Monthly Archives: November 2014

Security Checklists and the US National Checklist Program

If you are going to perform a security audit you need a checklist. Let’s spend a minute on this. If you want a predictable outcome, you need a standard process – a standard set of steps to go through to … Continue reading

Posted in Security | Leave a comment

Availability of OpenLMI in Various Linux Distributions

A quick update on the availability of OpenLMI: I have tested Fedora, RHEL, CentOS, and OEL servers using the LMI CLI running on a Fedora system – the cross platform access works. Fedora Fedora is the primary development platform for … Continue reading

Posted in System Management | 2 Comments

LISA’14 – Are We Making Linux Too Easy?

LISA’14, the Large Installation System Administration conference, was held in Seattle last week. I had the opportunity to give a talk on Server Management – if you are interested, the slides are available here. One of the questions caught me … Continue reading

Posted in System Management | 8 Comments

Automation – a Security Imperative

So far we have established: Security Guides are a good idea and exist in almost all organizations. Security audits are good and widely used. Security guides are often poorly written, subject to interpretation, and difficult to apply. Security audits are … Continue reading

Posted in Security | Leave a comment

System Audits – There Has to be a Better Way!

We’re now at the point where we can discuss a system audit. We have defined what an audit is, what security requirements are, and what a security guide is. At the most basic level, a system audit involves examining a … Continue reading

Posted in Security | Leave a comment

High Level Requirements for a Security Guide

Let’s lay out some basic requirements for a security guide: The security guide must exist. It must be available, updated, and maintained. The security guide must incorporate relevant government and industry requirements. The security guide must be actionable. If it … Continue reading

Posted in Security | Leave a comment

What is a Security Guide?

In many cases a security guide is a binder full of often vague, occasionally overly specific and sometimes conflicting requirements. It has usually grown and evolved over a number of years and is written by and for people. Thus, many … Continue reading

Posted in Security | 2 Comments