Use Active Directory for authentication and authorization in your Node.js Bluemix application

In this article, you learn how to use your existing Microsoft Active
Directory infrastructure to provide authentication and authorization decisions
to your Node.js Bluemix application. Editor’s note: This article has been archived due to outdated tech or methodologies. Please
refer to updates to this article in “Use LDAP and Active Directory to authenticate Node.js
users.”

Related:

Advisory: Recommended steps for the Poodle vulnerability in SMTP Proxy on the Sophos UTM

This article provides the recommended steps for the Poodle vulnerability in SMTP Proxy on the Sophos UTM.

Applies to the following Sophos product(s) and version(s)

Sophos UTM

Advisory: Recommended steps for the Poodle vulnerability in SMTP Proxy on the Sophos UTM

What is the vulnerability?

For details about this vulnerability, see https://nakedsecurity.sophos.com/2014/10/16/poodle-attack-takes-bytes-out-of-your-data-heres-what-to-do/

Recommended steps for SMTP Proxy

Disable SSLv3 for SMTP and turn TLSv1.2 back on:

For versions up to 9.209 and 9.300 until 9.303 of the UTM

  • Navigate to /var/chroot-smtp/etc/
  • Open the exim.conf with vi: vi exim.conf
  • Change(or add if missing) the line openssl_options to: openssl_options = +no_sslv3

    at the end of the section #TLS

  • Note: Make sure that the values for tls_require_ciphers looks as follows before you save your changes:

    RC4+RSA:HIGH:!MD5:!ADH:!SSLv2

  • Save your changes and close the editor: :wq
  • Now restart the smtpd service by executing /var/mdw/scripts/smtp restart

For version 9.210 of the UTM

  • Navigate to /var/chroot-smtp/etc/
  • Open the exim.conf with vi: vi exim.conf
  • Change the values for tls_require_ciphers looks as follows(remove the “:!SSLv3”):

    RC4+RSA:HIGH:!MD5:!ADH:!SSLv2

  • Add the following line: openssl_options = +no_sslv3

    at the end of the section #TLS
  • Save your changes and close the editor: :wq
  • Now restart the smtpd service by executing /var/mdw/scripts/smtp restart

After I have considered the recommended steps my mailserver isn´t able to communicate with the Sophos UTM anymore – What should I do?

Some mailserver do not support TLS 1.2. In this case proceed as follows:

  • Navigate to /var/chroot-smtp/etc/
  • Open the exim.conf with vi: vi exim.conf
  • Change the line openssl_options to: openssl_options = +no_sslv3 +no_tlsv1_2
  • Save your changes and close the editor: :wq
  • Now restart the smtpd service by executing /var/mdw/scripts/smtp restart

Some mailservers only support SSLv3. In this case you would need to reactive the support for SSLv3(vulnerable in this case) as follows:

  • Navigate to /var/chroot-smtp/etc/
  • Open the exim.conf with vi: vi exim.conf
  • Remove the line openssl_options = +no_sslv3
  • Save your changes and close the editor: :wq
  • Now restart the smtpd service by executing /var/mdw/scripts/smtp restart

Related:

Run DNS forensics with QRadar’s big data security extension

With the new big data extension in QRadar, you can process a large
volume of unstructured data as illustrated in this demo. The author performs a
version of DNS forensics he takes a list of all the domains visited
by all employees. He then correlates it with the IBM Security
X-Force IP Reputation Intelligence Feed and registrar information for
each of those domains from whoisxmlapi.com. From this analysis, he produces
three reference sets that are fed into QRadar for creating or modifying
existing rules.

Related:

SSL client authentication: It’s a matter of trust

This article introduces client authentication with SSL (Secure Sockets Layer, a security protocol), discusses its benefits and explains how to set up SSL client authentication on a Domino 4.6 or 4.6.1 server.

Related:

SSL: it’s not just for commerce anymore

SSL (Secure Sockets Layer) was created to add certificate-authenticated encryption to HTTP transmissions. This article discusses what SSL is, how it co-exists with existing Domino and Notes security protocols, and how Domino implements SSL support.

Related: