 |
|
|
|
|
|
Network File System Version 4 security: Kerberos and LIPKEY mechanisms
Use the enriched security features of Network File System (NFS) Version 4 to pave your way to public key technology. In this article, you'll examine the NFS Version 4 built-in security schemes, and how to use the existing Kerberos authentication database in a LIPKEY security mechanism. You'll also find out how to take the first steps for a migration or extension from Kerberos to the LIPKEY security mechanism.
|
|
Articles |
|
26 Apr 2006 |
|
| |
AIX security commands
Security is an important aspect of the AIX operating system. Follow along
with this quick reference guide on AIX Security commands to learn more.
|
|
Articles |
|
22 Jul 2008 |
|
| |
A comparison of security subsystems on AIX, Linux, and Solaris
Learn how to apply a strategy for implementing a single identification and authentication (I and A) framework across a heterogeneous, multi-platform environment. An I and A system provides a layer of abstraction between a user application and the implementation of any authentication or identification functions it needs to perform.
|
|
Articles |
|
13 Oct 2005 |
|
| |
Built-in Network Security with AIX
AIX has implemented an IETF, standards-based Internet security technology for providing Virtual Private Networking in its base operating system.
|
|
Articles |
|
15 Jun 2001 |
|
| |
Multi-security mechanisms with multifactor authentications
Authentication is a key component of security-based solutions. This article
discusses the risk associated with the use of the same security mechanisms in
multifactor authentication systems and the use of GSS-API as a suitable option for achieving the multi-security mechanism with multifactor authentication for enhanced security for solutions designed over UNIX.
|
|
Articles |
|
10 Mar 2009 |
|
| |
Using AIX Security Expert
AIXPert is an all-purpose GUI and command-line security tool that
incorporates over 300 security configuration settings. Learn about recent
enhancements implemented with AIX V6.1, including SOX auditing support, and go
through real scenarios to show how AIXPert can be used from the command line, smit, and the GUI.
|
|
Articles |
|
09 Dec 2008 |
|
| |
Enhanced password strength in IBM Network Authentication Service for AIX
In a Kerberos environment, protecting principals' passwords is imperative
to preserve the system security. Learn how Kerberos administrators can take advantage of
the password protection and password strength enhancement features provided by IBM
Network Authentication Service for AIX.
|
|
Articles |
|
01 Jul 2008 |
|
| |
Kerberos authentication for AIX Version 5.3 Network File System Version 4
Find out how to use application programming interfaces (APIs) when writing your own custom Kerberos-based authentication applications. Network File System Version 4 (NFS V4), the up and coming enterprise file system, uses the Kerberos security mechanism to address privacy, authentication, and integrity requirements. In this article, you'll examine different Kerberos credential cache name formats that AIX(R) NFS V4 supports and are required for authentication purposes. You'll also look at different methods of obtaining the Kerberos credential.
|
|
Articles |
|
05 Dec 2006 |
|
| |
Tunneling with SSH
Use OpenSource tools, such as Secure Shell (SSH), PuTTY, and Cygwin, to create secure connections to almost any resource you need to access. Current information on SSH tunneling and setup is fragmented and limited to specific applications, or it is written at a system administrator's level. With increasing security needs, the addition of boundary firewalls, and tightening of the number of allowed network ports, users need a method that is simple to configure, easy to operate and, above all, secure to accomplish day-to-day tasks and access the services that they have become accustomed to. This article describes the setup of a simple SSH client connecting to an AIX(R)- or Linux(R)-based SSH server that allows a typical, technically literate individual the ability to set up, configure, and operate a flexible means of tunneling data and services over the SSH service.
|
|
Articles |
|
17 Oct 2006 |
|
| |
IBM Network Authentication Service Version 1.4.0.8 for AIX 6.1
IBM Network Authentication Service Version 1.4.0.8 was released with the AIX
6.1 expansion pack CD and is also available on the IBM AIX Web Download Pack
Program. The new version has some good reasons, including new features and vital
fixes, for AIX Kerberos administrators to
upgrade. This article describes the features issued in this release and how these
features can benefit your Kerberos infrastructure over AIX and help enhance
security. The new release allows administrators to "ride up the grade," not simply upgrade.
|
|
Articles |
|
08 Sep 2009 |
|
| |
High scalability and availability of AIX secldapclntd using the Tivoli Directory
Server proxy
The secldapclntd daemon provides and manages connection between the AIX
security LDAP load module of the local host and an LDAP server, and handles
transactions from the LDAP load module to the LDAP server. Simple configuration
steps do not allow us to specify highly available and scalable LDAP servers at the
back end. This article lists the steps to configure a highly available and
scalable back-end LDAP for the secldapclntd daemon using the Tivoli Directory
Server proxy.
|
|
Articles |
|
01 Sep 2009 |
|
| |
Secure file transfer in a heterogeneous environment
File transfer is an essential and important activity in the day-to-day
computing world. Security lapses during file transfer can invite leak important data
to the external world. As a result, securing FTP is of primary importance. Hence, in
AIX V6.1, IBM has introduced a secure flavor of FTP (and ftpd), based on OpenSSL,
using Transport Layer Security (TLS) to encrypt both the command and the data
channels of file transfer. This article shows the advantage of using this AIX V6.1
feature and its usage between AIX and other heterogeneous systems that already
support this feature. This article focuses on AIX secure FTP with a Windows server.
|
|
Articles |
|
14 Apr 2009 |
|
| |
Understanding advanced AIX features: Role-based access control in simple steps
Security is a major concern of operating systems. This article series provides an understanding
of the new features on AIX, role-based access control and multi-level
security. Part 1 of this series discusses AIX
role-based access control (RBAC) and how roles, responsibilities, and the authorization of
a root user can be delegated to more than one user.
|
|
Articles |
|
23 Jun 2009 |
|
| |
DB2 pureScale
DB2 pureScale reduces the risk and cost of business growth by providing unlimited capacity, continuous availability, and
application transparency. DB2 pureScale on IBM Power Systems incorporates PowerHA pureScale technology to deliver levels of
database scalability and availability unmatched on UNIX or x86 systems. This complements DB2 for z/OS and System z, the undisputed
leader in total system availability, scalability, security and reliability.
|
|
|
|
08 Oct 2009 |
|
| |
Configure IBM Network Authentication Service master KDC with an LDAP back-end server on AIX
Learn how to configure the IBM Network Authentication Service (IBM Kerberos) with
an
LDAP (Lightweight Directory Access Protocol) directory to store Kerberos principal
and policy information. This article is a detailed guide for Kerberos
administrators who want to achieve security, scalability, and high availability using Kerberos and LDAP on AIX.
|
|
Articles |
|
17 Feb 2009 |
|
| |
Use auditing to track reads and writes in a file
In this article, discover how to track several events on AIX(R) with auditing, a major
feature of AIX security, and learn how to use auditing to keep track of the read and
write operations on a file. Also examine commands, such as ls or istat,
to check a file's time stamp.
|
|
Articles |
|
07 Aug 2007 |
|
| |
Is your AIX environment secure?
Are you concerned about protecting your AIX system from intruders? The author tells ways to maintain system integrity and highlights security tools you can use to diagnose an AIX system and identify potential security lapses.
|
|
Articles |
|
20 Dec 2002 |
|
| |
Deploying OpenSSH on AIX
Learn how to improve the security and integrity of your AIX(R) servers using network services provided by the OpenSSH implementation of the Secure Shell protocol.
|
|
Tutorials |
|
12 Sep 2002 |
|
| |
Securing AIX Network Services
In this online course, you'll gain a better understanding of the network services in AIX(R) and the impact each one has on system security. Use the information in this tutorial to achieve the right balance between functionality and security.
|
|
Tutorials |
|
12 Sep 2002 |
|
| |
Auditing and serviceability management in IBM Network Authentication Service for AIX
Auditing is a vital aspect of any software, and even so more if
the software provides security services. This article helps to understand the auditing and serviceability features provided in IBM Network Authentication Service.
Learn about the different server-side log files, how to enable them, and how to analyze them.
Also gain the expertise on how to turn on the debug message logging required for problem determination
and support activities.
|
|
Articles |
|
06 Jan 2009 |
|
| |
Implement two-factor authentication for AIX using Kerberos
In the ever-growing need for higher security systems, multi-factor
authentication is preferred for network security. Since Kerberos is one of the most
popular network authentication mechanisms, learn how to design a multi-factor
authentication over the Kerberos protocol. Understand the
use of One-Time Password (OTP) and GSS-API to achieve this.
|
|
Articles |
|
04 Nov 2008 |
|
| |
Tcsh shell variables
Tcsh is one of the most popular UNIX shells. Learn how you can use tcsh shell variables to make your work easier and take advantage of tcsh's advanced security features.
|
|
Articles |
|
26 Aug 2008 |
|
| |
Take a closer look at OpenBSD 4.3
OpenBSD provides a UNIX distribution with a primary emphasis on security
and cryptography. If you're looking for a UNIX distribution to deploy in the most critical nexus
in your network infrastructure, look no further than OpenBSD. The recent release of
OpenBSD -- version 4.3 -- includes several new features and bug fixes that this
article reviews.
|
|
Articles |
|
12 Aug 2008 |
|
| |
Understanding the Trusted Execution environment in AIX V6
This article covers the advanced security features of IBM AIX V6.1, Trusted
Execution environment. It educates AIX system administrators on how to ensure system
integrity at run-time as well as at stand-by time. This article, which acts as a
starting point to learn about the Trusted Execution environment, also covers the most commonly used commands and examples.
|
|
Articles |
|
08 Jul 2008 |
|
| |
Understanding EFS
Safeguard your data with the Encrypted File System (EFS), a new AIX(R) 6.1
security feature, and get a comprehensive picture on the configuration of EFS and
its usage. EFS can store the content of a file in an encrypted format at the file
system level. If you’re new to EFS, this article is a good starting point for
reviewing the need for EFS, its features, and most commonly used commands.
|
|
Articles |
|
29 Jan 2008 |
|
| |
Systems Administration Toolkit: Network scanning
Discover how to scan your network for services and how to regularly monitor
your services to keep uptimes to a maximum. A key way of ensuring the security of
your network is to know what is on your network and what services individual
machines are at risk of exposure. Unauthorized services, such as Web servers or file
sharing solutions, not only degrade performance, but others can use these services
as routes into your network. In this article, learn how to use these same techniques
to ensure that genuine services remain available.
|
|
Articles |
|
04 Dec 2007 |
|
| |
Configuring Network Information Service server and client on AIX
Security and user and group management are important aspects with respect to
any operating system. In distributed networks, one of the most important tasks is to
maintain the user and group information. For centralized management, many customers
use Network Information Service (NIS). This article provides an overview of NIS and
the steps to install and configure NIS as a server and client.
|
|
Articles |
|
27 Nov 2007 |
|
| |
nanoHUB does remote computing right
nanoHUB is a virtual computing center created to support nanotechnology
research. It uses open source components to achieve far more powerful results than
previous "remote access" facilities. This article details specific configurations
and enhancements necessary to make the most of the performance, security, and
usability such common software as VNC and WebDAV provides.
|
|
Articles |
|
02 Oct 2007 |
|
| |
Systems Administration Toolkit: Testing system validity
Examine methods of storing and later checking the validity of your
configuration files. Despite all the security systems you have in place, it is still
possible that somebody has accessed your system and changed your configuration or
security settings.
|
|
Articles |
|
11 Sep 2007 |
|
| |
Install and configure NIS+
Ease your system administration tasks and use Network Information Service
plus (NIS+) to quickly handle maintenance and security issues for information. NIS+
is a network-wide naming and administration service that works on a client-server
model. The server maintains all the details of the users and clients in a central
database. In this article, get step-by-step instructions on how to install,
configure, and administer NIS+.
|
|
Articles |
|
28 Aug 2007 |
|
| |
Securing remote AIX V6.1 data at rest using the SLES Encrypt File Container
See how you can secure data at rest exported by AIX and consumed by SUSE Linux
Enterprise Server via
the NFS protocol using the Encrypt File Container feature provided with SLES.
|
|
Articles |
|
13 Oct 2009 |
|
| |
Improve your memory programming
Are you tired of spending countless hours devoted to fixing memory faults? Do you
find yourself constantly being bogged down in programs that leak memory, violate memory
bounds, use uninitialized data, and devote an excessive amount of run time to memory
management? Use this article to help you conquer these pesky memory defects.
|
|
Articles |
|
04 May 2007 |
|
| |
Securing the Hardware Management Console
Get step-by-step instructions for things you should do during installation of the Hardware Management Console (HMC), measures you can take after installation, and maintenance guidelines to ensure that a secure system stays secure. The HMC, which plays a central role in the IBM virtualization strategy, controls hardware, configures logical partitions (LPAR), and assigns both physical and virtual devices. It is vital to systems management in a virtualized environment.
|
|
Articles |
|
06 Feb 2007 |
|
| |
Secure Kerberized authentication on Solaris 10 using IBM AIX Version 5.3
Set up a Kerberized environment to work with Solaris(TM) 10 and learn how to configure a Key Distribution Center (KDC) on AIX(R) Version 5.3. You'll also run through a series of steps for configuring a Kerberos client on Solaris 10 to authenticate users for Telnet, remote shell (rsh), and Secure Shell (SSH) using AIX Version 5.3 as your KDC. Having a single IBM Network Authentication Service (NAS) KDC on AIX for authentication across different platforms is especially helpful in a hybrid environment.
|
|
Articles |
|
07 Nov 2006 |
|
| |
Get to know NetBSD
NetBSD runs on more hardware platforms than any other UNIX(R) derivative due to smart
design decisions and a commitment to portable code. Whether you're porting an operating
system to a proprietary embedded system or looking for stability and compatibility across
hardware platforms in the lab, NetBSD and its open license is a compelling alternative to
Linux(R) and the GNU Public License (GPL).
|
|
Articles |
|
29 Aug 2006 |
|
| |
Take a closer look at OpenBSD
OpenBSD is quite possibly the most secure operating system on the planet. Every step of the
development process focuses on building a secure, open, and free platform. UNIX(R) and Linux(R)
administrators take note: Without realizing it, you probably use tools ported from OpenBSD every day.
Maybe it's time to give the whole operating system a closer look.
|
|
Articles |
|
08 Aug 2006 |
|
| |
Make UNIX work with Windows XP and Mac OS X
Learn about using a UNIX(R) system as a primary domain controller (PDC) and file repository, including an anonymous, read-only shared area accessible by anyone with a Web browser. To be a good citizen on your local network, you need to integrate your favorite UNIX system with the networking features of client systems, generally running Windows(R) XP or Mac OS X. This makes it easier for the users of those workstations to take advantage of the centralized authentication and storage facilities you can provide.
|
|
Articles |
|
18 Apr 2006 |
|
| |
Network services: Legacy design versus threaded design
So, you've got a great idea for a new network service that'll change the world, and you've just finished your first set of socket programming tutorials. Now you've just got to design the thing and finish off a test implementation, right? Traditionally, programs like this use the venerable UNIX(R) fork() system call to handle connections in a child process, but this is slow and inefficient, even on modern UNIXes. In this article, you'll get a look at using POSIX threads instead of child processes, and you'll also get an introduction to threaded programming -- a topic many UNIX programmers haven't encountered before.
|
|
Articles |
|
14 Feb 2006 |
|
| |
Use free software within commercial UNIX
Increase your productivity and take advantage of the free software that is currently available for the UNIX(R) platform. Tools like GCC (GNU gcc and gcc-c++ compilers), Emacs, and even core utilities like BASH and file utilities (ls, find, and so forth) started their life as free software alternatives under UNIX. In this article, you'll look at the development of some of these tools, as well as licensing, usability issues, and how best to install and integrate this free software into your commercial UNIX operating system.
|
|
Articles |
|
09 Feb 2006 |
|
| |
POSIX file capabilities: Parceling the power of root
Linux has been using capabilities for years, but has recently acquired POSIX
file capabilities. POSIX file capabilities split root user powers into smaller
privileges, such as the ability to read files or to trace processes owned by another
user. By assigning capabilities to a file, you can enable an unprivileged user to
execute the file with those specified privileges. In this article, learn how to
program using capabilities and how to switch on the ability of your system setuid
root binaries to use file capabilities.
|
|
Articles |
|
16 Oct 2007 |
|
| |
Forums and community
Get involved in the AIX(R) and UNIX(R) community by participating in the
developerWorks blogs and forums.
|
|
|
|
20 Aug 2009 |
|
| |
Get the latest version of OpenSSH for AIX
OpenSSH is a free software tool that supports SSH1 and SSH2 protocols. It's reliable and secure and is widely accepted in the IT industry to replace the r-commands, telnet, and ftp services, providing secure encrypted sessions between two hosts over the network. Get information in this article about OpenSSH version 3.4p1.
|
|
Articles |
|
10 Feb 2006 |
|
| |
Secure applications with AIX 5L Version 5.2 and 5.3 using cryptographic APIs
Do you want your applications to have authenticity, integrity, and privacy services? The IBM AIX 5L(TM) Version 5.2 and Version 5.3 (AIX 5L) operating system now offers powerful cryptographic application programming interfaces (APIs) for developing a secure application. AIX 5L exports a set of powerful cryptographic APIs that address both symmetric as well as asymmetric key algorithms. These interfaces provide block and stream cipher algorithms and two crypto-secure hash algorithms: sign and / or verify and Diffie-Hellman key-exchange algorithms.
|
|
Articles |
|
27 Oct 2005 |
|
| |
Secure communication with Kerberized OpenSSH on AIX Version 5.3 using Windows Kerberos service
Discover how you can configure the Kerberized Open Secure Shell (OpenSSH) on AIX(R) Version 5.3 machines that have Microsoft(R) Active Directory Server to act as the Key Distribution Center (KDC). OpenSSH encrypts traffic, including passwords, to eliminate eavesdropping, taking over your connection, or peeking into your data. If you work in a hybrid environment with multi-vendor solutions on AIX Version 5.3 systems, then you'll find this article extremely useful.
|
|
Articles |
|
13 Jun 2006 |
|
| |
10 tips for sensible systems administration
Benjamin Franklin: scientist, scholar, statesman, and . . . systems administrator?
Yes, 200 years or so before the birth of UNIX, Franklin scribed sage advice to keep
systems humming. Here are 10 of Franklin's more notable tips.
|
|
Articles |
|
10 Mar 2009 |
|
| |
Perform uniform mounting with generic NFS
To efficiently achieve uniform mounting in the presence of multiple,
simultaneous NFS version exports, you need a generic NFS mount utility. Learn
how a generic NFS mount utility
can help reduce handling multiple NFS versions and simplify the management of
those versions. The article
describes the concept of the generic NFS mount, outlines the advantages and
applications of the system, and gives some overall design
details.
|
|
Articles |
|
11 Feb 2009 |
|
| |
Changing UIDs and GIDs
It's important to know what happens to file ownership in AIX once you make a UID or GID change. If you don't
understand the results of altering a UID or GID, you could cause serious issues to your server and
environment.
|
|
Articles |
|
04 Mar 2008 |
|
| |
