SerNet has released the open source ISMS tool verinice in version 1.16. With this release, the team focuses on data protection and especially the GDPR. The combination of verinice and the Data Protection Module now makes it possible to comfortably document processing activities and to implement contracted data processing in compliance with EU law.
Data protection with verinice
The Data Protection Module supports the documentation of contracted data processing, contracting parties and services in accordance with Article 28 GDPR. Corresponding contracts can be integrated directly. Data protection expert Sirin Torun, who designed the Data Protection module, also draws attention to the ADV controls that she developed herself: "They form a catalogue of measures that supports the verification and documentation of order processing. The ADV controls can also be used for initial or follow-up audits."
For the list of processing activities according to the GDPR, the Data Protection Module provides an example catalogue with samples of procedures including exemplary solutions for typical data protection problems - easily adaptable to the respective company, enterprise and authorities and can be extended as required. Torun emphasizes: "A special feature is that the technical and organizational measures (TOMs) can be selected from the ISO 27001 controls or the German BSI IT Baseline Protection measures and are assigned to the data protection objectives of Article 32 GDPR". This enables users to find their way quickly and work efficiently. The resulting interface between data protection and information security management means a considerable value for users. Especially if the ISMS is documented with verinice, costs can be reduced and the documentation effort can be reduced.
All data from the Data Protection Module can also be aggregated in reports. A total of 12 reports summarize the necessary information on a special area or on an overview topic.
The Data Protection Module is currently only available in German. Also it requires a verinice subscription. SerNet is planning further updates for the data protection module in the near future. The next topics on the roadmap are data protection risk management and risk analysis as well as data protection impact assessment. Users of the current data protection module should have access to these new features.
Modernized IT Baseline Protection
verinice 1.16 also has some innovations to show for the implementation of the new BSI IT Baseline Protection. The Baseline Protection Compendium has been revised, an implementation status for requirements and measures has been added, an identifier marks links clearer and new object types represent the diverse documentation tasks of the modernized IT Baseline Protection. As well as the Data Protection Module, the new IT Baseline Protection is only available in German.
Details about verinice 1.16 can be found in the <link https: verinice.com verinice116 _self external-link-new-window notes verinice>release notes and about the Data Protection Module on the <link https: shop.verinice.com content _blank external-link-new-window>product page in the verinice.SHOP (German only) – interested parties can also participate in one of our <link https: verinice.com internal-link>webinars and get a first impression.
This year marks the 17th iteration of the international user and developer conference Samba eXPerience. The sambaXP 2018 will take place June 5-7 at the Hotel Freizeit In (Dransfelder Straße 3, 37079 Göttingen, Germany). The agenda is online now and filled with lots of different Samba topics, addressing basic usage scenarios as well as very-large-scale Samba. The full program is published at the conference website (https://sambaxp.org). sambaXP 2018 is organized by SerNet and sponsored by Google, Microsoft and RedHat.
sambaXP chairman Jeremy Allison will introduce "Samba and ChromeOS - the Start of a Beautiful Friendship" on Wednesday, June 6th. Kevin Kunkel (Indeed, Inc.) will give "Global Samba4 AD Domain Tips and Tricks" while David Disseldorp (SUSE) will "Release the Kraken: Samba and Ceph". Pieter Hollants (IT-Systemmanagement Pieter Hollants) deals with "Service Layering - Integrating Samba with existing DNS infrastructure" while Andreas Schneider (Red Hat) turns to "Unit testing and mocking in Samba development". Kai Blin will follow up on his 2017 "Samba, Quo vadis?" talk with "Let's Rust in Samba" and Amitay Isaacs (IBM Australia) will talk about "CTDB database vacuuming for geniuses!"
Stefan Metzmacher (SerNet) will kick off the second conference day with a "Trusts Status Update". Further talks on Thursday deal with e.g. "Patterns and anti-patterns in Samba development" (Andrew Bartlett, Catalyst IT) and "smbcmp: a handy network capture diff tool for SMB traffic" (Aurélien Aptel, SUSE). Alexander Bokovoy (Red Hat) asks how to improve Samba user experience with "Goodbye SWAT, welcome Cockpit?" and Martin Schwenke (IBM Australia) delves into "CTDB, you have changed!" Edgar Olougouna (Microsoft) will reflect on "Microsoft Windows Protocols – Active Support" and the decade-long cooperation between Microsoft and Samba. Finally Tom Talpey (Microsoft) will have a look into the state of the SMB3 protocol and ongoing development, in Windows products and related services, especially as they relate to Samba.
Conference tickets are still available at https://sambaxp.org and priced at 499 Euro.
Stefan Kania will give his traditional tutorial on Tuesday, June 5th. This year’s topic is "Securing a Samba-Fileserver inside an Active Directory“. The participation fee is 450 Euro. Free spots for the tutorial are in high demand – be sure to secure your ticket soon.
The 17th <link https: sambaxp.org _blank external-link-new-window international user and developer>sambaXP is around the corner: June 5-7, 2018 marks the date of the go-to conference for Samba developers and users. There is still a chance to participate in the Call for Papers and to shape the program. Hosts of the 17th samba eXPerience are SerNet and the <link https: samba.org _blank external-link-new-window>international Samba team, chairman is Jeremy Allison – one of the founding members of the Samba team. The event will take place at Hotel Freizeit In in Göttingen (Germany).
The "Call for Papers" section at <link https: sambaxp.org _blank external-link-new-window international user and developer>sambaxp.org holds all information about conference topics and further details. Abstracts can be submitted until February 28, 2018. The program committee would love to see technical lectures as well as user reports. Members of the committee are
- Jens-Peter Akelbein, University of Darmstadt
- Jeremy Allison, Google
- Stefan Kania, author
- Sven Oehme, IBM
- Thomas Pfenning, Microsoft
- Karolin Seeger, SerNet
The conference language is English. Submissions in German or another language are welcome, too.
"Early Bird" tickets are also available until February 28 and are priced at 399 Euros for the two conference days. The regular ticket price is 499 Euros. A tutorial is also available for Tuesday, June 5th: Samba trainer and author Stefan Kania is offering "Securing a Samba Fileserver inside Active Directory" this year. The participation fee is 450 Euros.
<link https: ftp.fau.de fosdem ud2.119 samba_authentication_authorization.mp4 _blank external-link-new-window video: talk authentication and> "Samba authentication and authorization – Introduction to Active Directory Auth protocols and winbind as an AD member" was Volker Lendeckes contribution to <link https: fosdem.org _blank external-link-new-window>FOSDEM 2018 (3 & 4 February 2018) in Brussels. Watch the <link https: fosdem.org schedule event samba_authentication_authorization _blank external-link-new-window volker lendecke fosdem>video recording of the talk or get the slides. In addition, online magazine LWN.net posted a <link https: lwn.net subscriberlink dcffef1611e424b4 _blank external-link-new-window authentication and authorization in samba>review of the talk.
Main goal was an overview about AD and Samba authentication, in particular communication pathways and trust relationships. Also Lendecke gave an introduction into winbind, the main component of Samba responsible for AD integration.
Volker Lendecke is co-founder of SerNet GmbH and member of the international <link https: samba.org _blank external-link-new-window>Samba team.
The verinice.TEAM has released the ISMS tool <link https: verinice.com en _blank external-link-new-window the open source>verinice in version 1.15. Main changes are the integration of the Modernized IT Baseline Protection issued by the German BSI (Federal Office for Information Security) and support of the EU GDPR. Publisher SerNet provides verinice and verinice.PRO for download in the verinice.SHOP or in the customer repository. The release also includes enhancements in various areas such as search and indexing, report query, and the web frontend.
EU GDPR and Data Privacy Module
verinice 1.15 and the enhanced Data Privacy Module enable working with the EU GDPR. The extended Module will be available for download in the verinice.SHOP or in the update repository soon: In addition to the mapping of the dircetory of processings, it also supports the required documentation for contract data processing. Until the deadline in May, additional extensions for the Modul are planned. They include risk management for data privacy and the data privacy impact assessment.
Implement Modernized IT Baseline Protection
verinice 1.15 is the first version that implements the Modernized IT Baseline Protection according to the new BSI standards 200-1, 200-2 and 200-3.
More updates for verinice are on the horizon this year. These are intended to integrate the still missing content from the BSI. verinice Product Owner Michael Flürenbrock: "Users should be able to work with the latest version of the new Baseline Protection in verinice in a timely manner." In particular, risk management and the migration from the previous IT Baseline Protection Catalog to the IT Baseline Protection Compendium are among the expected BSI updates.
verinice users will receive the new versions as part of their ongoing subscriptions.
KIX connection in cooperation with c.a.p.e. IT
In verinice 1.15 the REST interface was expanded. The verinice.TEAM is working closely with Chemnitz (Germany) based <link https: www.cape-it.de en _blank external-link-new-window>c.a.p.e IT, manufacturer of the OTRS-based ticket system KIX. Thus, after Greenbone / OpenVAS now another IT service management (ITSM) tool is directly linked to verinice.
verinice.XP - the conference - in March - in Berlin
The verinice.XP from 21 to 23 March 2018 evolves around verinice. All users of the ISMS tool are invited to Berlin In addition to lectures on innovations such as the Modernized IT Baseline Protection and data privacy in verinice, participants can also expect reports from daily practice, e.g. for use at Berlin Brandenburg Airport, Europ Assistance or for industries such as finance and insurance, water companies and hosters. Tickets and more information at <link https: www.verinicexp.org external-link-new-window>verinicexp.org.