PCI Series: Requirement 10 – Track and Monitor All Access to Network Resources and Cardholder Data

This is my last post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement ten (i.e. the requirement to track and monitor all access to network resources and cardholder data). The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

Requirement ten focuses on audit and monitoring. Many components of an IdM-based solution, including client components like

Continue reading “PCI Series: Requirement 10 – Track and Monitor All Access to Network Resources and Cardholder Data”

Container Live Migration Using runC and CRIU

In my previous article I wrote about how it was possible to move from checkpoint/restore to container migration with CRIU. This time I want to write about how to actually migrate a running container from one system to another. In this article I will migrate a runC based container using runC’s built-in CRIU support to checkpoint and restore a container on different hosts.

I have two virtual machines (rhel01 and rhel02) which are hosting my container. My container is running Red Hat Enterprise Linux 7 and is located on a shared NFS, which both of my virtual machines have mounted. In addition, I am telling runC to mount the container

Continue reading “Container Live Migration Using runC and CRIU”

PCI Series: Requirement 8 – Identify and Authenticate Access to System Components

This post continues my series dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS).  This specific post is related to requirement eight (i.e. the requirement to identify and authenticate access to system components). The outline and mapping of individual articles to requirements can be found in the overarching post that started the series.

Requirement eight is directly related to IdM. IdM can be used to address most of the requirements in this section. IdM stores user accounts, provides user account life-cycle management

Continue reading “PCI Series: Requirement 8 – Identify and Authenticate Access to System Components”

PCI Series: Requirement 7 – Restrict Access to Cardholder Data by Business Need to Know

This is my sixth post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS).  This specific post is related to requirement seven (i.e. the requirement to restrict access to cardholder data by business need to know).  The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

Section 7 of the PCI DSS standard talks about access control and limiting the privileges of administrative accounts.  IdM can play a big role in addressing these requirements.  IdM provides several key features that are related to access control and privileged account management.  The first one is

Continue reading “PCI Series: Requirement 7 – Restrict Access to Cardholder Data by Business Need to Know”

Now Available: Red Hat Certificate System 9.1 & Red Hat Directory Server 10.1

Today we are pleased to announce the release of Red Hat Certificate System 9.1 and Red Hat Directory Server 10.1, both supported on Red Hat Enterprise Linux 7.3.

Red Hat Certificate System, based on the open source PKI capabilities of the Dogtag Certificate System, is designed to provide Certificate Life Cycle Management (i.e. to issue, renew, suspend, revoke, archive/recover, and manage the single and dual-key X.509v3 certificates needed to handle strong authentication, single sign-on, and secure communications).

Red Hat Directory Server is an open source LDAP-compliant server that centralizes application settings, user profiles, group data, policies, and access control information in a network-based registry based on the 389 Directory Server project. The Red Hat Directory Server simplifies user management by eliminating data redundancy and automating data maintenance. Red Hat Directory Server also improves security, enabling administrators to store policies and access control information in the directory for a single authentication source across enterprise or extranet applications.

What’s New in Red Hat Certificate System 9.1

Certificate System 9.1 has introduced

Continue reading “Now Available: Red Hat Certificate System 9.1 & Red Hat Directory Server 10.1”

Container Tidbits: Understanding the docker-latest Package

Does your team want to move as quickly as possible? Are you and your development team looking for the latest features and not necessarily optimizing on stability? Are you just beginning with the docker runtime and not quite ready for container orchestration? Well, we have the answer, and it’s called the docker-latest package.

Background

About 6 months ago, Red Hat added a package called docker-latest. The idea is to have two packages in Red Hat Enterprise Linux and Red Hat Enterprise Linux Atomic Host. A very fast moving docker-latest package and a slower, but more stable package called, well of course, docker.

The reasoning is, the larger and more sophisticated your container infrastructure becomes, a more stable version is often what people want – but when split into small agile teams, or when just starting out, many teams will optimize on the latest features in a piece of software. Either way, we have you covered with Red Hat Enterprise Linux and Red Hat Enterprise Linux Atomic Host.

Continue reading “Container Tidbits: Understanding the docker-latest Package”

Arm in Arm: Explore Enterprise Server Options at ARM’s Annual Technical Conference

If you have ever wanted to learn about Red Hat’s involvement in the ARM server ecosystem, and are in the San Francisco Bay Area, this week may be a perfect opportunity. Red Hat will be exhibiting at ARM TechCon, ARM Holdings’ premier yearly show at the Santa Clara Convention center. Attendees will be presented with a variety of great technical sessions and training topics, along with expert keynotes, solutions-based Expo Theater sessions and an expo floor filled with new and emerging technologies for the datacenter.  Note that the expo floor can be accessed with the free

Continue reading “Arm in Arm: Explore Enterprise Server Options at ARM’s Annual Technical Conference”

From Checkpoint/Restore to Container Migration

The concept to save (i.e. checkpoint / dump) the state of a process, at a certain point in time, so that it may later be used to restore / restart the process (to the exact same state) has existed for many years. One of the most prominent motivations to develop and support checkpoint/restore functionality was to provide improved fault tolerance. For example, checkpoint/restore allows for processes to be restored from previously created checkpoints if, for one reason or another, these processes had been aborted.

Over the years there have been several different implementations of checkpoint/restore for Linux. Existing implementations of checkpoint/restore differ in terms of  “what level” (of the operating system) they are operating; the lowest level approaches focus on implementing checkpoint/restore directly in the kernel while other “higher level” approaches implement checkpoint/restore completely in user-space. While it would be difficult to unearth each and every approach /  implementation – it is likely fair to

Continue reading “From Checkpoint/Restore to Container Migration”

PCI Series: Requirement 6 – Develop and Maintain Secure Systems and Applications

This post is the fifth installment in my PCI DSS series – a series dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement six (i.e. the requirement to develop and maintain secure systems and applications). The outline and mapping of individual articles to requirements can be found in the overarching post that started the series.

Section six of the PCI DSS standard covers guidelines related to secure application development and testing. IdM and its ecosystem can help in multiple ways to address requirements in this part of the PCI-DSS standard. First of all, IdM includes a set of Apache modules for

Continue reading “PCI Series: Requirement 6 – Develop and Maintain Secure Systems and Applications”