Comodo today the launch of Red Hat- and CentOS-based versions of their back office server suite, Zero Touch Linux (ZTL). ZTL is a complete suite of Linux server applications centrally controlled by a user friendly web-based interface. The new versions compatible with Red Hat and CentOS, join the existing Trustix Secure Linux based version - providing administrators with greater flexibility and choice.
Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality.
Palamida today announced that it has extended the reach of its extensive compliance library and launched a new service, the Vulnerability Reporting Solution (VRS). VRS works seamlessly with Palamida’s code audit compliance solution, IP Amplifier™, to identify, prioritize, and report known vulnerabilities within open source code used in customers’ projects.
Open source security tools abound, so take advantage of them and avoid paying for commercial products if open source fits your needs. That was the message from Matthew Luallen, president of consulting firm Sph3r3, who spoke at yesterday’s InfoSec Conference.
Open source security is already in data centers, even if network executives think it isn't. One common example is OpenSSL, an open source-library implementation of the SSL encryption standard with an accompanying set of tools and utilities. Any commercial product that uses SSL for such features as Web-based management or client/server control channels almost certainly is using OpenSSL. With no reason to believe that they could write better or more bug-free code, commercial developers naturally gravitate to reusable, open source components wherever possible.
The Open Source Software Institute, announced today the official launch of the OpenCrypto Management Program, a U.S. Department of Defense-sponsored follow-on to OSSI's successful effort to secure Federal Information Processing Standards validation for the OpenSSL FIPS Object Module.
A rootkit is a group of software tools which an attacker can use to hide their tracks. A rootkit can also contain software which allows the attacker to get root access and steal or remove files on a system. Another goal for a rootkit is for the attacker to maintain access to the hijacked computer. Rootkits are written for many different operating systems however, this article will only talk about Linux rootkits.
After a long and arduous journey that included a suspended validation last year, the Open Source Software Institute (OSSI) has announced that OpenSSL has regained its FIPS 140-2 validation and is now available for download. The validation process, which normally lasts a few months, took an astounding five years to complete, and those involved with the projects say they are already devising ways to avoid such long delays in future validations.