Security

Recent revelations in the areas of security and privacy have caught the attention of a wide audience and certainly have changed the attitude of many companies. But these revelations come with one piece of reassurance: Cryptography works. So whenever secrets are to be shared securely or privacy must be preserved, the best thing to do is encrypt all sensitive information. And as Google and others have experienced, this advice isn’t restricted to communication over the Internet; it extends to communication within intranets. Cryptography methods are highly complex. Therefore, using standard application programming interfaces (APIs), referring to well-known and trusted implementations of those methods, is a best practice to avoid security flaws when writing software that needs cryptography…

Read Full Article →

The article “Using OpenSSL to Strengthen the Security of Your z/VSE Environment and Communications” provided an overview of OpenSSL, how it was ported to z/VSE and how it’s exploited by the IPv6/VSe product from Barnard Software Inc. Here we discuss a special security flaw in the SHA-1 hash algorithm and show how Transport Layer Security (TLS) Version 1.2 overcomes this problem. It also examines how TLSv1.2 can be used in a z/VSE environment using OpenSSL…

Read Full Article →

Unless you’ve been sheltering yourself from the media, by now you’ve probably heard or read about “The Internet of Things,” or IoT. IoT is a bunch of “things,” also known as endpoint devices, that are connected to your network. IoT includes your servers, computers, mobile devices and any other device that connects to your network at any time. Just as there are now smartphones, there will soon be more “smart” devices that talk to other smart devices such as smart printers that let you know they’re running low on ink and send messages to other printers to print your job because the one you tried to print from is out of order. These devices will have operating systems behind them, such as Mac, Windows, Linux and others, and will have software that will need to be patched or updated. In a perfect world, these smart devices simplify our lives and automate tasks for us. However, there could be a big downfall to all this interconnectivity. All of these things that are connected to your network create new, two-way roads for attackers to travel. If they can attack your things, which connect to your corporate network, they can attack your network. And if they can attack your network, they can attack the things connected to it: computers, other devices, equipment and appliances…

Read Full Article →

As computer threats evolve, so, too, do security controls and the standards around them. In 2011, the U.S. National Institute of Standards and Technology (NIST) issued a document titled “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths,” which outlines a path of migration and upgrade for existing network security infrastructure. It specifically recommends changes in algorithm usage and an increase in the key lengths required for cryptographic operations within a particular timeline…

Read Full Article →

Compliance is no longer an optional facet of doing business. Government agencies, service providers, even customers may require a declaration and proof of compliance. Where it used to be that ad hoc reporting could fill the requirement for compliance documentation, business today must have a well-documented and defensible set of standards that prove their compliance to relevant standards. This means standardized tests, documented results and quantifiable reports. And it isn’t enough to meet the requirements of your home government, but now you must meet the privacy and compliance requirements of any country wherein your data resides…

Read Full Article →

In the last three issues, after discussing the difficulties with cross-platform security and single-sign-on, we suggested Lightweight Directory Access Protocol (LDAP) and Kerberos as the most effective approaches. Here, in this concluding article, we continue by describing how to think about these protocols and the important questions and steps to address when implementing them. You will see that while they offer significant advantages, they also require significant planning, standards enforcement and organizational shifts. While this can be a major effort, each part of it will simplify overall integration of the various platforms with which you deal…

Read Full Article →

Like many other open source models, Hadoop has followed a path that hasn’t focused much on security. To effectively use Big Data, it needs to be properly secured. However, if you try to force fit it into an older security model, you might end up compromising more than you think. But if you make it highly secure, using a legacy security model, it might interfere with performance…

Read Full Article →

Remember when you were a kid and your mom asked you to clean your room? Didn’t it seem like a waste of time? After all, it was just going to get dirty again. Keeping it clean required effort; effort you could have used instead to play. As you got older, however, you began to understand why it was important to keep a clean room. It allowed you to organize your things better, move around your room with ease and find things more easily…

Read Full Article →