ePortal can now be hosted on Ubuntu

IT environments are different everywhere you look. No two companies have precisely the same needs or requirements, so it follows that no two companies will agree on -exactly- the same operating system fleet composition. 

Until recently, TuxCare’s ePortal management system for your KernelCare Enterprise systems was only officially supported on RHEL derivatives. There was actually no restriction on the protected systems, but the management solution was only deployable on CentOS, AlmaLinux, and the like – or inside a container, but that wasn’t an apples-to-apples comparison.

Continue reading “ePortal can now be hosted on Ubuntu”

How KernelCare Helps You To Keep Your Containerized Workloads Secure

How KernelCare Helps You To Keep Your Containerized Workloads SecureOS virtualization was a huge step forward for the delivery of large-scale enterprise computing applications. But virtual machines were just the start. Containers take virtualization a step further, delivering unprecedented flexibility as applications become almost seamlessly transportable.

However, containers come with a hidden security risk that derives from the nature of containerization. In this article, we discuss the role of containerization in the enterprise, explain why contains can be an enterprise security risk – and point to effective solutions.

Continue reading “How KernelCare Helps You To Keep Your Containerized Workloads Secure”

KernelCare Patches for SAD DNS Are Here

KernelCare Patches for SAD DNS Are On The WaySad DNS (Side-channel AttackeD DNS) is a vulnerability that was disclosed by academics from the University of California and Tsinghua University, at the ACM Conference on Computer and Communications Security CCS 2020. The vulnerability was assigned to CVE-2020-25705. It affects distributions starting from the 7th v.o. (i.e. RHEL6 is not affected, as its kernel doesn’t include ICMP responses throttling feature yet). KernelCare patches will be released shortly. The newly academic discovery lets a malicious actor poison the cache of a DNS server and thus potentially redirect user traffic to sites or services hosting undesired or dangerous content. 

Continue reading “KernelCare Patches for SAD DNS Are Here”

To Reboot or Not to Reboot? That is the Question for Many Sysadmins

To Reboot or Not to Reboot? That is the Question for Many Sysadmins.A server reboot cycle is a generic name given to the process of rebooting a fleet of servers in an organization. This can be due to several factors, but it is often because patches and updates require a reboot – they either target a critical component of the operating system or some shared library being used by several components or programs. The number of servers that will be rebooted directly impacts the operation’s duration and the associated risk. The more servers that need to be updated, the harder is the planning and execution process.

Continue reading “To Reboot or Not to Reboot? That is the Question for Many Sysadmins”

Live patching vs server reboot cycles: Pros and Cons

Live patching vs server reboot cycles: Pros and ConsEver heard of a pipe-freeze kit? A pipe-freeze kit forms a plug of ice inside a water pipe, allowing a plumber to make repairs without shutting off water. Like water pipes, there are some things that you don’t want to shut down to fix.

Rebooting a system to install security updates and patches isn’t necessary, but it happens every day in the form of server reboot cycling. Conversely, live patching of an enterprise Linux system flash freezes central processing units (CPUs) to install patches automatically, taking nanoseconds to complete.

Continue reading “Live patching vs server reboot cycles: Pros and Cons”

Zombieload 2: The Patches for CVE-2018-12207 are in the Test Feed!

KernelCare Team has released Centos7, Centos7-Plus, RHEL7, OEL 7 patches for CVE-2018-12207 to the test feed. The KernelCare test feed makes it possible to start using new patches earlier.

To install patches from the test feed, run the command:

Continue reading “Zombieload 2: The Patches for CVE-2018-12207 are in the Test Feed!”

Webinar: The Importance of Live Patching for Kernel Vulnerabilities

webinar-cover1

Organizations use cloud services like AWS to be more agile and more profitable. This doesn’t stop them spending millions of dollars on cybersecurity, investing in network defense and end-point protection, hiring consultants, and purchasing threat intelligence reports.

But companies still get hacked, and still suffer data breaches and server compromises, often traceable to out-of-date software, either at the application level, or in the OS itself.

Continue reading “Webinar: The Importance of Live Patching for Kernel Vulnerabilities”