Filter by products, topics, and types of content

(0 Products)

(92 Topics)

(0 Industries)

(7 Types)

1 - 33 of 33 results
Show Summaries | Hide Summaries
View Results
Title none Type none Date down
OpenPOWER secure and trusted boot, Part 2: Protecting system firmware with OpenPOWER secure boot
Protection of system firmware against malicious attack is paramount to server security. If an attacker is able to inject malicious code at the firmware level, no security measure at the operating system level can fully guarantee the trust of the system. IBM OpenPOWER servers support secure boot of system firmware to ensure the system boots only authorized firmware. When the system boots, each firmware component is verified against a cryptographic signature and integrity-checked against a secure hash of the component. If any check fails, secure boot prevents the system from booting until the problem is corrected.
Articles 05 Jun 2017
Linux server hardening and security verification
In a world where securing your computer systems is more difficult than ever, there are steps you can take to protect them. This article includes tips and tools to help you harden and secure your Linux servers by using processes such as sane configurations, fuzz testing and penetration testing.
Also available in: Chinese  
Articles 17 Aug 2016
Hardening the Linux desktop
Although GNU/Linux® has the reputation of being a much more secure operating system than Windows,® you still need to secure the Linux desktop. This article steps you through installing antivirus software, creating a backup and restore plan, and using a firewall so you can harden your Linux desktop against most attacks and prevent unauthorized access to your computer.
Also available in: Chinese   Portuguese  
Tutorial 05 Feb 2014
Hardening the Linux server
Servers — whether used for testing or production — are primary targets for attackers. By taking the proper steps, you can turn a vulnerable box into a hardened server and help thwart outside attackers. Learn how to tighten Secure Shell (SSH) sessions, configure firewall rules, and set up intrusion detection to alert you to possible attacks on your GNU/Linux® server.
Also available in: Chinese   Portuguese  
Tutorial 23 Jan 2014
Secure Linux: Part 1. SELinux – history of its development, architecture and operating principles
Learn about the basic milestones in the development, architecture, and operating principles of Security-Enhanced Linux, the powerful remix of Linux providing mandatory access control. This article was specially selected for translation by developerWorks Russia as an example of developerWorks world-wide offerings.
Also available in: Chinese   Japanese   Portuguese  
Articles 30 May 2012
Anatomy of Security-Enhanced Linux (SELinux)
Linux has been described as one of the most secure operating systems available, but the National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. If you're running a 2.6 kernel today, you might be surprised to know that you're using SELinux right now! This article explores the ideas behind SELinux and how it's implemented.
Also available in: Russian   Portuguese  
Articles 17 May 2012
Use of IPSEC in Linux when configuring network-to-network and point-to-point VPN connections
This article takes a detailed look at the design principles, the basis for deploying VPN, and the IPSEC protocol concept, providing a description of the general features of IPSEC and of the mechanisms required for its implementation. This article was specially selected for translation by developerWorks Russia as an example of developerWorks world-wide offerings.
Also available in: Chinese   Japanese   Portuguese  
Articles 15 May 2012
Add Linux power to wireless routers with advanced tips and tricks for DD-WRT
DD-WRT brings all the power of the Linux networking stack to inexpensive wireless routers, turning a consumer router into a mighty networking powerhouse. Learn how to install and secure DD-WRT, and learn about the powerful, flexible command line behind the GUI.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 08 May 2012
Protect your data at the speed of light with gKrypt, Part 1
Meet the gKrypt engine, the world's first package to employ general purpose graphics units (GPGPUs) for data encryption, which is an important tool for information security. It uses an Advanced Encryption Standard (AES) based 256-bit block cipher to provide robust security. In this Part 1 of a two-part series, explore the AES, the GPU port of the Rijndael algorithm for Linux, the parallelizing of the AES algorithm, and the use of the gKrypt Engine supporting CUDA for NVIDIA-based GPUs.
Also available in: Chinese   Japanese   Portuguese   Spanish  
Articles 01 May 2012
Protect your data at the speed of light with gKrypt, Part 2
Meet the gKrypt engine, the world's first package to employ general purpose graphics units (GPGPUs) for data encryption. It uses an Advanced Encryption Standard (AES) based 256-bit block cipher. This is the second article in a two-part series on AES encryption and the gKrypt engine. Part 1 introduced gKrypt and explained the AES algorithm in detail, its parallel breakdown and how to map it on a massive GPU architecture using the Compute Unified Device Architecture (CUDA). Part 2 looks at how AES is implemented on CUDA.
Also available in: Japanese   Spanish  
Articles 01 May 2012
Enable multiuser logins with VNC
Virtual Network Computing (VNC) is a popular tool for providing remote access to computers. The usual VNC configuration is optimized for single-user workstations, and logging in to the VNC port directly accesses a single user's desktop. This configuration is awkward on multiuser computers, however. Fortunately, you have an alternative. By linking VNC to a Linux computer's normal X Display Manager Control Protocol (XDMCP) server, accessing the VNC port enables users to provide their user names and passwords, thereby enabling a single VNC server instance to handle multiple user logins.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 24 Apr 2012
Implement strong WiFi encryption the easy way with hostapd
Keep wireless security simple. hostapd, the Host Access Point daemon provides solid WiFi encryption that meets enterprise standards without all the overhead of running FreeRADIUS. Learn more about this tool and how to incorporate it into your environment.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 10 Apr 2012
Firewall uptime and security with iptables
Iptables is the standard Linux firewall application. It is easy to configure and maintain while powerful enough to provide the control expected from a high-end appliance. Learn how to get started with iptables, recover from common issues, and simulate a small-office usage scenario.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 04 Jan 2012
Learn Linux, 302 (Mixed environments): Samba security
In preparation for taking the Linux Professional Institute Certification exam LPI-302 for systems administrators, learn how to secure Samba and troubleshoot problems related to security.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 13 Dec 2011
Monitor Linux file system events with inotify
Use inotify when you need efficient, fine-grained, asynchronous monitoring of Linux file system events. Use it for user-space monitoring for security, performance, or other purposes. (On 10 September 2010, the downloadable sample code for this article was refreshed to correct a typo. - Ed.)
Also available in: Russian   Japanese   Portuguese   Spanish  
Articles 10 Sep 2010
Understanding and configuring PAM
The Pluggable Authentication Module (PAM) API exposes a set of functions that application programmers use for security-related functions like user authentication, data encryption, LDAP, and more. In this article, get a basic guide to the PAM model on Linux, see how to configure PAM, and learn how to design a sample PAM login application in 10 easy steps.
Also available in: Russian   Japanese   Portuguese  
Articles 10 Mar 2009
Perform uniform mounting with generic NFS
To efficiently achieve uniform mounting in the presence of multiple, simultaneous NFS version exports, you need a generic NFS mount utility. Learn how a generic NFS mount utility can help reduce handling multiple NFS versions and simplify the management of those versions. The article describes the concept of the generic NFS mount, outlines the advantages and applications of the system, and gives some overall design details.
Also available in: Russian   Japanese  
Articles 11 Feb 2009
Secure Linux containers cookbook
Lightweight containers, otherwise known as Virtual Private Servers (VPS) or Jails, are often thought of as a security tools designed to confine untrusted applications or users. However, as presently constructed, these containers do not provide adequate security guarantees. By strengthening these containers using SELinux or Smack policy, a much more secure container can be implemented in Linux. This article shows you how to create a more secure Linux-Security-Modules-protected container. Both the SELinux and Smack policy are considered works in progress, to be improved upon with help from their respective communities.
Also available in: Russian   Japanese  
Articles 03 Feb 2009
Automate backups on Linux
The loss of critical data can prove devastating. Still, millions of professionals ignore backing up their data. While individual reasons vary, one of the most common explanations is that performing routine backups can be a real chore. Because machines excel at mundane and repetitive tasks, the key to reducing the inherent drudgery and the natural human tendency for procrastination, is to automate the backup process.
Also available in: Russian   Japanese   Portuguese  
Articles 03 Jul 2008
Improve security with polyinstantiation
If you're concerned about protecting world-writeable shared directories such as /tmp or /var/tmp from abuse, a Linux Pluggable Authentication Module (PAM) can help you. The pam_namespace module creates a separate namespace for users on your system when they login. This separation is enforced by the Linux operating system so that users are protected from several types of security attacks. This article for Linux system administrators lays out the steps to enable namespaces with PAM.
Also available in: Russian  
Articles 26 Feb 2008
Role-based access control in SELinux
Role-based access control (RBAC) is a general security model that simplifies administration by assigning roles to users and then assigning permissions to those roles. RBAC in Security-Enhanced Linux (SELinux) acts as a layer of abstraction between the user and the underlying type-enforcement (TE) model, which provides highly granular access control but is not geared for ease of management. Learn how the three pieces of an SELinux context (policy, kernel, and userspace) work together to enforce the RBAC and tie Linux users into the TE policy.
Also available in: Russian   Japanese  
Articles 13 Feb 2008
Get started with the Linux key retention service
The Linux key retention service introduced with Linux 2.6 is a great new way to handle authentication, cryptography, cross-domain user mappings, and other security concerns for the Linux platform. Learn the components of the Linux key retention service and get an understanding of its usage with a working sample application.
Also available in: Russian   Japanese  
Articles 11 Apr 2007
SSL secures VNC applications
SSL provides a novel mechanism for convenient, secure access of remote desktops with VNC and standard Web browsers.
Also available in: Chinese   Russian  
Articles 24 Jan 2007
Secure Web site access with Perl
With Perl modules, automate the login procedures on secure Web sites.
Also available in: Russian  
Articles 25 Apr 2006
Use PLAM to speed distributed transactions
To decrease transaction time in distributed client-server applications, you can refine the flow of authorization information between the entities involved in a transaction. In this article, learn how to reduce the redundant authorization information that travels between a client and server with the Pluggable Authorization Module. PLAM is a DCE-style authorization framework model that reduces the request come-back period.
Articles 18 May 2005
Secure programmer: Minimizing privileges
Secure programs must minimize privileges so that any bugs are less likely to be become security vulnerabilities. This article discusses how to minimize privileges by minimizing the privileged modules, the privileges granted, and the time the privileges are active. The article discusses not only some of the traditional UNIX-like mechanisms for privileges, but some of the newer mechanisms like the FreeBSD jail(), the Linux Security Modules (LSM) framework, and Security-Enhanced Linux (SELinux).
Articles 20 May 2004
Windows-to-Linux roadmap: Part 4. User administration
IBM e-business architect Chris Walden is your guide through a nine-part developerWorks series on moving your operational skills from a Windows to a Linux environment. He covers everything from logging to networking, and from the command-line to help systems -- even compiling packages from available source code. In this part, you learn how to add and delete users and groups, both via the Webmin interface and at the command line. Shadow password and group files are also covered.
Also available in: Russian   Japanese  
Articles 11 Nov 2003
Secure programmer: Validating input
This article shows how to validate input -- one of the first lines of defense in any secure program.
Articles 23 Oct 2003
Network programming with the Twisted framework, Part 4
In this final installment of his series on Twisted, David looks at specialized protocols and servers contained in the Twisted package, with a focus on secure connections.
Articles 11 Sep 2003
Common threads: OpenSSH key management, Part 3
In this third article in a series, Daniel Robbins shows you how to take advantage of OpenSSH agent connection forwarding to enhance security. He also shares recent improvements to the keychain shell script.
Also available in: Japanese  
Articles 01 Feb 2002
Common threads: OpenSSH key management, Part 2
This article introduces ssh-agent (a private key cache) and keychain, a special bash script designed to make key-based authentication incredibly convenient and flexible.
Also available in: Japanese  
Articles 01 Sep 2001
Backing up your Linux machines
Cover your back in the worst-case scenario with the techniques in this tutorial. Even new, high-quality hard drives will occasionally fail. Regular system backups are essential, especially for busy developers who make continual improvements to their code. This tutorial shows you how to protect yourself from losing huge amounts of critical data.
Tutorials 08 Aug 2001
Common threads: OpenSSH key management, Part 1
In this series, you'll learn how RSA and DSA authentication work, and see how to set up passwordless authentication the right way. In the first article of the series, Daniel Robbins focuses on introducing the RSA and DSA authentication protocols and showing you how to get them working over the network.
Also available in: Japanese  
Articles 01 Jul 2001
1 - 33 of 33 results
Show Summaries | Hide Summaries