Security on developerWorks

Con etiquetas: encryption

TODAS LAS ENTRADAS

End-to-end data protection for your PGP-based infrastructure

Visits (2290)

Nikunj Panchal and Subramanian Krishnan have recently published an article on developerWorks showing how to integrate your PGP-based public key infrastructure with WebSphere Cast iron's built in support for data encryption so that you can acheive true-end-to-end data protection for all your enterprise orchestrations based on Cast Iron.http://ow.ly/wnQhd

Heartbleed and IBM Products: Where to get official news and information

Visits (2976)

I know everyone's scrambling to figure out what has to be patched to fix the Heartbleed bug. Please keep in mind that Heartbleed is a bug in the OpenSSL implementation of SSL, not a flaw in SSL itself. I know that many IBM products don't use OpenSSL and aren't affected by the Heartbleed bug. Having said that, there are probably some IBM products that DO need to be patched. And I wouldn't dare try to enumerate them.

Why?

Because IBM has a team of people whose job is specifically to monitor security vulnerability announcements and make sure the affected IBM products are made aware and to make sure patches get rolled out. They are the IBM Product Security Incident Response Program. These folks work day in and day out to get authoritative information out to people so they know which products need to be patched and where to get them. If there is a silver lining to the Heartbleed story, it's that it gives me a chance to brag on and give thanks for the good work that team does every day.

Jon Tate has published a post on the System Storage Redbooks blog with more details on how to get plugged into the PSIRT team's announcements about Heartbleed and other security alerts. So go check that post out and get plugged in.

graphic credit.

You might also be interested in.....

Encrypting Data With Confidence

IBM has published a new white paper on encrypting data at enterprise scale. Learn about encrypting mission critical data with confidence and reduce security risks across the enterprise and beyond.

Download "Encrypting Data With Confidence."

Etiquetas: infrastructure ssl data-protection encryption openssl data #security heartbleed security

What you need to know about GSKit, FIPS 140-2, and Suite B

Visits (2260)

Many IBM products use the IBM Global Security Kit component for SSL and other encryption tasks. Oktawian Powązka has just published a new white paper at the security on developerWorks community that goes into detail about what you can and can't do with GSKit for FIPS and Suie B compliance. This white paper is a must read for anyone who has to worry about compliance to these standards. http://ow.ly/vR7uT

You might also be interested in:

Encrypting Data With Confidence:

IBM published a new white paper on encrypting data at enterprise scale. Learn about encrypting mission critical data with confidence and reduce security risks across the enterprise and beyond. Download "Encrypting Data With Confidence."

Etiquetas: encryption data #security gskit suite-b security fips-140-2

Simplify management of IPsec tunnel configuration variables

Visits (2984)

IPsec -- the Internet Protocol Security technology protocol suite that authenticates and/or encrypts each IP packet of a communication session in order to secure IP communications -- is a foundation tool that can be complex to implement, especially in an enterprise comprised of many systems. There are two modes in which IPsec can be implemented:

host-to-host transport mode where only the payload of the IP packet is usually encrypted and/or authenticated; routing remains intact since the IP header is neither modified nor encrypted.
network tunnel mode encrypts and/or authenticates the entire IP packet, then encapsulates it into a new IP packet with a new IP header; this mode is used to create virtual private networks.

Tunnel mode is an important concept but it can be quite a numbers nightmare. To use IPsec tunnels, each system under an enterprise's control must be configured individually using an XML configuration file or command line. Each IPsec tunnel between two systems has to be configured for more than 20 different parameters; only a few of these are machine dependent.

To reduce the propensity for error from so many configuration variables, IBM introduced a feature in AIX IPsec that simplifies the process. In Simplify and centralize IPSec management on AIX, IBM Software Engineer Jyoti Tenginakai shows you how to use the centralized IPSec management feature in AIX that creates tunnels for each pair of IP addresses that are part of the IPsec configuration policy. Tenginakai also explains how to simplify and centralize management of a configuration using LDAP as a central repository.

Etiquetas: aix encryption authentication network_tunnels internet_protocol_securit... virtual_private_network ibm-security ldap ip_addresses security vpn

Blogs