize your attack footprint. Every IT organization needs to conform to some security policy. Examples are NIST 800-53, DISA Unix STIGs, Center for Internet Security, DCID 6/3, SANS LAMP and 20 Critical Security Controls and many more. As Doc mentioned, you shouldn’t need to understand the science in order to use it. Security should be easy—like turning a key or pushing a button—in order to use it.

Security Blanket by Trusted Computer Solutions strives to be that button. The product is feature rich and easy to use. There is a free trial and the development staff has built a how-to blog at http://tcs-security-blanket.blogspot.com/ The product is available for z series computing.

Comment on Blueprint: Using MIT-Kerberos with IBM Tivoli Directory Server backend by Pradeep

Pradeep — Mon, 11 May 2009 08:50:30 +0000

Thanks Klaus for explaining Authentication and authorization in simple terms. I would like to read more on kereros from you.

Comment on Blueprint: Using MIT-Kerberos with IBM Tivoli Directory Server backend by George Wilson

George Wilson — Wed, 29 Apr 2009 19:52:29 +0000

Thanks for the all the background material, Klaus. I’ve bookmarked a couple of the links I didn’t previously know about. Very useful post for me.

Comment on Blueprint: Using MIT-Kerberos with IBM Tivoli Directory Server backend by Bryan Jacobson

Bryan Jacobson — Wed, 29 Apr 2009 17:37:48 +0000

Klaus, wow! I was surprised how much I learned from your post, Thanks!