Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Are you ready for June 30th's PCI deadline? Say hello to TLS v 1.2
Concerto Cloud Services ^ | 04.16.2018 | Bill Davison

Posted on 05/29/2018 6:48:37 AM PDT by Texas Fossil

The PCI Security Standards Council, the body governing credit card transactions, has set a deadline for disabling early versions of TLS/SSL to June 30, 2018. What are these technologies? TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are fundamental to internet transport security. Early versions are still fairly common in older infrastructure. Not updating to the newer versions by the deadline could cause your organization to incur a major fee and potentially halt taking credit card transactions. 

Why is the TLS update critical? 

Let’s take a step back and lay some groundwork. TLS and its predecessor SSL are a set of protocols used to provide secure communications over the internet between one device and another. It is the “S” in HTTPS. Each revision defined a set of cryptographically secure methods to establish and maintain communication. New versions were released as issues with the previous versions were found. Older versions have become less secure as computers have become faster and can break the encryption more efficiently. 

What does the TLS mandate require? 

The current version TLS 1.2 was published 10 years ago, and TLS 1.3 was recently published and should become an official standard later this year. The PCI Council set a deadline of June 30, 2018, to remove or mitigate all older versions of TLS and all versions of SSL. They currently allow higher security settings of TLS 1.1 and TLS 1.2, with heavy emphasis on updating to TLS 1.2. 

New systems have been required for some time to use the updated versions, but older and existing systems were granted an extension, which expires on June 30. This is the deadline that is looming for many organizations. The requirements also include internal communication between two servers, not only external communication directly to clients.

(Excerpt) Read more at concertocloud.com ...


TOPICS: Government; News/Current Events; Technical
KEYWORDS: computer; deadline; security; update
Navigation: use the links below to view more comments.
first previous 1-2021-27 last
To: zeugma
In case anyone else anyone else might be interested in backintime for doing backups on Linux systems...

Here's my /home and /backup partition. As you can see, /home is a 1.8TB drive that has just shy of 1TB used. The backup drive is 4.6TB and has about 2.4TB used.

$ df -h | egrep 'home|backup'
/dev/mapper/home-zhome  1.8T  755G  987G  44% /home
/dev/sdd1               4.6T  2.0T  2.4T  47% /backup

As I said, I do full daily backups. Because of the way backintime works, (using rsync and hardlinks) here is how many full backups exist... You'll note that each directory name below is date-stamped, so I have backups going back to 2015 on this drive.

$ ls /backup/backintime/xxxx.xxxx.net/root/1
20151231-030001-479  20161231-030001-690  20170731-030001-645  20180228-030001-140  20180525-030002-223
20160630-030001-190  20170131-030001-719  20170831-030002-690  20180331-030014-332  20180527-030033-789
20160731-030001-130  20170228-030001-368  20170930-030001-293  20180430-030001-556  20180528-030002-318
20160831-030002-520  20170331-030001-884  20171031-030001-309  20180513-030002-355  20180529-030002-873
20160930-030014-168  20170430-030001-517  20171130-030002-668  20180520-030001-570  last_snapshot
20161031-030013-599  20170531-030033-108  20171231-030002-454  20180523-030002-233
20161130-030001-598  20170630-030001-860  20180131-030001-957  20180524-030001-319

21 posted on 05/29/2018 10:02:26 AM PDT by zeugma (Power without accountability is fertilizer for tyranny.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: zeugma

You are a lot more methodical than I am.


22 posted on 05/29/2018 12:28:14 PM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 20 | View Replies]

To: zeugma
When you do a clean reinstall, do you overwrite /home? I typically keep it as it is and just mount it to the new system.

I do keep backups of /home, but I don't have to restore that partition when I do reinstalls.

23 posted on 05/30/2018 3:36:47 AM PDT by ShadowAce (Linux - The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 21 | View Replies]

To: ShadowAce
When you do a clean reinstall, do you overwrite /home? I typically keep it as it is and just mount it to the new system.

Depends upon how the disks are set up. If /home is on a separate disk, like I have it now, I might well leave it alone. I've gone back and forth on using LVM on /home, which will often influence things as well, because I really hate working with LVM, and have since IBM first introduced it in AIX (though SMIT actually made dealing with it not as painful as it otherwise can be). I've actually thought about using the ZFS file filesystem, since disks are getting to be so humongous these days. I still find it hard to believe that I have multi-terrabyte disks.

One thing to remember when doing an install is that it is really important to unplug the drives. I had an external (backup) drive plugged in during a Fedora install years ago and did not notice that Fedora had helpfully added the external drive to the LVM when it formatted and configured the disks. Had to fall back to my secondary backup that time. Lost a bit of data because of my inattentiveness.

24 posted on 05/30/2018 7:07:16 AM PDT by zeugma (Power without accountability is fertilizer for tyranny.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Texas Fossil
You are a lot more methodical than I am.

I basically started in operations as a tape monkey (can we still say that?). Having seen how badly things can screw up if you let them, I'm pretty serious about my data. People used to keep shoe boxes and albums full of family pictures and stuff. These days most of that is data, and if you lose it, it is gone forever. My backup regimen is mostly hands-off, as I set it up and let it do it's thing for me every day. About once a month or so, I do the offsite drive thing, mostly because I really am paranoid. For most folks, just having a backup is more than enough.

One really nice feature of OSX is the "time machine" program that lets you pretty much continually back up your data without even thinking about it. The functional bit if that program is pretty similar to how 'backintime' works, but with even less intervention. Folks running OSX really have no excuse for not having backups.

25 posted on 05/30/2018 7:13:56 AM PDT by zeugma (Power without accountability is fertilizer for tyranny.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: zeugma

Yeah—I left LVM a while ago in regards to my laptop (dual HW RAIDed HDD), and just went to standard partitions. It makes things a lot easier when doing a clean install as I can just leave that /home partition alone during the customized partitioning step.


26 posted on 05/30/2018 7:44:27 AM PDT by ShadowAce (Linux - The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Red Badger

“Old bugs taken out. New bugs put in.”

You were right. smile.

chasing snakes.


27 posted on 05/30/2018 8:33:20 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 2 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-27 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson