Picking your Deployment Architecture

In the previous post I talked about Smart Card Support in Red Hat Enterprise Linux. In this article I will drill down into how to select the right deployment architecture depending on your constraints, requirements and availability of the smart card related functionality in different versions of Red Hat Enterprise Linux.

To select the right architecture for a deployment where users would authenticate using smart cards when logging into Linux systems you need to 

Continue reading “Picking your Deployment Architecture”

PCI Series: Requirement 2 – Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters

This article is third in a series dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post covers the PCI DSS requirement related to not using vendor-supplied defaults for system passwords and other security parameters. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

The second section of the PCI-DSS standard applies to defaults – especially passwords and other security parameters. The standard calls for the reset of passwords (etc.) for any new system before placing it on the network. IdM can help here. Leveraging IdM for centralized accounts and policy information allows for a simple automated provisioning of new systems with

Continue reading “PCI Series: Requirement 2 – Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters”

Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy

Having access to quality random numbers is essential for correct and secure operation of operating systems. Operating systems need random numbers from an entropy pool for a variety of tasks, like creating secure SSH or GPG/PGP keypairs, generating random PIDs for processes, generating TCP sequence numbers, and generating UUIDs.

With Red Hat Enterprise Linux 7 we introduced the virtio RNG (Random Number Generator) device that provides KVM virtual machines access to entropy from the host machine.  Red Hat Enterprise Virtualization starting version 3.5 also has exposed this feature.  We have since made improvements to Red Hat Enterprise Linux guests to make the feature easier and more straightforward to use.

A Brief Introduction to virtio and Paravirtualized Devices

virtio is the paravirtualized transport framework for KVM virtual machines. Using the virtio framework, new devices can be

Continue reading “Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy”