I’m just back from the last ISACA Belgian Chapter meeting. Topic of today was about the UNIX OS security audit process. A very large topic! The speaker was Sanjay Vaid. For years now, Linux is deployed in business environment. Linux systems can take several forms: applications servers (print, files, web,
Category: Solaris
Crypto KMS vs KPMI
Sun Microsystems (via the opensolaris.org project) released its encryption key management technology as open source. The offered toolkit allows developers and manufacturers of storage devices to write applications which will work together with the Sun Microsystems Crypto KMS (KMS stands for “Key Management System“). The Crypto KMS is an appliance
Avoid “proxy.pac” Nightmares
Google saved my life today! I was busy to deploy a proxy.pac file at a customer premises. The problem with proxy.pac files is the difficulty to validate them. There are parsed by browsers and can quickly became a nightmare to be read by “poor humans”. There is a project on
Number of the Day: 1.91%
According to Secunia which grab nice data from its PSI application, only 1.91% of PC’s are fully patched: Read the report here.
SSH Fingerprint ASCII Visualization
OpenBSD is my favorite OS and one more time, it makes the difference! The latest OpenBSD CVS version introduces the “SSH Fingerprint ASCII Visualization“. What does it mean? When you connect to remote host via SSH, your SSH client performs some checks on the server key. If it changed, you
Solaris zones and routing behaviour
Working as a Security Consultant, I’m less involved in Solaris administration tasks. Anyway, for some customers, I still need to manage servers running Solaris 10. One of the greatest features Solaris 10 introduced is the “zones” concept (to keep things easy, it’s the virtualization mechanism introduced by SUN). I already
Solaris zones default gateway
Assume the following setup: A Solaris 10 box with a zone Zone1. The global zone is connected on 10.0.0.0/24 thru NIC bge0. The default gateway is 10.0.0.1. Zone1 is part of a DMZ (192.168.0.0/24) and has a dedicated NIC bge1. The DMZ default gateway is 192.168.0.1. A Solaris zone cannot
APOC DoS
APOC (A Point Of Control) is a framework for centralized management of configuration settings for Gnome and beyond. APOC, originally developed for JDS (the Gnome implementation of Sun Microsystems) and StarOffice, is part of Solaris as Open Source software. In a standard Solaris installation, APOC is not enabled: # svcs
New Solaris live-CD – BeleniX
There are more and more Solaris Live-CD available. I already tested SchilliX a few months ago. Yesterday, a colleague talked about BeleniX, a new one, based on OpenSolaris. I burned the latest iso image and tested on a HP notebook nx7010. Everything was detected without problems! (FastEthernet, Wifi (802.11g), DVD-burner,
The ARC Cache effect
I installed a new server which uses the Solaris 10 (6/06) best features: ZFS (now officially supported by Sun) and zones. A few hours after the setup, I started the applications and data transfer. Immediately, the memory was almost full (only 300MB free) !? No big process running, nothing strange,