PCI Series: Requirement 2 – Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters

This article is third in a series dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post covers the PCI DSS requirement related to not using vendor-supplied defaults for system passwords and other security parameters. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

The second section of the PCI-DSS standard applies to defaults – especially passwords and other security parameters. The standard calls for the reset of passwords (etc.) for any new system before placing it on the network. IdM can help here. Leveraging IdM for centralized accounts and policy information allows for a simple automated provisioning of new systems with

Continue reading “PCI Series: Requirement 2 – Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters”

PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data

This article is one of the blog posts dedicated to use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement one – install and maintain a firewall configuration to protect cardholder data. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

The first requirement of the PCI standard talks about the firewalls and networking. While Red Hat’s Identity Management solution is not directly related to setting up networks and firewall rules, there are several aspects of IdM that

Continue reading “PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data”

Identity Management and Related Technologies and their Applicability to PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is not new. It has existed for several years and provides security guidelines and best practices for the storage and processing of personal cardholder data. This article takes a look at PCI DSS 3.2 (published in April of 2016) and shows how Identity Management in Red Hat Enterprise Linux (IdM) and related technologies can help customers to address PCI DSS requirements to achieve and stay compliant with the standard. If you need a copy of the PCI DSS document it can be acquired from the document library at the following site: www.pcisecuritystandards.org

In October of 2015 Red Hat published a paper that gives an overview of the PCI DSS standard and shows how Red Hat Satellite and other parts of the Red Hat portfolio can help customers to address their PCI compliance challenges. In this post I would like to expand on this paper and drill down into more detail about

Continue reading “Identity Management and Related Technologies and their Applicability to PCI DSS”

Announcing Red Hat Enterprise Linux Atomic Host 7.2.6

Red Hat Enterprise Linux Atomic Host is a small footprint, purpose-built version of Red Hat Enterprise Linux that is designed to run containerized workloads. Building on the success of our last release, Red Hat’s Atomic-OpenShift team is excited to announce the general availability of Red Hat Enterprise Linux Atomic Host 7.2.6. This release features improvements in rpm-ostree, cockpit, skopeo, docker, and the atomic CLI. The full release notes can be found here. This post is going to explore a major new feature

Continue reading “Announcing Red Hat Enterprise Linux Atomic Host 7.2.6”

Red Hat Hyperconverged Solutions

Hyperconvergence is a key topic in IT planning across industries today. As customers look to lower costs and simplify day to day management of their IT operations, the hyperconverged model emerges as fit in a number of operational use cases.

Convergence began at the hardware level, with compute, network, and storage appearing in consolidated platforms, but it’s now accelerating as hyperconvergence goes “software defined”. As a leading software infrastructure stack provider, Red Hat recognizes that reducing the overall moving parts in your infrastructure and simplifying the procurement and deployment processes are core requirements of the next generation elastic datacenter.

Applying a solutions-aligned lens, Red Hat is innovating software defined compute-storage solutions across the portfolio, designed to meet the needs of a broad customer base with diverse requirements. As a vendor-partner in this journey, we recognize the value of bringing storage close to your compute and eliminating the need for discreet storage tier. Doing so across both traditional virtualization and cloud, as well as containers and leveraging our industry-proven software defined storage assets – Red Hat Gluster and Red Hat Ceph Storage – we’ve defined a robust set of efficient, solution-aligned hyperconverged offerings.

This blog provides a short overview of several areas where we see hyperconverged software defined architectures aligning with use cases, with a focus on

Continue reading “Red Hat Hyperconverged Solutions”

Self-Service Portals and Virtualization

There have been countless advances in technology in the last few years; both in general and at Red Hat. To list just the ones specific to Red Hat could actually boggle the mind. Arguably, some of the biggest advances have come more in the form of “soft” skills. Namely, Red Hat has become really good at listening – not only to our own customers but to our competitors’ customers as well. This is no more apparent than in our approach to applying a self-service catalog to virtualization. Specifically, pairing Red Hat Enterprise Virtualization (RHEV) with CloudForms for the purpose of streamlining and automation of virtual machine provisioning.

Continue reading “Self-Service Portals and Virtualization”

Container Image Signing

Red Hat engineers have been working to more securely distribute container images. In this post we look at where we’ve come from, where we need to go, and how we hope to get there.

History

When the Docker image specification was introduced it did not have a cryptographic verification model. The most significant reason (for not having one) was the lack of a reliable checksum hash of image content. Two otherwise identical images could have different checksum values. Without a consistent tarsum mechanism, cryptographic verification would be very challenging. With Docker version 1.10, checksums are more consistent and could be used as a stable reference for

Continue reading “Container Image Signing”

Choosing a Platform Based on Workload Characteristics

Paradoxically, there has never been a better or more confusing time to discuss which platform is most appropriate for a given workload.  As we seek to solve problems around automation, continuous integration / continuous delivery, ease of upgrades, operational complexity, uptime, compliance, and many other complex issues – it quickly becomes clear that there are more than a few viable options.  Making matters worse – there is too much focus on the “how” (to adopt a given platform) and not enough focus onthe “why”. To this end, I’d like to address more of the “why” in an attempt to better influence the “how”.

Continue reading “Choosing a Platform Based on Workload Characteristics”

I Really Can’t Rename My Hosts!

Hello again! In this post I will be sharing some ideas about what you can do to solve a complex identity management challenge.

As the adoption of Identity Management (IdM) grows and especially in the case of heterogeneous environments where some systems are running Linux and user accounts are in the Active Directory (AD) – the question of renaming hosts becomes more and more relevant. Here is a set of requirements that we often hear from customers

Continue reading “I Really Can’t Rename My Hosts!”