Category Archives: Security

Posts related to security.

Superfish – Man-in-the-Middle Adware

Superfish has been getting a lot of attention – the Forbes article is one of the better overviews. Instead of jumping in and covering the details of Superfish, let’s look at how it might work in the real world. Let’s … Continue reading

Posted in Security | 5 Comments

SCAP Workbench

SCAP Workbench allows you to select SCAP benchmarks (content) to use, tailor an SCAP scan, run an SCAP scan on a local or remote system, and to view the results of a scan. The SCAP Workbench page notes: The main … Continue reading

Posted in Security, System Management | Leave a comment

Running SCAP Scans

OpenSCAP can be run from the command line, but there are easier ways to do it. OpenSCAP support has been integrated into Red Hat Satellite and into the Spacewalk open source management platform. Red Hat Satellite has the ability to … Continue reading

Posted in Security, System Management | Leave a comment

Security Tests – SCAP Content

While the SCAP technologies are interesting, they have limited value without security content – the actual set of security tests run by SCAP. Fortunately there is a good set of content available that can be used as a starting point. … Continue reading

Posted in Security | Leave a comment

SCAP Component Technologies

We’re going to dig into SCAP in a fair amount of detail. So, let’s start by covering the various technologies that make up SCAP: XCCDF – the Extensible Configuration Checklist Description Format. An XML based language for creating machine parsable … Continue reading

Posted in Security | Leave a comment

Security Audit Automation Made Easy with SCAP

Security automation can be defined as the use of standardized specifications and protocols to perform specific common security functions. Which leads us to SCAP – the Security Content Automation Protocol, an industry and government initiative to automate security audits and … Continue reading

Posted in Security | Leave a comment

Security Checklists and the US National Checklist Program

If you are going to perform a security audit you need a checklist. Let’s spend a minute on this. If you want a predictable outcome, you need a standard process – a standard set of steps to go through to … Continue reading

Posted in Security | Leave a comment