An easier way to manage disk decryption at boot with Red Hat Enterprise Linux 7.5 using NBDE

How many times have you had to staff the server room during the graveyard shift just to enter a password to unlock encrypted disks at boot time? Has this requirement kept you away from securing your data? What are your options?

Red Hat has included disk encryption for years with Linux Unified Key Setup-on-disk-format (LUKS). This solution is easy to implement and configure for your encryption needs, but

Continue reading “An easier way to manage disk decryption at boot with Red Hat Enterprise Linux 7.5 using NBDE”

PCI Series: Requirement 3 – Protect Stored Cardholder Data

Welcome to another post dedicated to the use of Identity Management (IdM) and related technologies in addressing the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement three (i.e. the requirement to protect stored cardholder data). In case you’re new to the series – the outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

Section three of the PCI DSS standard talks about storing cardholder data in a secure way. One of the technologies that can be used for secure storage of cardholder data is

Continue reading “PCI Series: Requirement 3 – Protect Stored Cardholder Data”

Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy

Having access to quality random numbers is essential for correct and secure operation of operating systems. Operating systems need random numbers from an entropy pool for a variety of tasks, like creating secure SSH or GPG/PGP keypairs, generating random PIDs for processes, generating TCP sequence numbers, and generating UUIDs.

With Red Hat Enterprise Linux 7 we introduced the virtio RNG (Random Number Generator) device that provides KVM virtual machines access to entropy from the host machine.  Red Hat Enterprise Virtualization starting version 3.5 also has exposed this feature.  We have since made improvements to Red Hat Enterprise Linux guests to make the feature easier and more straightforward to use.

A Brief Introduction to virtio and Paravirtualized Devices

virtio is the paravirtualized transport framework for KVM virtual machines. Using the virtio framework, new devices can be

Continue reading “Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy”