Monthly Archives: October 2009

You want me to do what?

I’m awaiting a proclamation to be delivered henceforth by a knight on his trusted steed that will proclaim to all that I am the ISSA of all the land.

Good golly I hope that made sense. Maybe it was funnier when my Information System Security Officer (ISSO) said it in a meeting late last week. Anyway, I’ve been knighted his assistant (ISSA) for all security matters dealing with my project (since he really doesn’t have visibility into my project…). I guess it’s about time I get serious about getting my RHCE since 95% of my servers run RHEL 5.x. But until then I’ll be stepping up my efforts now that I have developers and admins asking me questions about everything. At least it will keep my security knowledge sharp!

Zikula Advanced Polls

Just pushed zikula-module-advanced_polls to bodhi tonight. This module, as you might have guessed, allows the user of the Zikula CMS to also do “advanced” voting. There is also a simple polls package that hopefully will be in CVS tomorrow night. Sorry but I don’t know the difference between simple and advanced. But you can check out the advanced tonight if you like!

You can find the F-11, F-12, and EL-5 package on bodhi. Please login and leave karma. 3 pushes it to stable!

Expiring PGP/GPG keys…

A discussion was had on one of the Fedora IRC channels months ago about the “proper” way to handle expiring GPG keys without breaking the web of trust. It was my opinion that by generating new keys every so often (yearly?) that it would increase the security of the overall system because keys can be cracked and the longer the key is in the wild the higher the chances of the key being exposed. You may not even know that they key has been cracked or being used.

Today I went searching for answers and found them in a keysigning HOWTO. The HOWTO explains, what I would consider to be, a valid reason to regenerate your keys along with a proper method for not necessarily breaking the web of trust.

Opinions?

Cisco VPN with Certificate Authentication

So my I just got word that my current method of authenticating into the network where I do all my work will be changing. We used to use a Vasco token to gain access to the network and I had figured out how to make that work but now we will be authenticating using our smart cards. I looked at the current Cisco VPN setup in Network Manager but it doesn’t appear to support smart cards. Does anyone know how to make this happen?