Linux Foundation’s Security Checklist Can Help Sysadmins Harden Workstations

system security, access management, identity access management, foxtIf you’re a Linux user, especially a systems administrator, the Linux Foundation has some security tips to share with you, and they’re quite good.

Konstantin Ryabitsev, the Foundation’s director of collaborative IT services, published the security checklist that the organization uses to harden the laptops of its remote sysadmins against attacks.
Continue reading

Go, Slow and No: Bringing DevOps Speed to IT Security

system security, access management, identity access management, foxtThe shift from mainframe to client-server computing between 1980 and 2000 led to an explosion of choices for IT. Until 1980, there was usually a piece of big iron (from IBM) that sat in the data center and ran a limited number of applications. The post-mainframe generation of IT expansion came with a corresponding growth of specializations and silos in the IT organization.

CIOs, throughout this transition, increasingly presided over a range of organizations and titles that reflected the various infrastructure categories (networking, compute, etc.), the application development process (developer, architect, etc.), and related functions that enabled the performance and protection of company business processes and IP (security, architecture, etc.).
Continue reading

How to Defend Against Insider Threats

system security, access management, identity access management, foxtThe classic Hollywood portrayal of a lone hacker in a dark room in a country far away might sell popcorn, but it shouldn’t take business owners off their guard.

In the real world, the person behind an organization’s next security breach might be much closer than anyone realizes. A recent PwC survey on the state of U.S. cybercrime found thatnearly 30 percent of all security incidents were triggered by insiders, which include employees, trusted contractors and partners.

Many insider incidents are not intentional. For example, a user might accidentally email a file containing highly sensitive information to an external address. But, for a small percentage of companies, such data breaches are no accident. Internal users with easy access to sensitive data steal it through emails, file sharing, removable media and even data printouts or photo downloads.
Continue reading

Migrate from Proprietary Software to Linux to Create Cost Savings

system security, access management, identity access management, foxt Amongst the top IT trends of the moment is the development of Linux Containers. Financial and technical investors, Linux software programmers and customers believe that Linux Containers will transform the way organisations manage their Linux environments from deployment to maintenance. A recent survey by Red Hat and Techvalidate says that 56% of the respondents plan to use Linux containers as vehicles for rolling out web and eCommerce over the next two years. The respondents included a number of Fortune 500 companies and public sector organisations. Any development in the world of e-Commerce is definitely worth taking a look.
Continue reading Article: Why Many Companies Aren’t Securing OS Permissions Adequately

system security, access management, identity access management, foxt When it comes to ensuring that the operating systems in your IT infrastructure are adequately secured, access-permission-wise, some companies and organizations are more up to date — secure, and compliant — than others, according to David Dingwall, architect, and business development manager, Fox Technologies (which has recently conducted an in-depth survey of over 500 IT security professionals concerning their server environment security practices).
Continue reading

Administrator Accounts are the Target, and the Goal for Hackers

system security, access management, identity access management, foxt The upcoming Usenix LISA15 conference agenda caught my eye this morning, as there is a talk scheduled that resonates with what FoxT has been saying for at least the last year.

“Sysadmins and Their Role in Cyberwar: Why Several Governments Want to Spy On and Hack You, Even If You Have Nothing to Hide” from Christopher Soghoian, Principal Technologist, American Civil Liberties Union

FoxT offers the BoKS ServerControl product to help manage and protect Linux and Unix systems. The accounts on these systems, and especially accounts with administrative privileges, are a valued commodity to hackers. These administrator credentials are often ‘keys to the kingdom’, granting access and control to every aspect of a system from the way that the operating system functions, to the applications that it runs and the data that it stores. Over the last two years almost every major breach has been traced to compromised administrator credentials.
Continue reading

Want Security? Next-Gen Start-Ups Show How Old Practices Don’t Cut It

system security, access management, identity access management, foxt Stop hackers from walking on the eggshells protecting your datacenter: In case you hadn’t noticed, IT security sucks. There is a chronic lack of people trained in IT security, people who will listen to IT security, and even a lack of agreement on how best to go about IT security. Fortunately, a new generation of startups are helping to tackle the issues.
Continue reading

Network Security: Securing the Ever-Expanding Boundary

system security, access management, identity access management, foxt The capacity for disruptive innovation is a well-regarded quality among technology entrepreneurs, but they are not the only ones known for constantly upsetting established protocol. Hackers and organized criminals continue to hone their capabilities and attacks, hiding their online activity in a flood of data and overwhelming or subverting organizational defenses. Regular and increasingly large disruptions will begin to tear at the integrity of the internet, creating new technical, social, and political divisions.
Continue reading

Linus Torvalds: Security is Never Going to be Perfect

One of the best kept secrets at this week’s LinuxCon was the presence of Linus Torvalds. I’ve never not seen Linus at any of the LinuxCons I’ve attended since 2009, whether in Europe or North America, but no matter who you asked, the answer was, “He’s not here.” This morning, though, a little bird sang that the surprise guest for the upcoming keynote was none other than Torvalds.

Continue reading