Security

Using Yubikeys for SSH

Using Yubikeys for SSH

In Yubikey PIV for SSH on Macs I described the full process for setting up and using Yubikeys for SSH. This is an abbreviated version that only describes how to use the Yubikey; the assumption is that some admin has already configured your Yubikey.

Kerberos, LDAP, SSH, and NAT/AWS

Kerberos, LDAP, SSH, and NAT/AWS

Kerberos, and therefore LDAP with GSSAPI, has issues with servers behind NAT, or anywhere the forward DNS lookup does not match the reverse DNS lookup. For instance, in our lab we have an OpenLDAP LDAP server: $ dig +noall +answer ldap.itlab.stanford.edu ldap.itlab.stanford.edu. 207 IN CNAME idp.itlab.stanford.edu. idp.itlab.stanford.edu. 200 IN A 54.189.121.117 However, since it's running Continue reading Kerberos, LDAP, SSH, and NAT/AWS

IIW XI

The 11th unconference formerly known as the Internet Identity Workshop (and now known simply as IIW) was held at the Computer History Museum, Nov 2-4. Most of the session notes or presentations are available online. The main topics for sessions I attended at this IIW were Applied user-centric identity: OAuth, OpenID, and OpenID Connect - Continue reading IIW XI

Burton Analyst Discussion on Hypervisor Security and Compliance Standards

I scheduled a one hour Analyst discussion with Trent Henry of Burton Group on the subject of trends in Hypervisor Security;  with respect to getting the apprprate balance of risk mitigation (i.e. threat vs. investment in threat response using technology and practice). Specifically, my query to setup the discussion was: "The costs associated with deploying Continue reading Burton Analyst Discussion on Hypervisor Security and Compliance Standards

MySQL and SSL

I took a quick look at using SSL with MySQL, and it turns out to be reasonably simple to enable SSL for transport level encryption, while still using username and password for authentication. Read on for some links to useful articles for MySQL, Java, Perl, Ruby on Rails and some sad news about PHP.