Filter by products, topics, and types of content

(0 Products)

(43 Topics)

(1 Industries)

(6 Types)

1 - 50 of 50 results
Show Summaries | Hide Summaries
View Results
Title none Type none Date down
Configure an IPsec environment using the Kerberos authentication mechanism
Kerberos is an authentication mechanism used to authenticate a set of users by having different security realms and by exchanging ticket over a secured or non-secured environment. Internet Protocol Security (IPsec) is a security protocol used to establish a secured channel over interacting systems. The IPsec security protocol allows the use of Kerberos for user authentication and to have a secured communication channel established between two client systems. This article explains how we can use IPsec as a security protocol to communicate between two client systems and how we can configure IPsec with Kerberos authentication between these systems.
Articles 28 Jul 2017
Getting started with SSH security and configuration
Are you a new UNIX(R) administrator who needs to be able to run communication over a network in the most secure fashion possible? Brush up on the basics, learn the intricate details of SSH, and delve into the advanced capabilities of SSH to automate securely your daily system maintenance, remote system management, and use within advanced scripts to manage multiple hosts.
Also available in: Chinese   Russian  
Articles 09 May 2014
Simplify and centralize IPSec management on AIX
Internet Protocol Security (IPSec) helps you secure your data, but implementing IPSec tunnels in a large enterprise with many systems can be a daunting task. In this article, learn to use the centralized IPSec management feature in AIX to manage IPSec configuration for large numbers of client machines. Examples show how to simplify and centralize management of a configuration using LDAP as a central repository.
Also available in: Chinese   Russian  
Articles 15 Jul 2013
Security authentication mechanism in AIX
Authentication mechanism verifies which users are allowed to access a system. Administrator can define authentication protocol; based on that protocol, users' credentials are verified, and users are given access to the system. AIX provides several authentication and identification modules. A user's authentication and identification are done based on the user's attributes on AIX. This article covers the user's authentication and identification attributes, load modules available in AIX, and a new authentication attribute introduced AIX 6.1 Tl07 and AIX 7.1 Tl1 releases.
Also available in: Chinese   Russian  
Articles 15 Nov 2011
Securing your DB2 file systems with EFS
From AIX 6.1 onwards, user created filesystems can now be encrypted, which is implemented at the file system level. This approach allows for some applications to be encrypted, with not much overhead maintenance. One such product that can be used for data encryption is DB2. The need to encrypt application data is becoming more common, especially if backups are taken and are moved off site, or the application resides on external sites. SOX even recommends that to maintain the confidentially of the data, encryption should be strongly considered. This article demonstrates how to create a DB2 database and encrypt it under AIX and looks at common EFS commands.
Also available in: Chinese  
Articles 25 Oct 2011
AIX security commands, Part 2: Advanced AIX security commands
Management of system administration is always a tedious task. Various tools and methods are available to handle administrative activities on a system. AIX 6.1 provides different security features that help to manage user and group administration and maintain integrity on a system. This articles provides a list commands which are enabled using these features.
Also available in: Chinese  
Articles 25 Oct 2011
Setting up a firewall with AIX TCP/IP filtering
The purpose of this article is to show how an AIX server can be configured to filter TCP/IP traffic using the operating systems built-in filtering capabilities. Audience for this article includes server and network administrators in the need of restricting the network traffic allowed to flow in and out of a server. This article applies to a broad set of scenarios, from hardening critical midrange database servers running in internal networks, to securing border servers handling Internet traffic, like web, DNS or email servers.
Also available in: Chinese  
Articles 04 Oct 2011
More locks for your SSH door
Security isn't an exact science, so the more difficulties you can put in a hacker's way, the better. This article considers how to enhance Secure Shell (SSH) access by eliminating passwords and using public/private key pairs instead. The article also explores how to recognize and block possible attacks, including brute-force and dictionary attacks, by denying server access to origins that are identified as unsafe.
Also available in: Spanish  
Articles 27 Sep 2011
Introduction to Domain RBAC
This article provides data in simplified terms for using Domain RBAC to gain granular access on resources and objects. It also gives examples on implementing domain RBAC on resources.
Articles 20 Sep 2011
Beat the AIX Security Expert gotchas
The AIX Security Expert (AIXPert) makes implementing security a breeze, but it does have some traps for the uninitiated. Once you're aware of them, AIXPert is a natural choice for security hardening. So, if you want to secure your system without leaving yourself locked out in the rain, this article is for you.
Also available in: Chinese  
Articles 19 Apr 2011
Three locks for your SSH door
Security always requires a multi-layered scheme. SSH is a good example of this. Methods range from simple sshd configuration through the use of PAM to specify who can use SSH, to application of port-knocking techniques, or to hide the fact that SSH access even exists. Applying these techniques can make life much harder for possible intruders, who will have to go past three unusual barriers.
Also available in: Chinese   Russian  
Articles 31 Aug 2010
Password expiry
Without a doubt, password policy is an audit requirement. If audited, as a system administrator you will need to prove your policy with ad-hoc reports and listings.
Also available in: Chinese  
Articles 31 Aug 2010
Heterogeneous IPSec solution between AIX and Windows
Internet security is a major concern. Internet Protocol Security (IPSec) is a framework for a set of protocols that helps you implement security at the IP packet level. IPSec works across heterogeneous environments to create secure tunnels for safer transactions. This article talks about what you can gain from configuring IPSec to a heterogeneous environment between AIX and Windows.
Also available in: Chinese  
Articles 24 Aug 2010
Security considerations over distributed environment using DCE security framework
Most of the businesses today are running over a distributed environment. Security and integrity of the data flowing over the network is, therefore, of utmost importance for the business units. The DCE security framework essentially does the same for such business needs. Most of the present day distributed environment based business services are using the basics of DCE security. Primarily the DCE security service, with additional new services and facilities, is based on the Kerberos system. This article is targeted to understand the basic concepts and implementation of security mechanisms being used in distributed environment and how the whole idea of DCE security is related to Kerberos.
Also available in: Chinese  
Articles 15 Jun 2010
Extending the capability of secldap to authenticate from multiple data sources
The secldapclntd daemon establishes connection between an LDAP server and the AIX security LDAP module. Usual steps to configure a secldapclntd daemon with LDAP server allows us to provide multiple replicated LDAP server details during configuration. However, there can be a situation when the information for all the users is not available in only one LDAP server. In such a scenario, configuring just one active LDAP server details might not be sufficient. To resolve this limitation, this article demonstrates the usage of the pass-through authentication feature in IBM Tivoli Directory Server. The steps listed in this article can be followed to configure a setup such that AIX security module will be able to seek authentication information from multiple data sources and yet hide the backend server details from the client, hence ensuring abstraction and security.
Also available in: Chinese  
Articles 01 Jun 2010
Password maintenance
When migrating users, a new password will have to be initially provided. One tool to use is chpasswd. Thinking of a good password can also be prone to creating dictionary words as a password. Using the password generator pwgen, this task can be made easy.
Also available in: Chinese   Russian  
Articles 11 May 2010
AIX 6.1 security features: Mapping with HIPAA compliance
The Health Insurance Portability and Accountability Act (HIPAA) is a regulatory compliance mandated by the United States government for all health care organizations. Security rule sections from this compliance mandates security of related information and systems. IBM AIX Version 6.1 is enhanced with several security features, and many of these features can be mapped with the security requirements laid by the HIPAA Security Rule. This article maps some of the AIX V6.1 security features to security requirements in HIPAA and shows you the potential use of AIX V6.1 systems in a larger technological solution for health care sectors.
Also available in: Chinese  
Articles 27 Apr 2010
AIX V6.1 security and regulatory compliance
IBM AIX Version 6.1 is packed with security enhancements. Many of these features can be mapped with the security requirements laid by the regulatory compliances for federal, financial, and health care sectors. This article looks at AIX V6.1 security features and their mapping with the security criteria that can be derived from some of the compliances. The article helps security practitioners to get a compartmentalized view of the features and why AIX V6.1 can be a system to consider for a compliance-driven industry.
Also available in: Chinese  
Articles 12 Jan 2010
IBM AIX TCP Traffic Regulation
IBM AIX TCP Traffic Regulation (TR), introduced in IBM AIX 6.1 TL2, provides centralized port-based regulation of TCP connection resource utilization. TCP firewall profiles, customized by a security administrator, can now be loaded into the AIX kernel for active mitigation of TCP-based Denial-of-Service (DoS) attacks.
Also available in: Chinese  
Articles 01 Dec 2009
Configuring an AIX client with multiple Kerberos realms
A typical customer environment is heterogeneous and includes AIX, Windows, and Linux, which can be servers or clients. In many situations, an AIX Kerberos client needs to interact with multiple Kerberos realms hosted on a Windows or AIX Kerberos server to handle the requested services. This article explains the configuration details required to set the AIX Kerberos client to interact with multiple realms hosted on Windows Kerberos servers.
Also available in: Chinese  
Articles 20 Oct 2009
Configure single sign-on authentication on AIX
Single sign-on (SSO) is a mechanism that allows a user to access resources across multiple systems by just authenticating to the server once. This method is quite helpful in scenarios where the user database is centralized (like LDAP). Users can authenticate on one system and then access multiple systems.
Also available in: Chinese  
Articles 22 Sep 2009
Role-based access control in simple steps
Security is a major concern of operating systems. This article series provides an understanding of the new features on AIX, role-based access control and multi-level security. Part 1 of this series discusses AIX role-based access control (RBAC) and how roles, responsibilities, and the authorization of a root user can be delegated to more than one user.
Also available in: Chinese  
Articles 23 Jun 2009
AIX 6.1, Solaris 10, and HP-UX and the System p
In recent years, HP, Sun, and IBM have all released new versions of their commercial UNIX-based operating systems. This article compares and contrasts some of the innovations in their releases. Learn the differences on how to work with certain tasks, such as networking and performance tuning. Also, see at a high level some of the virtualization differences among these big three.
Also available in: Chinese  
Articles 26 May 2009
Speaking UNIX: 10 great tools for any UNIX system
The universe of UNIX tools changes constantly. Here are 10 tools -- some you may have overlooked and some new -- to tinker with.
Also available in: Chinese  
Articles 12 May 2009
Automating deployment and activation of virtual appliances for IBM AIX and Power Systems
Server virtualization enables you to rapidly provision new environments by using libraries of virtual image templates, or virtual appliances. Automated provisioning requires the management of operating system, network, and application-specific customization. This article provides a sample framework for automating virtual image deployment and activation on Power Systems, with a downloadable example that demonstrates how to provision a virtual appliance made up of IBM WebSphere Application Server V7.0 running on AIX V5.3.
Articles 29 Apr 2009
Configuring Kerberos master-slave KDC with LDAP master-replica topology on AIX
Learn how to configure and manage the Kerberos master-slave Key Distribution Center with an LDAP master-replica setup. This article gives a step-by-step example of how to achieve one such complex Kerberos setup.
Also available in: Chinese  
Articles 21 Apr 2009
Secure file transfer in a heterogeneous environment
File transfer is an essential and important activity in the day-to-day computing world. Security lapses during file transfer can invite leak important data to the external world. As a result, securing FTP is of primary importance. Hence, in AIX V6.1, IBM has introduced a secure flavor of FTP (and ftpd), based on OpenSSL, using Transport Layer Security (TLS) to encrypt both the command and the data channels of file transfer. This article shows the advantage of using this AIX V6.1 feature and its usage between AIX and other heterogeneous systems that already support this feature. This article focuses on AIX secure FTP with a Windows server.
Also available in: Chinese  
Articles 14 Apr 2009
Multi-security mechanisms with multifactor authentications
Authentication is a key component of security-based solutions. This article discusses the risk associated with the use of the same security mechanisms in multifactor authentication systems and the use of GSS-API as a suitable option for achieving the multi-security mechanism with multifactor authentication for enhanced security for solutions designed over UNIX.
Also available in: Chinese  
Articles 10 Mar 2009
Configure Enterprise Identity Mapping (EIM) for AIX NFSv4 over a Kerberos cross-realm setup
Learn how to set up and configure Enterprise Identity Mapping (EIM) for AIX Network File System (NFS) version 4 over a Kerberos cross-realm setup.
Also available in: Chinese  
Articles 03 Mar 2009
Perform uniform mounting with generic NFS
To efficiently achieve uniform mounting in the presence of multiple, simultaneous NFS version exports, you need a generic NFS mount utility. Learn how a generic NFS mount utility can help reduce handling multiple NFS versions and simplify the management of those versions. The article describes the concept of the generic NFS mount, outlines the advantages and applications of the system, and gives some overall design details.
Also available in: Russian   Japanese  
Articles 11 Feb 2009
Kerberos LDAP master-slave configuration management
Kerberos and LDAP are designed to allow for a master/slave setup. In a centralized environment, user and group management can be handled through the LDAP/KRB5LDAP (Kerberos LDAP) protocol. This article explains how to configure KRB5LDAP (Kerberos LDAP) master/slave for KRB5LDAP clients.
Also available in: Chinese  
Articles 13 Jan 2009
Using AIX Security Expert
AIXPert is an all-purpose GUI and command-line security tool that incorporates over 300 security configuration settings. Learn about recent enhancements implemented with AIX V6.1, including SOX auditing support, and go through real scenarios to show how AIXPert can be used from the command line, smit, and the GUI.
Also available in: Chinese   Russian  
Articles 09 Dec 2008
Resources on the IBM Network Authentication Service and related technologies for AIX
Get the answers to your questions about the AIX Network Authentication Service and related technologies in one place. This article provides developers and administrators with a listing of the developerWorks articles that cover configuration, administration, interoperability, Kerberized filesystems (NFS V4), and different Kerberized login modules based on IBM NAS for AIX. For your convenience and ease of usage, the articles have be categorized into appropriate sections.
Also available in: Chinese  
Articles 03 Dec 2008
Implement two-factor authentication for AIX using Kerberos
In the ever-growing need for higher security systems, multi-factor authentication is preferred for network security. Since Kerberos is one of the most popular network authentication mechanisms, learn how to design a multi-factor authentication over the Kerberos protocol. Understand the use of One-Time Password (OTP) and GSS-API to achieve this.
Also available in: Chinese  
Articles 04 Nov 2008
Configure IBM NAS version for AIX to make use of non-default encryption type
This article provides step-by-step procedures of how to enable and make use of non-default encryption type such as "aes128-cts" in the Kerberos setup (IBM Network Authentication Service). It also explains the reasoning behind every action taken in this regard. The explanation and reasoning will help Kerberos administrators make use of any other non-default encryption types in their Kerberos setups.
Also available in: Chinese  
Articles 19 Aug 2008
AIX security commands, Part 1: General, LDAP, and Kerbos commands
Security is an important aspect of the AIX operating system. Follow along with this quick reference guide on AIX Security commands to learn more.
Also available in: Chinese  
Articles 22 Jul 2008
Configure and enable the Kerberos authentication in telnet, FTP, and r-commands on AIX V6
Learn to make use of the Kerberos authentication tickets in the day-to-day network services on AIX V6 and discover how Kerberos can be useful in getting rid of the password hassles for network service logons. This is another method towards achieving single sign on (SSO) on an AIX system network.
Also available in: Chinese  
Articles 27 May 2008
Extending non-IBM LDAP servers to support full AIX functionality
Managing users and controlling their access in a centralized LDAP environment is a challenging task in a heterogeneous environment. Some platforms may lose their OS-specific functionality due to the lack of schema support from the LDAP server. This presents a solution for some non-IBM LDAP servers to support full AIX user management functionality by providing the AIX LDAP schema for these server types, the steps for updating these LDAP server type with the schema, and the proper configuration on AIX to take advantage of the added AIX LDAP schema.
Also available in: Chinese  
Articles 19 Feb 2008
Understanding EFS
Safeguard your data with the Encrypted File System (EFS), a new AIX(R) 6.1 security feature, and get a comprehensive picture on the configuration of EFS and its usage. EFS can store the content of a file in an encrypted format at the file system level. If you’re new to EFS, this article is a good starting point for reviewing the need for EFS, its features, and most commonly used commands.
Also available in: Chinese  
Articles 29 Jan 2008
AIX NFS Version 4 configuration over Kerberos inter-realm setup
Learn how to configure an inter-realm setup between IBM(R) Network Authentication Service (IBM NAS) and Microsoft(R) Active Directory for AIX(R) Network File System (NFS) Version 4.
Also available in: Chinese  
Articles 08 Jan 2008
Kerberos authentication for AIX Version 5.3 Network File System Version 4
Find out how to use application programming interfaces (APIs) when writing your own custom Kerberos-based authentication applications. Network File System Version 4 (NFS V4), the up and coming enterprise file system, uses the Kerberos security mechanism to address privacy, authentication, and integrity requirements. In this article, you'll examine different Kerberos credential cache name formats that AIX(R) NFS V4 supports and are required for authentication purposes. You'll also look at different methods of obtaining the Kerberos credential.
Articles 05 Dec 2006
Tunneling with SSH
Use OpenSource tools, such as Secure Shell (SSH), PuTTY, and Cygwin, to create secure connections to almost any resource you need to access. Current information on SSH tunneling and setup is fragmented and limited to specific applications, or it is written at a system administrator's level. With increasing security needs, the addition of boundary firewalls, and tightening of the number of allowed network ports, users need a method that is simple to configure, easy to operate and, above all, secure to accomplish day-to-day tasks and access the services that they have become accustomed to. This article describes the setup of a simple SSH client connecting to an AIX(R)- or Linux(R)-based SSH server that allows a typical, technically literate individual the ability to set up, configure, and operate a flexible means of tunneling data and services over the SSH service.
Also available in: Chinese  
Articles 17 Oct 2006
Kerberized authentication of Windows Terminal Service
Discover how to configure the Microsoft(R) Windows(R) 2003 Server to authenticate Terminal Service users with the IBM Network Authentication Service (IBM NAS) Key Distribution Center (KDC) being hosted on their AIX(R) 5.3 system. Such a setup not only gives Kerberized authentication for Terminal Service users, but it also allows users to have uniform user IDs and passwords across AIX and Windows Server systems. It allows application developers to exploit the advantages of Kerberos interoperability between IBM NAS and Windows in Kerberized applications spanning across systems.
Also available in: Chinese  
Articles 22 Aug 2006
Take a closer look at OpenBSD
OpenBSD is quite possibly the most secure operating system on the planet. Every step of the development process focuses on building a secure, open, and free platform. UNIX(R) and Linux(R) administrators take note: Without realizing it, you probably use tools ported from OpenBSD every day. Maybe it's time to give the whole operating system a closer look.
Also available in: Chinese  
Articles 08 Aug 2006
Secure communication with Kerberized OpenSSH on AIX Version 5.3 using Windows Kerberos service
Discover how you can configure the Kerberized Open Secure Shell (OpenSSH) on AIX(R) Version 5.3 machines that have Microsoft(R) Active Directory Server to act as the Key Distribution Center (KDC). OpenSSH encrypts traffic, including passwords, to eliminate eavesdropping, taking over your connection, or peeking into your data. If you work in a hybrid environment with multi-vendor solutions on AIX Version 5.3 systems, then you'll find this article extremely useful.
Also available in: Chinese   Russian  
Articles 13 Jun 2006
Network File System Version 4 security: Kerberos and LIPKEY mechanisms
Use the enriched security features of Network File System (NFS) Version 4 to pave your way to public key technology. In this article, you'll examine the NFS Version 4 built-in security schemes, and how to use the existing Kerberos authentication database in a LIPKEY security mechanism. You'll also find out how to take the first steps for a migration or extension from Kerberos to the LIPKEY security mechanism.
Articles 26 Apr 2006
Get the latest version of OpenSSH for AIX
OpenSSH is a free software tool that supports SSH1 and SSH2 protocols. It's reliable and secure and is widely accepted in the IT industry to replace the r-commands, telnet, and ftp services, providing secure encrypted sessions between two hosts over the network. Get information in this article about OpenSSH version 3.4p1.
Articles 10 Feb 2006
Configure DB2 Universal Database for UNIX to use OpenSSH
Prior to IBM DB2 UDB, Version 8.2.2, on UNIX, DB2 UDB implicitly relied on rsh as the remote shell mechanism when executing commands on remote DB2 nodes. This article describes how to configure OpenSSH 3.8p1 for use with a DB2 UDB version 8.2.2 or higher DPF instance.
Also available in: Russian  
Articles 23 Jun 2005
Securing AIX Network Services
Better understand the network services in AIX and the impact each one has on system security. Administrators responsible for RS/6000s connected in some way to a public network can use the information in this tutorial to achieve the necessary balance between functionality and security.
Tutorial 24 Dec 2001
Deploying OpenSSH on AIX
This tutorial is designed for administrators of IBM RS/6000 systems who wish to improve the security and integrity of their servers running AIX by replacing standard insecure network services with those provided by the OpenSSH implementation of the Secure Shell protocol.
Tutorial 01 Jun 2001
1 - 50 of 50 results
Show Summaries | Hide Summaries