Stories about: SSH

With the release of Apple's iPhone SDK now come and gone, and the enhanced IT-oriented capabilities planned for the next major iPhone device and software update now unveiled, it's clear that iPhones are going to be corporate mainstays. Still, at its heart, the iPhone is a consumer device, so IT leaders still have to ensure that the iPhones that come in the door fit their data management and security strategies, even with Apple's new enterprise security capabilities.

Being available to troubleshoot tech problems remotely, at all hours of the night and on weekends, goes with the territory for IT pros. But working from home during business hours? Not so much. There are signs, however, that attitudes could be changing.

Cisco has issued three security patches, fixing bugs that could crash its products and drawing a warning from the SANS Internet Storm Center.

Ten great free network management tools were recently showcased. Readers responded with some of their own favorites, so I'm going to take a look at those tools and report on their capabilities and usage from my perspective as an experienced network manager.

If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday.

Cox Communications employee William Bryant recently pleaded guilty to information technology sabotage, having caused the loss of computer, telecommunications and emergency 911 services for thousands of Cox's business and residential customers throughout Dallas, Las Vegas, New Orleans and Baton Rouge . Bryant faces a 10-year jail sentence and a US$250,000 fine, but the future is less certain for Cox. Although services were fully restored, the incident's effect on Cox's reputation has yet to be determined.

VanDyke Software recently published results of the fifth annual edition of its survey of network and system administrators the company hired Amplitude Research to conduct and analyze.

e-DMZ's Password Auto Repository (PAR) is delivered as a hardware appliance with all the services necessary for it to act as a privileged account password manager. All privileged account passwords are issued based on administratively designed rules. The passwords may be deemed valid for an indefinite life, for finite periods of time or for single purpose activities such as installations, upgrades or configuration changes.

Privileged IT staffers literally holds the keys to the castle. Access to those keys that open the doors to critical operating system and application resources must be carefully managed and legally audited. Enter the class of products referred to as privilege account management wares.

Many products claim to filter out 99.9 per cent of spam, but the Sendio I.C.E. Box 3.0 is the first I've tested that actually did so. Sendio claims zero false positives as well, but that isn't accurate. Because Sendio's challenge/response mechanism requires a human from the sender before mail will be delivered, any bulk e-mail sent via an automated process (with no means to reply to the challenge) will be quarantined until released by the enduser. Products that truly avoid false positives, such as Cisco IronMail and Symantec, spare endusers the hassle.