Tag Archive
SSH keys: DSA versus RSA
On occasion, when explaining how to set up SSH’s public key authentication system, I am asked which is better, RSA or DSA keys. In the next few paragraphs I’ll attempt to answer that question. I’ll preface my discussion with the disclosure that while I have some expertise in Ethernet LANs and TCP/IP networking, I have [...]
A (very) simple log server for VOS
The OpenVOS architecture makes use of several independent systems; the NIO for X25 communication, the fiber channel disk array controllers, UPS for power, the RSN Internet Console Server for RSN over IP and the maintenance network Ethernet switches that allow all these systems to communicate over a private Ethernet/IP network. These systems are monitored by [...]
When an employee leaves the company deleting log-in credentials is not enough
The other day while working an issue at a customer site I noticed and happened to mention that there were two sets of application processes running, one set running under some generic name like Production.SysAdmin and one set, which had been running for over 3 years, under a person’s name, call him Fred.SysAdmin. It turns [...]
A Host-based Firewall for VOS
When people think of IPsec they think of data encryption but it can also be used to drop packets or allow them without any encryption. It can do this based on the source and destination IP address and port numbers. Which is exactly what a firewall does; so you can use the IPsec feature of [...]
Securing PreLogin Internal Commands
Paul Green and I were discussing a new command he’s working on called check_module_security. The subject of unnecessary commands available at the login prompt came up. Jon Schmidt of Transaction Design recommends in an article about Locking the Barn Door. Internal Commands: display_current_module (prelogin) list_modules (prelogin) display_date_time (prelogin) list_systems (prelogin) display_line (prelogin) login (prelogin) If [...]
