IEEE 802.11w promises to secure management and control frames
Browsing Posts published in October, 2006
Seagate, using their new DriveTrust Technology, will automatically encrypt every bit of data stored on the hard drive and require users to have a key, or password, before being able to access the disk drive
Securing NFS – Tunneling NFS over SSH:
The goal of this howto is building an NFS server that works on an SSH tunnel. This way all traffic between your hosts and the file server is encrypted and thus more secure. Normally you should enter a password every time you try to establish an SSH connection but since we could be mounting at bootup we will use ssh-keygen to create a keypair so we can login without entering a password. We will, however, limit that login session to executing just one command.
OpenSSH 4.4 released:
The OpenSSH team has officially realeased OpenSSH 4.4/4.4p. The latest updates to the popular ssh server and ssh/sftp client include some extremely advanced features for administrators, as well as the requisite OpenSSH security audits. As of 4.4, sshd_conf now supports a “Match” directive for conditional configuration to tailor the server to specific clients based on user, group, hostname, or ip, and also a “ForceCommand” option, which can be used in conjunction with the new Match directive, to execute a specific command, regardless of or in addition to what a client requests. this is a neat way for sysadmins to grab the attention of particular users without resorting to changing their shells or other hacks. They’ve added some new logging facilities and authentication options, too.
4.4p includes compilable options for hardware SSL acceleratoin, experimental SELinux support, experimental Solaris process contract support.
If you’re wondering what all this 4.4p stuff is about, it’s pretty simple. OpenSSH is a part of the OpenBSD project, and OpenSSH is developed, first and foremost, as an OpenBSD system utility. The base system takes full advantage of the OpenBSD environment, and relies on some facilities–such as OpenBSD malloc behavior–that may not be available on other systems. Since the team wants wide adoption of what they believe to be the best and most secure sshd out there, though, they also release a portable “p” version that will compile in a generic “unix” environment and is widely tested on systems ranging from an array of Linux flavors, to OS X, to HP-UX.<
