Practical Steps Toward Compliance With OpenSCAP
In this blog I described some of the logical problems with vulnerability scanners. False positive and false negative errors. Additionally, the worry that problems exist but our tool hasn’t even tried looking for them. Let’s try to make this practical! I’m working on a consulting job as a sub-sub-contractor on a U.S. Department of Defense […]
Vulnerability Scanners: How Helpful Are They?
Many of you must follow formal cybersecurity requirements. PCI DSS, if you accept credit or debit cards. HIPAA, if you store or process health care data. Then, if you’re with the Department of Defense or other U.S. Government agencies, there are more detailed configuration requirements. In theory, you could just read the requirements and then […]
Why Order Matters
While it may seem strange, sometimes it is possible for a mathematical expression to have two different right answers. Consider: This expression has been discussed on the Internet since 2011! The correct answer could be either 2 or 288. Really. It depends on how the expression is evaluated. To understand that we have to understand […]
What’s New in Red Hat Enterprise Linux 8?
RHEL 8 is on the way! I have experimented with RHEL 8, both the beta release that came out last November and the final release this June. Here’s my brief “test drive” report. For far more detail, I have a series of pages describing the upgrade path from RHEL 5 through 8. RHEL 8 was […]
Which Linux Training is Best for Programmers and Server Administrators?
In this blog I started explaining Learning Tree’s array of Linux training courses. I divided them into courses that prepare you for certification exams, versus those that teach you to use and manage the Linux environment. I explained the CompTIA, Microsoft, and Red Hat certification test-prep courses. Now let’s look at the courses that teach […]