Posted on 05/29/2018 6:48:37 AM PDT by Texas Fossil
The PCI Security Standards Council, the body governing credit card transactions, has set a deadline for disabling early versions of TLS/SSL to June 30, 2018. What are these technologies? TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are fundamental to internet transport security. Early versions are still fairly common in older infrastructure. Not updating to the newer versions by the deadline could cause your organization to incur a major fee and potentially halt taking credit card transactions.
Let’s take a step back and lay some groundwork. TLS and its predecessor SSL are a set of protocols used to provide secure communications over the internet between one device and another. It is the “S” in HTTPS. Each revision defined a set of cryptographically secure methods to establish and maintain communication. New versions were released as issues with the previous versions were found. Older versions have become less secure as computers have become faster and can break the encryption more efficiently.
The current version TLS 1.2 was published 10 years ago, and TLS 1.3 was recently published and should become an official standard later this year. The PCI Council set a deadline of June 30, 2018, to remove or mitigate all older versions of TLS and all versions of SSL. They currently allow higher security settings of TLS 1.1 and TLS 1.2, with heavy emphasis on updating to TLS 1.2.
New systems have been required for some time to use the updated versions, but older and existing systems were granted an extension, which expires on June 30. This is the deadline that is looming for many organizations. The requirements also include internal communication between two servers, not only external communication directly to clients.
(Excerpt) Read more at concertocloud.com ...
Here's my /home and /backup partition. As you can see, /home is a 1.8TB drive that has just shy of 1TB used. The backup drive is 4.6TB and has about 2.4TB used.
$ df -h | egrep 'home|backup' /dev/mapper/home-zhome 1.8T 755G 987G 44% /home /dev/sdd1 4.6T 2.0T 2.4T 47% /backup
As I said, I do full daily backups. Because of the way backintime works, (using rsync and hardlinks) here is how many full backups exist... You'll note that each directory name below is date-stamped, so I have backups going back to 2015 on this drive.
$ ls /backup/backintime/xxxx.xxxx.net/root/1 20151231-030001-479 20161231-030001-690 20170731-030001-645 20180228-030001-140 20180525-030002-223 20160630-030001-190 20170131-030001-719 20170831-030002-690 20180331-030014-332 20180527-030033-789 20160731-030001-130 20170228-030001-368 20170930-030001-293 20180430-030001-556 20180528-030002-318 20160831-030002-520 20170331-030001-884 20171031-030001-309 20180513-030002-355 20180529-030002-873 20160930-030014-168 20170430-030001-517 20171130-030002-668 20180520-030001-570 last_snapshot 20161031-030013-599 20170531-030033-108 20171231-030002-454 20180523-030002-233 20161130-030001-598 20170630-030001-860 20180131-030001-957 20180524-030001-319
You are a lot more methodical than I am.
I do keep backups of /home, but I don't have to restore that partition when I do reinstalls.
Depends upon how the disks are set up. If /home is on a separate disk, like I have it now, I might well leave it alone. I've gone back and forth on using LVM on /home, which will often influence things as well, because I really hate working with LVM, and have since IBM first introduced it in AIX (though SMIT actually made dealing with it not as painful as it otherwise can be). I've actually thought about using the ZFS file filesystem, since disks are getting to be so humongous these days. I still find it hard to believe that I have multi-terrabyte disks.
One thing to remember when doing an install is that it is really important to unplug the drives. I had an external (backup) drive plugged in during a Fedora install years ago and did not notice that Fedora had helpfully added the external drive to the LVM when it formatted and configured the disks. Had to fall back to my secondary backup that time. Lost a bit of data because of my inattentiveness.
I basically started in operations as a tape monkey (can we still say that?). Having seen how badly things can screw up if you let them, I'm pretty serious about my data. People used to keep shoe boxes and albums full of family pictures and stuff. These days most of that is data, and if you lose it, it is gone forever. My backup regimen is mostly hands-off, as I set it up and let it do it's thing for me every day. About once a month or so, I do the offsite drive thing, mostly because I really am paranoid. For most folks, just having a backup is more than enough.
One really nice feature of OSX is the "time machine" program that lets you pretty much continually back up your data without even thinking about it. The functional bit if that program is pretty similar to how 'backintime' works, but with even less intervention. Folks running OSX really have no excuse for not having backups.
Yeah—I left LVM a while ago in regards to my laptop (dual HW RAIDed HDD), and just went to standard partitions. It makes things a lot easier when doing a clean install as I can just leave that /home partition alone during the customized partitioning step.
“Old bugs taken out. New bugs put in.”
You were right. smile.
chasing snakes.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.