[Discuss] Boston Linux Meeting Reminder Wednesday, November 19, 2014 - Jeff Schiller on Security
When: November 19, 2014 7PM (6:30PM for QA) Topic: Jeff Schiller on Security Moderator: Jeff Schiller - Network Manager , Massachusetts Institute of Technology (MIT) Location: MIT Building E51, Room 325 Please note that Wadsworth Street is under construction. You can enter Ames St from Memorial Drive, and take a right onto Amherst St. Summary Jeff discusses the importance of security early in the development process Abstract TBD BIO Jeff works at MIT in the Information Services and Technology Department (IST). For more then 20 years he's managed MIT's Internet presence. He also built a significant portion of MIT's Security Infrastructure including its X.509 certificate deployment. MIT is probably has one of the largest deployments (and certainly the oldest, dating back to 1996) of X.509 client Certificates. For further information and directions please consult the BLU Web site http://www.blu.org Please note that there is usually plenty of free parking in the E-51 parking lot at 2 Amherst St, or directly on Amherst St. After the meeting we will adjourn to the official after meeting meeting location at The Cambridge Brewing Company http://www.cambridgebrewingcompany.com/ -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 ___ Announce mailing list annou...@blu.org http://lists.blu.org/mailman/listinfo/announce ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Revisiting VMWare ESX backup options
On Wed, Nov 5, 2014 at 3:30 PM, Edward Ned Harvey (blu) b...@nedharvey.com wrote: From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Matthew Gillen Not everyone can have a bank vault to put their computers in. Even fewer can put their backup media into a locked vault which is inside their secure server closet and then transported, still locked to the bank vault, which is then locked during the transport into the safe box. Which is a silly way of stating the obvious: Even if you have physically secure locations, you still have to unsecurely transport your media to those locations. And a zillion other pointless scenarios, that are pointless to get into. I'll mention one aspect that wasn't mentioned thus far, and basically makes this discussion moot: Insurance underwriters are now requiring that customers encrypt backups. So, if you want business insurance (general liability, I'm not even talking about a data breach policy), then you will encrypt your backups. Greg Rundlett http://eQuality-Tech.com http://equality-tech.com/ http://freephile.org ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Revisiting VMWare ESX backup options
On 11/18/2014 1:09 PM, Greg Rundlett (freephile) wrote: So, if you want business insurance (general liability, I'm not even talking about a data breach policy), then you will encrypt your backups. Assuming you need business insurance and this is a requirement for your policy then by all means encrypt your backups. BUT! This isn't encryption for the sake of encryption. It isn't an idealistic encrypt everything and the world will be better philosophy. It's a specific reason to take specific action. That is, it's a specific threat (loss of benefits) with a specific defense (encrypt backups per the insurer's requirements). -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] free SSL certs from the EFF
EFF partners with some industry players to give out free SSL certs. Launching in 2015: A Certificate Authority to Encrypt the Entire Web https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web With a launch scheduled for summer 2015, the Let's Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button. ... The Let's Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group (ISRG). EFF helped to put together this initiative with Mozilla and the University of Michigan, and it has been joined for launch by partners including Cisco, Akamai, and Identrust. We sort of already have this today with StartCom (StartSSL), but they have limitations on their free offering. No wildcard certs, and if the host name even sounds like a site that might sell things (e-commerce), they won't issue a cert. But EFF isn't stopping with merely making the certs free. You still have to jump though a few hoops with StartCom, and it sounds like EFF wants to add more automation to the issuing process to make it faster/trivial to add SSL to a site. ...it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let's Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software... The big win will be when large shared and VPS hosting providers integrate certificate acquisition and installation into their control panels. Will providers have motivation to do that integration if it means giving up the sales commission they were getting from Comodo or other SSL CAs? We will use a protocol we're developing called ACME between web servers and the CA, which includes support for new and stronger forms of domain validation. All the automation does make you wonder whether it is going to be easier to game the system. Not that we had that much confidence in the authentication aspect of certs to begin with. (There are just too many CAs with lax practices for validating identities.) -Tom -- Tom Metro The Perl Shop, Newton, MA, USA Predictable On-demand Perl Consulting. http://www.theperlshop.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss