sábado, fevereiro 23, 2008

Mais vídeos sobre segurança na Red Hat Magazine

Mark Cox - líder do Red Hat Security Response Team - fala sobre problemas de segurança, políticas de atualizações na RHN, e dicas para manter o Linux mais seguro.

Episode 1: The Vendor

Episode 2: Policies

Episode 3: Tips for a secure system

Episode 4: Security issues and metrics


Fonte: Red Hat Magazine

sexta-feira, fevereiro 22, 2008

Disk encryption - useless ?




Fonte:

http://isc.sans.org/diary.html?storyid=4006

quarta-feira, fevereiro 06, 2008

SELinux Slogans

Post muito engraçado (ou não, depende do seu ponto de vista) feito por Spencer Shimko em http://beyondabstraction.net/2008/01/10/selinux-slogans

  • SELinux - Because users do weird shit.

  • SELinux - Fuck root.

  • SELinux - Hampering administrators since before it was cool.

  • SELinux - High-security gone haywire.

  • SELinux - Turning it off is like removing the batteries from a smoke detector. Sure it sounds better but you might get burned.

  • SELinux - Because life is too simple.

  • SELinux - AppArmor sucks.

  • SELinux - It’s too early in the morning to be cleaning up after 11-year old kiddies.

  • SELinux - Too powerful for our own good.

  • SELinux - Here’s our root password, what’s yours?

  • SELinux - Didn’t they teach you about using protection in high-school?

  • SELinux - Blind faith not required

  • SELinux will save you tons of money, your TCO will go down and your ROI will go up.

  • SELinux supports 3-letter acronyms out of the box, no complex policy changes required.

  • Zero day vulnerabilities are a fact. Do something about it.

  • Trusted Solaris has been end-of-lifed and you’re not in the government space to begin with.

  • Path-named based access control is weak.

  • Implicitly trusting admins doesn’t have to be SOP.

  • You’re not a security expert, let us do the hard work.

  • The US military (and others) trust SELinux with their information, shouldn’t you?