diff --git a/security-guide/source/locale/de/LC_MESSAGES/security-guide.po b/security-guide/source/locale/de/LC_MESSAGES/security-guide.po index 48732afa..895d94ed 100644 --- a/security-guide/source/locale/de/LC_MESSAGES/security-guide.po +++ b/security-guide/source/locale/de/LC_MESSAGES/security-guide.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: Security Guide\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-01-22 18:38+0000\n" +"POT-Creation-Date: 2025-09-12 18:32+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -332,40 +332,6 @@ msgstr "" "in ``/etc/nova/nova.conf`` auf einen Wert gesetzt ist, der nicht mit\n" "``https:// ``beginnt." -msgid "" -"**Fail:** If value of parameter ``auth_protocol`` under " -"``[keystone_authtoken]`` section in ``barbican.conf`` is set to ``http``, or " -"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` " -"section in ``barbican.conf`` is not set to Identity API endpoint starting " -"with ``https://`` or value of parameter ``insecure`` under the same " -"``[keystone_authtoken]`` section in the same ``barbican.conf`` is set to " -"``True``." -msgstr "" -"** Fail: ** Wenn der Wert des Parameters ``auth_protocol ``unter " -"``[keystone_authtoken]`` in ``barbican.conf`` auf ``http`` gesetzt ist oder " -"wenn der Wert des Parameters ``identity_uri``unter " -"``[keystone_authtoken]``Abschnitt in ``barbican.conf`` ist nicht auf den " -"Identity API Endpunkt gesetzt, der mit ``https: //`` beginnt oder Wert des " -"Parameters ``insecure`` unter demselben ``[ keystone_authtoken] `` Abschnitt " -"im selben `` barbican.conf`` ist auf ``True`` gesetzt." - -msgid "" -"**Fail:** If value of parameter ``auth_protocol`` under " -"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``http``, or " -"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` " -"section in ``manila.conf`` is not set to Identity API endpoint starting with " -"``https://`` or value of parameter ``insecure`` under the same " -"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to " -"``True``." -msgstr "" -"**Fail:** Wenn der Wert des Parameters ``auth_protocol``unter ``\n" -"[keystone_authtoken]``Abschnitt in ``manila.conf`` auf ``http``gesetzt\n" -"ist oder wenn Wert des Parameters ``identity_uri`` unter `\n" -"`[keystone_authtoken]``Abschnitt in ``manila.conf`` nicht auf Identity\n" -"API Endpunkt ``https://`` oder Wert des Parameters ``insecure``\n" -" unter dem gleichen ``[ keystone_authtoken]``Abschnitt in der gleichen ``\n" -"manila.conf`` auf ``True``gesetzt ist." - msgid "" "**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` " "section in ``/etc/glance/glance-api.conf`` is set to ``noauth`` or value of " @@ -791,40 +757,6 @@ msgstr "" "`/ etc/nova/nova.conf`` auf einen Wert gesetzt ist, der mit` `https:\n" "//`` beginnt." -msgid "" -"**Pass:** If value of parameter ``auth_protocol`` under " -"``[keystone_authtoken]`` section in ``barbican.conf`` is set to ``https``, " -"or if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` " -"section in ``barbican.conf`` is set to Identity API endpoint starting with " -"``https://`` and value of parameter ``insecure`` under the same " -"``[keystone_authtoken]`` section in the same ``barbican.conf`` is set to " -"``False``." -msgstr "" -"** Pass: ** Wenn der Wert des Parameters ``auth_protocol`` unter " -"``[keystone_authtoken] `` in ``barbican.conf`` auf ``https`` gesetzt ist " -"oder wenn der Wert des Parameters ``identity_uri``unter " -"``[keystone_authtoken]``Abschnitt in ``barbican.conf`` wird auf Identity API " -"Endpunkt gesetzt, beginnend mit ``https: //``und Wert des " -"Parameters``insecure`` unter demselben ``[keystone_authtoken ] `` Abschnitt " -"in derselben ``barbican.conf`` ist auf ``False`` gesetzt." - -msgid "" -"**Pass:** If value of parameter ``auth_protocol`` under " -"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``https``, or " -"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` " -"section in ``manila.conf`` is set to Identity API endpoint starting with " -"``https://`` and value of parameter ``insecure`` under the same " -"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to " -"``False``." -msgstr "" -"**Pass:** Wenn der Wert des Parameters ``auth_protocol``unter ``\n" -"[keystone_authtoken]`` Abschnitt in ``manila.conf`` auf ``https`` gesetzt\n" -" ist oder wenn Wert des Parameters ``identity_uri`` unter `\n" -"`[keystone_authtoken]``Abschnitt in ``manila.conf`` auf Identity API\n" -"Endpunkt mit ``https://`` und Wert des Parameters ``insecure``\n" -"unter dem gleichen ``[keystone_authtoken]``Abschnitt in der gleichen ``\n" -"manila.conf`` auf ``False`` gesetzt ist." - msgid "" "**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` " "section in ``/etc/cinder/cinder.conf`` is set to ``keystone``." @@ -952,11 +884,11 @@ msgstr "" "existierende Datenträger wird die Option auf ``False`` setzen, und die " "derzeit unsichere Methode auf Behandlung der Dateirechte benutzen. Wenn der " "Wert des Parameter ``nas_secure_file_operations`` im ``[DEFAULT]`` Abschnitt " -"in ``/etc/cinder/cinder.conf`` ist auf ``auto`` gesetzt. Wenn es auf \"auto" -"\" gesetzt ist, wird ein Check beim Start von Cinder, ob kein Datenträger " -"mit der Option ``True`` existiert, sicher ist und NICHT unter ``root`` " -"Benutzer läuft. Die Untersuchung auf existierende Datenträger wird die " -"Option auf ``False`` setzen, und die derzeit unsichere Methode von " +"in ``/etc/cinder/cinder.conf`` ist auf ``auto`` gesetzt. Wenn es auf " +"\"auto\" gesetzt ist, wird ein Check beim Start von Cinder, ob kein " +"Datenträger mit der Option ``True`` existiert, sicher ist und NICHT unter " +"``root`` Benutzer läuft. Die Untersuchung auf existierende Datenträger wird " +"die Option auf ``False`` setzen, und die derzeit unsichere Methode von " "laufenden Betrieb als ``root`` Benutzer benutzen. Für neue Installationen, " "wurde eine \"Marker Datei\" geschrieben, sodass is written so dass " "nachfolgende Neustarts von Cinder wissen, was die ursprüngliche Bestimmung " @@ -1406,26 +1338,6 @@ msgstr "" "Instanzen geht über Hardware-Monitoring und Log-Dateien, die nur CRUD-" "Ereignisse enthalten können." -msgid "" -"A common reason to perform a security review on an OpenStack project is to " -"enable that project to achieve the *vulnerability:managed* governance tag. " -"The OpenStack Vulnerability Management Team (VMT) applies the `vulnerability:" -"managed tag `_ to projects where the report reception and " -"disclosure of vulnerabilities is managed by the VMT. One of the requirements " -"for gaining the tag is that some form of security review, audit or threat " -"analysis has been performed on the project." -msgstr "" -"Ein gemeinsamer Grund für die Durchführung einer Sicherheitsüberprüfung an " -"einem OpenStack-Projekt ist es, dieses Projekt zu ermöglichen, um die " -"*vulnerability:managed* governance tag zu erreichen. Das OpenStack " -"Vulnerability Management Team (VMT) wendet das `vulnerability:managed tag` " -"an `_ zu Projekten, bei denen der Bericht zu Empfang und die Offenlegung " -"von Schwachstellen von der VMT verwaltet wird. Eine der Voraussetzungen für " -"die Gewinnung des Tags ist, dass irgendeine Form von Sicherheitsüberprüfung, " -"Audit- oder Bedrohungsanalyse auf dem Projekt durchgeführt wurde." - msgid "" "A complete tutorial on secure boot deployment is beyond the scope of this " "book. Instead, here we provide a framework for how to integrate secure boot " @@ -2722,9 +2634,6 @@ msgstr "" "Zum Beispiel Xen Server XSM oder Xen Security Modules, sVirt, Intel TXT oder " "AppArmor." -msgid "Ansible" -msgstr "Ansible" - msgid "" "Any changes to ``/etc/manila/policy.json`` are effective immediately, which " "allows new policies to be implemented while the Shared File Systems service " @@ -4030,9 +3939,6 @@ msgstr "" msgid "Checklist" msgstr "Checkliste" -msgid "Chef" -msgstr "Chef" - msgid "" "Cinder supports an NFS driver which works differently than a traditional " "block storage driver. The NFS driver does not actually allow an instance to " @@ -4069,11 +3975,11 @@ msgstr "" "Strings genauer an." msgid "" -"Cipher suites using the `RSA `_ exchange, authentication or either respectively." +"Cipher suites using the `RSA `_ exchange, authentication or either respectively." msgstr "" -"Cipher Suiten mit dem `RSA ``Austausch, Authentifizierung oder entweder." +"Cipher Suiten mit dem `RSA ``Austausch, Authentifizierung oder entweder." msgid "" "Client authentication with TLS requires certificates be issued to services. " @@ -7486,20 +7392,6 @@ msgstr "" "verwaltet werden müssen: diejenigen, die ein Keystone-Token für den Zugriff " "erfordern, und solche, die dies nicht tun." -msgid "" -"In cases where a security review has already been performed by a third " -"party, or where a project prefers to use a third party to perform their " -"review, information on how to take the output of that third party review and " -"submit it to the OSSP for validation will be available in the upcoming third " -"party security review process." -msgstr "" -"In Fällen, in denen eine Sicherheitsüberprüfung bereits von einem Dritten " -"durchgeführt wurde oder wenn ein Projekt es vorzieht, einen Dritten zur " -"Durchführung seiner Überprüfung zu verwenden, Informationen darüber, wie die " -"Ausgabe dieser Drittpartei überprüft werden kann, und übermittelt sie dem " -"OSSP zur Validierung wird in der bevorstehenden Drittanbieter-" -"Sicherheitsprüfung zur Verfügung stehen." - msgid "" "In cases where software termination offers insufficient performance, " "hardware accelerators may be worth exploring as an alternative option. It is " @@ -8291,22 +8183,6 @@ msgstr "" "authentication-and-access-control` für alle Komponenten, die eine RPC-" "Kommunikation erfordern." -msgid "" -"It is recommended to avoid the manual image building process as it is " -"complex and prone to error. Additionally, using an automated system like Oz " -"for image building or a configuration management utility like Chef or Puppet " -"for post-boot image hardening gives you the ability to produce a consistent " -"image as well as track compliance of your base image to its respective " -"hardening guidelines over time." -msgstr "" -"Es wird empfohlen, den manuellen Abbildaufbau zu vermeiden, da er komplex " -"und fehleranfällig ist. Darüber hinaus bietet Ihnen die Verwendung eines " -"automatisierten Systems wie Oz für das Image-Building oder ein " -"Konfigurationsmanagement-Dienstprogramm wie Chef oder Puppet für die Post-" -"Boot-Image-Härtung die Möglichkeit, über die Zeit ein konsistentes Abbild zu " -"erstellen und die Übereinstimmung Ihres Basisbildes mit den jeweiligen " -"Härtungsrichtlinien zu verfolgen." - msgid "" "It should be noted that with this type of implementation sensitive access " "tokens will be stored in the browser and will be transmitted with each " @@ -10196,20 +10072,6 @@ msgstr "" "Konsolenzugriff auf Instanzen für Tenants und Administratoren erfolgt, die " "das VNC-Protokoll (Virtual Network Computer) verwenden." -msgid "" -"OpenStack components communicate with each other using various protocols and " -"communication might involve sensitive or confidential data. An attacker may " -"try to eavesdrop on the channel in order to get access to sensitive " -"information. Therefore all components must communicate with each other using " -"a secured communication protocol." -msgstr "" -"OpenStack-Komponenten kommunizieren miteinander unter Verwendung " -"verschiedener Protokolle, und die Kommunikation kann sensitive oder " -"vertrauliche Daten beinhalten. Ein Angreifer kann versuchen, den Kanal zu " -"belauschen, um Zugriff auf vertrauliche Informationen zu erhalten. Daher " -"müssen alle Komponenten miteinander über ein gesichertes " -"Kommunikationsprotokoll kommunizieren." - msgid "" "OpenStack components communicate with each other using various protocols and " "the communication might involve sensitive / confidential data. An attacker " @@ -11542,16 +11404,6 @@ msgstr "Beschränkung der Bindungsadresse für MySQL" msgid "Restricting listen address for PostgreSQL" msgstr "Die Listener-Adresse für PostgreSQL einschränken" -msgid "Review by OpenStack Security Project" -msgstr "Überprüfung durch OpenStack Security Project" - -msgid "" -"Review by a third party review body, with validation from the OpenStack " -"Security Project" -msgstr "" -"Überprüfung durch eine Drittanbieter-Überprüfung, mit Validierung aus dem " -"OpenStack Security Project" - msgid "Review common security principles." msgstr "Überprüfen Sie die gemeinsamen Sicherheitsgrundsätze." @@ -11627,12 +11479,12 @@ msgstr "Runtime Verifizierung" msgid "" "SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking " -"servers that are turned off `__" +"servers that are turned off `__" msgstr "" "SANS Technology Institute, InfoSec Handler Tagebuch Blog. 2012. `Hacking " -"Server, die ausgeschaltet sind `__" +"Server, die ausgeschaltet sind `__" msgid "" "SDN services node: Management, guest and possibly public depending upon " @@ -11722,9 +11574,6 @@ msgstr "" "werden. Um diese Funktion zu aktivieren, muss zunächst ein OpenStack Key " "Manager-Dienst im Stack bereitgestellt werden." -msgid "Salt Stack" -msgstr "Salt Stack" - msgid "" "Sanitize portable, removable storage devices prior to connecting such " "devices to the cloud infrastructure." @@ -11763,15 +11612,6 @@ msgstr "Sichere Speicher-Backends" msgid "Secret store plugins" msgstr "Secret store plugins" -msgid "" -"Secret store plugins interface with secure storage systems to store the " -"secrets within those systems. There are two types of secret store plugins: " -"the KMIP plugin and the Dogtag plugin." -msgstr "" -"Secret Store-Plugins verbinden sich mit sicheren Speichersystemen, um die " -"Geheimnisse innerhalb dieser Systeme zu speichern. Es gibt zwei Arten von " -"Secret Store Plugins: das KMIP Plugin und das Dogtag Plugin." - msgid "Secrets Management" msgstr "Geheimnisverwaltung" @@ -11970,20 +11810,6 @@ msgstr "Sicherheitsreferenzen für Datenbank-Backends" msgid "Security review" msgstr "Sicherheitsüberprüfung" -msgid "" -"Security review by the OSSP is expected to be the normal route for new " -"projects and for cases where third parties have not performed security " -"reviews or are unable to share their results. Information for projects that " -"require a security review by the OSSP will be available in the upcoming " -"security review process." -msgstr "" -"Die Sicherheitsüberprüfung durch die OSSP wird voraussichtlich die normale " -"Route für neue Projekte und für Fälle, in denen Dritte keine " -"Sicherheitsüberprüfungen durchgeführt haben oder nicht in der Lage sind, " -"ihre Ergebnisse zu teilen. Informationen für Projekte, die eine " -"Sicherheitsüberprüfung durch die OSSP erfordern, werden im bevorstehenden " -"Sicherheitsüberprüfungsprozess zur Verfügung stehen." - msgid "Security reviews" msgstr "Sicherheitsauswertungen" @@ -12998,21 +12824,6 @@ msgstr "" "und Mängel in der Gestaltung und Architektur von Diensten zu identifizieren " "und Kontrollen oder Korrekturen vorzuschlagen, um diese Probleme zu lösen." -msgid "" -"The Barbican threat analysis identified eight security findings and two " -"recommendations to improve the security of a barbican deployment. These " -"results can be reviewed in the `security analysis repo `_., along with the Barbican architecture diagram and architecture " -"description page." -msgstr "" -"Die Barbican Threat-Analyse identifzierte acht Sicherheitslücken und zwei " -"Empfehlungen zur Verbesserung der Sicherheit von Barbican Bereitstellungen. " -"Diese Ergebnisse können nachgelesen werden im `security analysis repo " -"`_., zusammen mit dem Barbican Architekturdiagramm " -"und Seite der Architekturbeschreibung." - msgid "" "The CSA CCM is specifically designed to provide fundamental security " "principles to guide cloud vendors and to assist prospective cloud customers " @@ -13352,9 +13163,9 @@ msgid "" "The Health Insurance Portability and Accountability Act (HIPAA) is a United " "States congressional act that governs the collection, storage, use and " "destruction of patient health records. The act states that Protected Health " -"Information (PHI) must be rendered \"unusable, unreadable, or indecipherable" -"\" to unauthorized persons and that encryption for data 'at-rest' and " -"'inflight' should be addressed." +"Information (PHI) must be rendered \"unusable, unreadable, or " +"indecipherable\" to unauthorized persons and that encryption for data 'at-" +"rest' and 'inflight' should be addressed." msgstr "" "Der Health Insurance Portability and Accountability Act (HIPAA) ist ein " "Kongressgesetz der Vereinigten Staaten, das die Erhebung, Speicherung, " @@ -13527,8 +13338,8 @@ msgstr "" "formalen Zertifizierung angesprochen. Dies beinhaltet in der Regel die " "Implementierung einer segregierten Cloud-Umgebung nach Praktiken auf der " "Grundlage des NIST 800-53 Framework, wie pro FISMA Anforderungen, ergänzt " -"mit zusätzlichen Kontrollen, Beschränkung des Zugang nur durch \"US-Personen" -"\" und Background-Screening." +"mit zusätzlichen Kontrollen, Beschränkung des Zugang nur durch \"US-" +"Personen\" und Background-Screening." msgid "" "The KVM hypervisor has been Common Criteria certified through the U.S. " @@ -13872,44 +13683,6 @@ msgstr "" "Sicherheitskontrollen aufgrund von Komplexität oder anderen umweltbezogenen " "Details nicht möglich sind." -msgid "" -"The OpenStack Security Project (OSSP) has worked with the VMT to agree that " -"an architectural review of the best practice deployment for a project is an " -"appropriate form of security review, balancing the need for review with the " -"resource requirements for a project of the scale of OpenStack. Security " -"architecture review is also often referred to as *threat analysis*, " -"*security analysis* or *threat modeling*. In the context of OpenStack " -"security review, these terms are synonymous for an architectural security " -"review which may identify defects in the design of a project or reference " -"architecture, and may lead to further investigative work to verify parts of " -"the implementation." -msgstr "" -"Das OpenStack Security Project (OSSP) hat mit der VMT zusammengearbeitet, um " -"zuzustimmen, dass eine architektonische Überprüfung der Best Practice-" -"Implementierung für ein Projekt eine angemessene Form der " -"Sicherheitsüberprüfung ist, die die Notwendigkeit einer Überprüfung mit den " -"Ressourcenanforderungen für ein Projekt der Skala ausgleicht OpenStack " -"Security Architecture Review wird auch oft als *Bedrohungsanalyse*, " -"*Sicherheitsanalyse* oder *Bedrohungsmodellierung* bezeichnet. Im Rahmen der " -"OpenStack-Sicherheitsüberprüfung sind diese Begriffe gleichbedeutend mit " -"einer architektonischen Sicherheitsüberprüfung, die Fehler bei der " -"Gestaltung einer Projekt- oder Referenzarchitektur erkennen kann und zu " -"weiteren Untersuchungsarbeiten führen kann, um Teile der Implementierung zu " -"überprüfen." - -msgid "" -"The OpenStack Security team is based on voluntary contributions from the " -"OpenStack community. You can contact the security community directly in the " -"#openstack-security channel on Freenode IRC, or by sending mail to the " -"openstack-discuss mailing list with the [security] prefix in the subject " -"header." -msgstr "" -"Das OpenStack Security Team basiert auf freiwilligen Beiträgen der OpenStack " -"Community. Sie können die Sicherheits-Community direkt im #openstack-" -"security-Kanal auf Freenode IRC kontaktieren oder per E-Mail an die " -"openstack-discuss Mailingliste mit dem [security] Präfix im Betreffkopf " -"senden." - msgid "" "The OpenStack components are only a small fraction of the software in a " "cloud. It is important to keep up to date with all of these other " @@ -13957,25 +13730,6 @@ msgstr "" "folgt, sollte sorgfältig ausgewertet werden, bevor die Beschränkungen\n" "entspannt werden." -msgid "" -"The PKCS#11 crypto plugin can be used to interface with a Hardware Security " -"Module (HSM) using the PKCS#11 protocol. Secrets are encrypted (and " -"decrypted on retrieval) by a project specific Key Encryption Key (KEK) which " -"resides in the HSM. Since a different KEK is used for each project, and " -"since the KEKs are stored inside an HSM (instead of in plaintext in the " -"configuration file) the PKCS#11 plugin is much more secure than the simple " -"crypto plugin. It is the most popular back end amongst Barbican deployments." -msgstr "" -"Das PKCS#11-Crypto-Plugin kann zur Verbindung mit einem Hardware-" -"Sicherheitsmodul (HSM) unter Verwendung des PKCS#11-Protokolls verwendet " -"werden. Secrets werden durch einen projektspezifischen Key Encryption Key " -"(KEK), der sich im HSM befindet, verschlüsselt (und beim Entschlüsseln " -"entschlüsselt). Da für jedes Projekt ein anderes KEK verwendet wird und die " -"KEKs innerhalb eines HSM (statt in Klartext in der Konfigurationsdatei) " -"gespeichert werden, ist das Plugin PKCS #11 wesentlich sicherer als das " -"einfache Krypto-Plugin. Es ist das beliebteste Back-End unter den Barbican-" -"Einsätzen." - msgid "" "The Payment Card Industry Data Security Standard (PCI DSS) is defined by the " "Payment Card Industry Standards Council, and created to increase controls " @@ -15046,25 +14800,6 @@ msgstr "" "die Ihre OpenStack-Implementierung umfassen, die täglichen Aktionen von " "Administratoren, Tenants und Gästen." -msgid "" -"The goal of security review in the OpenStack community is to identify " -"weaknesses in design or implementation of OpenStack projects. While rare, " -"these weaknesses could potentially have catastrophic effects on the security " -"of an OpenStack deployment, and therefore work should be undertaken to " -"minimize the likelihood of these defects in released projects. The OpenStack " -"Security Project asserts that once a security review of a project has been " -"completed, the following are known and documented:" -msgstr "" -"Das Ziel der Sicherheitsüberprüfung in der OpenStack-Community ist es, " -"Schwachstellen bei der Gestaltung oder Implementierung von OpenStack-" -"Projekten zu identifizieren. Zwar könnten diese Schwächen potenziell " -"katastrophale Auswirkungen auf die Sicherheit eines OpenStack-Einsatzes " -"haben und deshalb sollte die Arbeit unternommen werden, um die " -"Wahrscheinlichkeit dieser Mängel bei freigegebenen Projekten zu minimieren. " -"Das OpenStack Security Project behauptet, dass nach dem Abschluss einer " -"Sicherheitsüberprüfung eines Projektes folgendes bekannt und dokumentiert " -"ist:" - msgid "" "The importance of encrypting data on behalf of tenants is largely related to " "the risk assumed by a provider that an attacker could access tenant data. " @@ -15816,18 +15551,6 @@ msgstr "" "Cloud-Architekten oder Betreiber vielleicht den Rat von Branchenführern und " "Anbietern zusätzlich zu den hier empfohlenen Anleitungen suchen möchten." -msgid "" -"There are many configuration management solutions; at the time of this " -"writing there are two in the marketplace that are robust in their support of " -"OpenStack environments: :term:`Chef` and :term:`Puppet`. A non-exhaustive " -"listing of tools in this space is provided below:" -msgstr "" -"Es gibt viele Konfigurationsmanagementlösungen. Zum Zeitpunkt dieses " -"Schreibens gibt es zwei auf dem Markt, die in ihrer Unterstützung von " -"OpenStack-Umgebungen robust sind: :term:`Chef` und :term:`Puppet`. Eine " -"nicht erschöpfende Auflistung der Werkzeuge in diesem Raum ist unten " -"angegeben:" - msgid "" "There are no general provisions for granular control of database operations " "in OpenStack. Access and privileges are granted simply based on whether a " @@ -15877,13 +15600,14 @@ msgstr "" "Es gibt verschiedene Wegen ein Blockdevice zu löschen (wipe). Der " "traditionelle Weg ist ``lvm_type`` auf ``thin`` zu setzen und dann den " "``volume_clear`` Parameter mit dem LVM backend zu verwenden. Alternativ, " -"wenn die Datenträgerverschlüsselungsfunktion verwendet wird ist kein \"wipe" -"\" zum löschen notwendig, wenn der zur Datenträgerverschlüsselung verwendete " -"Schlüssel gelöscht wird. Weitere Hinweise finden Sie in der OpenStack " -"Konfigurationsreferenz unter `Volume Encryption `__ bei den " -"Setup Details sowie im `Castellan usage `__ Dokument zum löschen von Schlüsseln." +"wenn die Datenträgerverschlüsselungsfunktion verwendet wird ist kein " +"\"wipe\" zum löschen notwendig, wenn der zur Datenträgerverschlüsselung " +"verwendete Schlüssel gelöscht wird. Weitere Hinweise finden Sie in der " +"OpenStack Konfigurationsreferenz unter `Volume Encryption `__ bei den Setup Details sowie im `Castellan usage `__ Dokument zum löschen von " +"Schlüsseln." msgid "" "There are situations where there is a security requirement to assure the " @@ -15904,13 +15628,6 @@ msgstr "" "Es gibt einige wichtige Abschnitte zur Architekturseite, die im Folgenden " "näher erläutert werden:" -msgid "" -"There are two routes that an OpenStack project may take to complete a " -"security review:" -msgstr "" -"Es gibt zwei Routen, die ein OpenStack-Projekt ergreifen kann, um eine " -"Sicherheitsüberprüfung abzuschließen:" - msgid "There are two types of SOC 1 reports:" msgstr "Es gibt zwei Arten von SOC 1 reports:" @@ -17646,29 +17363,6 @@ msgstr "" "Ihnen, Ihre OpenStack SSL/TLS-Anforderungen zu bewerten und einer der hier " "besprochenen Architekturen zu folgen." -msgid "" -"We recommend using a separate, isolated network within the management " -"security domain for provisioning. This network will handle all PXE traffic, " -"along with the subsequent boot stage downloads depicted above. Note that the " -"node boot process begins with two insecure operations: DHCP and TFTP. Then " -"the boot process uses TLS to download the remaining information required to " -"deploy the node. This may be an operating system installer, a basic install " -"managed by `Chef `__ or `Puppet `__, or even a complete file system image that is written " -"directly to disk." -msgstr "" -"Wir empfehlen, ein separates, isoliertes Netzwerk innerhalb der " -"Verwaltungssicherheitsdomäne für die Bereitstellung zu verwenden. Dieses " -"Netzwerk verarbeitet alle PXE-Traffic, zusammen mit den nachfolgenden " -"Bootstudien-Downloads, die oben dargestellt sind. Beachten Sie, dass der " -"Knoten-Bootvorgang mit zwei unsicheren Operationen beginnt: DHCP und TFTP. " -"Dann verwendet der Boot-Prozess TLS, um die restlichen Informationen " -"herunterzuladen, die für die Bereitstellung des Knotens erforderlich sind. " -"Dies kann ein Betriebssystem-Installationsprogramm sein, eine grundlegende " -"Installation, die von `Chef verwaltet wird `__ " -"oder` Puppet `__, oder sogar ein komplettes " -"Dateisystembild, das direkt auf die Festplatte geschrieben wird." - msgid "" "We recommend you disable filters that parse things that are provided by " "users or are able to be manipulated such as metadata." @@ -18899,11 +18593,6 @@ msgstr "`Oozie `_" msgid "`OpenSCAP `_" msgstr "`OpenSCAP `_" -msgid "" -"`OpenSSL and FIPS 140-2 `_" -msgstr "" -"`OpenSSL und FIPS 140-2 `_" - msgid "`Pig `_" msgstr "`Pig `_" @@ -19000,12 +18689,12 @@ msgstr "`Tripwire `__" msgid "" "`Trusted Security Principles `_" +"informationtechnology/resources/soc/trustservices/pages/" +"trust%20services%20principles—an%20overview.aspx>`_" msgstr "" "`Trusted Security Principles `_" +"informationtechnology/resources/soc/trustservices/pages/" +"trust%20services%20principles—an%20overview.aspx> `_" msgid "" "`U.S. NIST FIPS PUB 180-3 `_ to projects where the report reception and " -"disclosure of vulnerabilities is managed by the VMT. One of the requirements " -"for gaining the tag is that some form of security review, audit or threat " -"analysis has been performed on the project." -msgstr "" -"Alasan umum untuk melakukan tinjauan keamanan pada proyek OpenStack adalah " -"untuk memungkinkan proyek tersebut mencapai tag pengelolaan *vulnerability:" -"managed* . OpenStack Vulnerability Management Team (VMT) menerapkan " -"`vulnerability:managed tag `_ untuk proyek di mana laporan penerimaan dan " -"pengungkapan kerentanan dikelola oleh VMT. Salah satu persyaratan untuk " -"mendapatkan tag adalah beberapa bentuk tinjauan keamanan, audit atau " -"analisis ancaman telah dilakukan pada proyek." - msgid "" "A complete tutorial on secure boot deployment is beyond the scope of this " "book. Instead, here we provide a framework for how to integrate secure boot " @@ -2728,9 +2641,6 @@ msgstr "" "tersedianya fitur keamanan tertentu. Secara khusus, fitur. Misalnya, Xen " "Server XSM atau Xen Security Modules, sVirt, Intel TXT, atau AppArmor." -msgid "Ansible" -msgstr "Ansible" - msgid "" "Any changes to ``/etc/manila/policy.json`` are effective immediately, which " "allows new policies to be implemented while the Shared File Systems service " @@ -3440,8 +3350,8 @@ msgstr "" "Berikut adalah contoh pembagian NFS dengan driver Generik. Setelah share itu " "dibuat, ia memiliki lokasi ekspor ``10.254.0.3:/shares/share-b2874f8d-" "d428-4a5c-b056-e6af80a995de``. Jika Anda mencoba me-mountnya di host dengan " -"alamat IP ``10.254.0.4``, Anda akan mendapatkan pesan *\"Permission denied" -"\"*." +"alamat IP ``10.254.0.4``, Anda akan mendapatkan pesan *\"Permission " +"denied\"*." msgid "" "Below we provide sample recommended configuration settings for enabling TLS " @@ -4003,9 +3913,6 @@ msgstr "" msgid "Checklist" msgstr "Daftar periksa" -msgid "Chef" -msgstr "Chef" - msgid "" "Cinder supports an NFS driver which works differently than a traditional " "block storage driver. The NFS driver does not actually allow an instance to " @@ -4040,11 +3947,11 @@ msgstr "" "unsur-unsur dalam contoh string di atas." msgid "" -"Cipher suites using the `RSA `_ exchange, authentication or either respectively." +"Cipher suites using the `RSA `_ exchange, authentication or either respectively." msgstr "" -"Cipher suite menggunakan `RSA `_ pertukaran, otentikasi atau masing-masing." +"Cipher suite menggunakan `RSA `_ pertukaran, otentikasi atau masing-masing." msgid "" "Client authentication with TLS requires certificates be issued to services. " @@ -7534,19 +7441,6 @@ msgstr "" "Dalam konteks Openstack, ada dua jenis rahasia yang perlu dikelola - yang " "memerlukan token keystone untuk akses, dan yang tidak." -msgid "" -"In cases where a security review has already been performed by a third " -"party, or where a project prefers to use a third party to perform their " -"review, information on how to take the output of that third party review and " -"submit it to the OSSP for validation will be available in the upcoming third " -"party security review process." -msgstr "" -"Dalam kasus di mana review keamanan telah dilakukan oleh pihak ketiga, atau " -"bila sebuah proyek lebih suka menggunakan pihak ketiga untuk melakukan " -"review mereka, informasi tentang bagaimana mengambil hasil dari review pihak " -"ketiga tersebut dan menyerahkannya kepada OSSP untuk validasi akan tersedia " -"dalam proses pemeriksaan keamanan pihak ketiga yang akan datang." - msgid "" "In cases where software termination offers insufficient performance, " "hardware accelerators may be worth exploring as an alternative option. It is " @@ -8334,22 +8228,6 @@ msgstr "" "authentication-and-access-control` untuk semua komponen yang memerlukan " "komunikasi RPC." -msgid "" -"It is recommended to avoid the manual image building process as it is " -"complex and prone to error. Additionally, using an automated system like Oz " -"for image building or a configuration management utility like Chef or Puppet " -"for post-boot image hardening gives you the ability to produce a consistent " -"image as well as track compliance of your base image to its respective " -"hardening guidelines over time." -msgstr "" -"Dianjurkan untuk menghindari proses pembuatan image manual karena kompleks " -"dan rentan terhadap kesalahan. Selain itu, dengan menggunakan sistem " -"otomatis seperti Oz untuk pembuatan image atau utilitas pengelolaan " -"konfigurasi seperti Chef atau Puppet untuk pengerasan image post-boot " -"memberi Anda kemampuan untuk menghasilkan image yang konsisten serta melacak " -"kepatuhan image dasar Anda untuk masing-masing panduan pengerasan dari waktu " -"ke waktu." - msgid "It saves time for you and your users." msgstr "Ini menghemat waktu untuk Anda dan pengguna Anda." @@ -10228,19 +10106,6 @@ msgstr "" "ke beberapa instance penyewa dan administrator menggunakan protokol Virtual " "Network Computer (VNC)." -msgid "" -"OpenStack components communicate with each other using various protocols and " -"communication might involve sensitive or confidential data. An attacker may " -"try to eavesdrop on the channel in order to get access to sensitive " -"information. Therefore all components must communicate with each other using " -"a secured communication protocol." -msgstr "" -"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai " -"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. " -"Penyerang dapat mencoba menguping saluran untuk mendapatkan akses ke " -"informasi sensitif. Oleh karena itu semua komponen harus berkomunikasi satu " -"sama lain menggunakan protokol komunikasi yang aman." - msgid "" "OpenStack components communicate with each other using various protocols and " "the communication might involve sensitive / confidential data. An attacker " @@ -11548,16 +11413,6 @@ msgstr "Membatasi alamat pengikat untuk MySQL" msgid "Restricting listen address for PostgreSQL" msgstr "Membatasi alamat mendengarkan PostgreSQL" -msgid "Review by OpenStack Security Project" -msgstr "Review oleh OpenStack Security Project" - -msgid "" -"Review by a third party review body, with validation from the OpenStack " -"Security Project" -msgstr "" -"Review oleh badan review pihak ketiga, dengan pengesahan dari OpenStack " -"Security Project" - msgid "Review common security principles." msgstr "Tinjau kembali prinsip keamanan bersama." @@ -11631,12 +11486,12 @@ msgstr "Verifikasi runtime" msgid "" "SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking " -"servers that are turned off `__" +"servers that are turned off `__" msgstr "" "SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking " -"servers that are turned off `__" +"servers that are turned off `__" msgid "" "SDN services node: Management, guest and possibly public depending upon " @@ -11749,9 +11604,6 @@ msgstr "" "kembali rahasia ini. Untuk mengaktifkan fitur ini, pertama-tama harus ada " "layanan OpenStack Key Manager yang ditempatkan di dalam stack." -msgid "Salt Stack" -msgstr "Salt Stack" - msgid "" "Sanitize portable, removable storage devices prior to connecting such " "devices to the cloud infrastructure." @@ -11790,15 +11642,6 @@ msgstr "Secret store back ends" msgid "Secret store plugins" msgstr "Plugin penyimpanan rahasia" -msgid "" -"Secret store plugins interface with secure storage systems to store the " -"secrets within those systems. There are two types of secret store plugins: " -"the KMIP plugin and the Dogtag plugin." -msgstr "" -"Plugin penyimpanan rahasia terhubung dengan sistem penyimpanan yang aman " -"untuk menyimpan rahasia di dalam sistem tersebut. Ada dua jenis plugin " -"penyimpanan rahasia: plugin KMIP dan plugin Dogtag." - msgid "Secrets Management" msgstr "Secrets Management (manajemen rahasia)" @@ -12014,19 +11857,6 @@ msgstr "Referensi keamanan untuk database back end" msgid "Security review" msgstr "Ulasan keamanan" -msgid "" -"Security review by the OSSP is expected to be the normal route for new " -"projects and for cases where third parties have not performed security " -"reviews or are unable to share their results. Information for projects that " -"require a security review by the OSSP will be available in the upcoming " -"security review process." -msgstr "" -"Review keamanan oleh OSSP diharapkan menjadi rute normal untuk proyek baru " -"dan untuk kasus dimana pihak ketiga belum melakukan review keamanan atau " -"tidak dapat membagikan hasilnya. Informasi untuk proyek yang memerlukan " -"review keamanan oleh OSSP akan tersedia dalam proses review keamanan yang " -"akan datang." - msgid "Security reviews" msgstr "Tinjauan keamanan" @@ -13010,20 +12840,6 @@ msgstr "" "dalam desain dan arsitektur layanan, dan mengusulkan kontrol atau perbaikan " "untuk menyelesaikan masalah ini." -msgid "" -"The Barbican threat analysis identified eight security findings and two " -"recommendations to improve the security of a barbican deployment. These " -"results can be reviewed in the `security analysis repo `_., along with the Barbican architecture diagram and architecture " -"description page." -msgstr "" -"Analisis ancaman Barbican mengidentifikasi delapan temuan keamanan dan dua " -"rekomendasi untuk memperbaiki keamanan penyebaran barbican. Hasil ini dapat " -"ditinjau ulang di `security analysis repo `_., " -"bersama dengan diagram arsitektur Barbican dan halaman deskripsi arsitektur." - msgid "" "The CSA CCM is specifically designed to provide fundamental security " "principles to guide cloud vendors and to assist prospective cloud customers " @@ -13354,9 +13170,9 @@ msgid "" "The Health Insurance Portability and Accountability Act (HIPAA) is a United " "States congressional act that governs the collection, storage, use and " "destruction of patient health records. The act states that Protected Health " -"Information (PHI) must be rendered \"unusable, unreadable, or indecipherable" -"\" to unauthorized persons and that encryption for data 'at-rest' and " -"'inflight' should be addressed." +"Information (PHI) must be rendered \"unusable, unreadable, or " +"indecipherable\" to unauthorized persons and that encryption for data 'at-" +"rest' and 'inflight' should be addressed." msgstr "" "The Health Insurance Portability and Accountability Act (HIPAA) adalah " "keputusan kongres Amerika Serikat yang mengatur pengumpulan, penyimpanan, " @@ -13852,41 +13668,6 @@ msgstr "" "kontrol keamanan tertentu tidak dimungkinkan karena kompleksitas atau " "rincian spesifik lingkungan lainnya." -msgid "" -"The OpenStack Security Project (OSSP) has worked with the VMT to agree that " -"an architectural review of the best practice deployment for a project is an " -"appropriate form of security review, balancing the need for review with the " -"resource requirements for a project of the scale of OpenStack. Security " -"architecture review is also often referred to as *threat analysis*, " -"*security analysis* or *threat modeling*. In the context of OpenStack " -"security review, these terms are synonymous for an architectural security " -"review which may identify defects in the design of a project or reference " -"architecture, and may lead to further investigative work to verify parts of " -"the implementation." -msgstr "" -" OpenStack Security Project (OSSP) telah bekerja dengan VMT untuk menyetujui " -"bahwa tinjauan arsitektur penerapan praktik terbaik untuk sebuah proyek " -"adalah bentuk tinjauan keamanan yang sesuai, menyeimbangkan kebutuhan untuk " -"ditinjau dengan persyaratan sumber daya untuk proyek skala OpenStack. " -"Tinjauan arsitektur keamanan juga sering disebut sebagai *threat analysis*, " -"*security analysis* atau *threat modeling*. Dalam konteks tinjauan keamanan " -"OpenStack, istilah-istilah ini identik untuk tinjauan keamanan arsitektural " -"yang dapat mengidentifikasi cacat pada desain proyek atau arsitektur " -"referensi, dan dapat menyebabkan pekerjaan investigasi lebih lanjut untuk " -"memverifikasi bagian-bagian dari pelaksanaan." - -msgid "" -"The OpenStack Security team is based on voluntary contributions from the " -"OpenStack community. You can contact the security community directly in the " -"#openstack-security channel on Freenode IRC, or by sending mail to the " -"openstack-discuss mailing list with the [security] prefix in the subject " -"header." -msgstr "" -"Tim OpenStack Security didasarkan pada kontribusi sukarela dari komunitas " -"OpenStack. Anda dapat menghubungi komunitas keamanan secara langsung di " -"saluran #openstack-security di Freenode IRC, atau dengan mengirim email ke " -"daftar mailing openstack-discuss dengan awalan [security] di header subjek." - msgid "" "The OpenStack components are only a small fraction of the software in a " "cloud. It is important to keep up to date with all of these other " @@ -13930,24 +13711,6 @@ msgstr "" "Setiap dasbor yang tidak mengikuti pengaturan keamanan yang disarankan ini " "harus dievaluasi secara hati-hati sebelum batasan rileks." -msgid "" -"The PKCS#11 crypto plugin can be used to interface with a Hardware Security " -"Module (HSM) using the PKCS#11 protocol. Secrets are encrypted (and " -"decrypted on retrieval) by a project specific Key Encryption Key (KEK) which " -"resides in the HSM. Since a different KEK is used for each project, and " -"since the KEKs are stored inside an HSM (instead of in plaintext in the " -"configuration file) the PKCS#11 plugin is much more secure than the simple " -"crypto plugin. It is the most popular back end amongst Barbican deployments." -msgstr "" -"Plugin kripto PKCS # 11 dapat digunakan untuk berinteraksi dengan Hardware " -"Security Module (HSM) menggunakan protokol PKCS # 11. Rahasia dienkripsi " -"(dan didekripsi saat pengambilan) oleh Key Key Enkripsi (KEK) spesifik " -"proyek yang berada di HSM. Karena KEK yang berbeda digunakan untuk setiap " -"proyek, dan karena KEK disimpan di dalam sebuah HSM (bukan di plaintext " -"dalam file konfigurasi) plugin PKCS # 11 jauh lebih aman daripada plugin " -"kripto sederhana. Ini adalah bagian belakang yang paling populer di antara " -"penyebaran Barbican." - msgid "" "The Payment Card Industry Data Security Standard (PCI DSS) is defined by the " "Payment Card Industry Standards Council, and created to increase controls " @@ -14985,24 +14748,6 @@ msgstr "" "penghitungan, jaringan, dan penyimpanan dan komponen lainnya yang menyusun " "penerapan OpenStack Anda." -msgid "" -"The goal of security review in the OpenStack community is to identify " -"weaknesses in design or implementation of OpenStack projects. While rare, " -"these weaknesses could potentially have catastrophic effects on the security " -"of an OpenStack deployment, and therefore work should be undertaken to " -"minimize the likelihood of these defects in released projects. The OpenStack " -"Security Project asserts that once a security review of a project has been " -"completed, the following are known and documented:" -msgstr "" -"Tujuan tinjauan keamanan di komunitas OpenStack adalah untuk " -"mengidentifikasi kelemahan dalam perancangan atau pelaksanaan proyek " -"OpenStack. Meskipun jarang terjadi, kelemahan ini berpotensi menimbulkan " -"dampak bencana terhadap keamanan penempatan OpenStack, dan oleh karena itu, " -"pekerjaan harus dilakukan untuk meminimalkan kemungkinan cacat pada proyek " -"yang diluncurkan. OpenStack Security Project menegaskan bahwa setelah " -"tinjauan keamanan atas sebuah proyek selesai, berikut ini diketahui dan " -"didokumentasikan:" - msgid "" "The importance of encrypting data on behalf of tenants is largely related to " "the risk assumed by a provider that an attacker could access tenant data. " @@ -15720,17 +15465,6 @@ msgstr "" "operator mungkin ingin mencari saran dari pemimpin industri dan vendor " "disamping panduan yang direkomendasikan di sini." -msgid "" -"There are many configuration management solutions; at the time of this " -"writing there are two in the marketplace that are robust in their support of " -"OpenStack environments: :term:`Chef` and :term:`Puppet`. A non-exhaustive " -"listing of tools in this space is provided below:" -msgstr "" -"Ada banyak solusi manajemen konfigurasi; Pada saat penulisan ini ada dua di " -"pasar yang kuat dalam mendukung lingkungan OpenStack: :term:`Chef` dan :term:" -"`Puppet`. Daftar alat yang tidak lengkap (non-exhaustive) di ruang ini " -"disediakan di bawah ini:" - msgid "" "There are no general provisions for granular control of database operations " "in OpenStack. Access and privileges are granted simply based on whether a " @@ -15804,13 +15538,6 @@ msgstr "" "Ada beberapa bagian kunci pada halaman arsitektur, yang dijelaskan lebih " "rinci di bawah ini:" -msgid "" -"There are two routes that an OpenStack project may take to complete a " -"security review:" -msgstr "" -"Ada dua rute yang dibutuhkan proyek OpenStack untuk menyelesaikan tinjauan " -"keamanan:" - msgid "There are two types of SOC 1 reports:" msgstr "Ada dua jenis laporan SOC 1:" @@ -17517,28 +17244,6 @@ msgstr "" "TLS di mana saja terlalu sulit, sebaiknya Anda mengevaluasi kebutuhan " "OpenStack SSL/TLS dan mengikuti salah satu arsitektur yang dibahas di sini." -msgid "" -"We recommend using a separate, isolated network within the management " -"security domain for provisioning. This network will handle all PXE traffic, " -"along with the subsequent boot stage downloads depicted above. Note that the " -"node boot process begins with two insecure operations: DHCP and TFTP. Then " -"the boot process uses TLS to download the remaining information required to " -"deploy the node. This may be an operating system installer, a basic install " -"managed by `Chef `__ or `Puppet `__, or even a complete file system image that is written " -"directly to disk." -msgstr "" -"Sebaiknya gunakan jaringan terpisah yang terisolasi dalam domain keamanan " -"manajemen untuk penyediaan. Jaringan ini akan menangani semua lalu lintas " -"PXE, bersamaan dengan unduhan tahap boot berikutnya yang digambarkan di " -"atas. Perhatikan bahwa proses boot node dimulai dengan dua operasi tidak " -"aman: DHCP dan TFTP. Kemudian proses booting menggunakan TLS untuk " -"mendownload sisa informasi yang dibutuhkan untuk menyebarkan node. Ini " -"mungkin sebuah installer sistem operasi, sebuah instalasi dasar yang " -"dikelola oleh `Chef `__ atau `Puppet `__, atau bahkan image sistem file lengkap yang ditulis " -"langsung ke disk." - msgid "" "We recommend you disable filters that parse things that are provided by " "users or are able to be manipulated such as metadata." @@ -18728,11 +18433,6 @@ msgstr "`Oozie `_" msgid "`OpenSCAP `_" msgstr "`OpenSCAP `_" -msgid "" -"`OpenSSL and FIPS 140-2 `_" -msgstr "" -"`OpenSSL and FIPS 140-2 `_" - msgid "`Pig `_" msgstr "`Pig `_" @@ -18839,12 +18539,12 @@ msgstr "`Tripwire `__" msgid "" "`Trusted Security Principles `_" +"informationtechnology/resources/soc/trustservices/pages/" +"trust%20services%20principles—an%20overview.aspx>`_" msgstr "" "`Trusted Security Principles `_" +"informationtechnology/resources/soc/trustservices/pages/" +"trust%20services%20principles—an%20overview.aspx>`_" msgid "" "`U.S. NIST FIPS PUB 180-3 `__" +"servers that are turned off `__" msgstr "" "SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking " -"servers that are turned off `__" +"servers that are turned off `__" msgid "" "SDN services node: Management, guest and possibly public depending upon " @@ -4672,9 +4634,6 @@ msgstr "SR-IOV, MR-IOV, ATS" msgid "SSL/TLS proxy in front" msgstr "前段の SSL/TLS" -msgid "Salt Stack" -msgstr "Salt Stack" - msgid "" "Sanitize portable, removable storage devices prior to connecting such " "devices to the cloud infrastructure." @@ -5322,9 +5281,9 @@ msgid "" "The Health Insurance Portability and Accountability Act (HIPAA) is a United " "States congressional act that governs the collection, storage, use and " "destruction of patient health records. The act states that Protected Health " -"Information (PHI) must be rendered \"unusable, unreadable, or indecipherable" -"\" to unauthorized persons and that encryption for data 'at-rest' and " -"'inflight' should be addressed." +"Information (PHI) must be rendered \"unusable, unreadable, or " +"indecipherable\" to unauthorized persons and that encryption for data 'at-" +"rest' and 'inflight' should be addressed." msgstr "" "Health Insurance Portability and Accountability Act (HIPAA)は米国の健康保険に" "おける可搬性と責任に関する法律で、カルテ情報の収集、保存、および廃棄に関する" @@ -7428,11 +7387,6 @@ msgstr "" msgid "`Oozie `_" msgstr "`Oozie `_" -msgid "" -"`OpenSSL and FIPS 140-2 `_" -msgstr "" -"`OpenSSL and FIPS 140-2 `_" - msgid "`Pig `_" msgstr "`Pig `_" diff --git a/security-guide/source/locale/tr_TR/LC_MESSAGES/security-guide.po b/security-guide/source/locale/tr_TR/LC_MESSAGES/security-guide.po index 24559ce3..aa369725 100644 --- a/security-guide/source/locale/tr_TR/LC_MESSAGES/security-guide.po +++ b/security-guide/source/locale/tr_TR/LC_MESSAGES/security-guide.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: Security Guide\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-01-22 18:38+0000\n" +"POT-Creation-Date: 2025-09-12 18:32+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -273,23 +273,6 @@ msgstr "" "conf`` dosyasındaki ``[glance]`` bölümündeki ``api_servers`` parametresinin " "değeri ``https://`` ile başlayan bir değer değil ise." -msgid "" -"**Fail:** If value of parameter ``auth_protocol`` under " -"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``http``, or " -"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` " -"section in ``manila.conf`` is not set to Identity API endpoint starting with " -"``https://`` or value of parameter ``insecure`` under the same " -"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to " -"``True``." -msgstr "" -"**Başarısız:** ``manila.conf`` dosyasında ``[keystone_authtoken]`` " -"bölümündeki ``auth_protocol`` parametresinin değeri ``http`` ise ya da " -"``manila.conf`` dosyasında ``[keystone_authtoken]`` bölümündeki " -"``identity_uri`` paramtresinin değeri ``https://`` ile başlayan bir Kimlik " -"API'ye ayarlı değilse ya da ``manila.conf`` dosyasında " -"``[keystone_authtoken]`` bölümündeki ``insecure`` parametresinin değeri " -"``True`` ise." - msgid "" "**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` " "section in ``/etc/glance/glance-api.conf`` is set to ``noauth`` or value of " @@ -577,22 +560,6 @@ msgstr "" "conf`` dosyasındaki ``[glance]`` bölümündeki ``api_servers`` parametresinin " "değeri ``https://`` ile başlayan bir değer ise." -msgid "" -"**Pass:** If value of parameter ``auth_protocol`` under " -"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``https``, or " -"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` " -"section in ``manila.conf`` is set to Identity API endpoint starting with " -"``https://`` and value of parameter ``insecure`` under the same " -"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to " -"``False``." -msgstr "" -"**Başarılı:** ``manila.conf`` dosyasında ``[keystone_authtoken]`` " -"bölümündeki ``auth_protocol`` parametresinin değeri ``https`` ise ya da " -"``manila.conf`` dosyasında ``[keystone_authtoken]`` bölümündeki " -"``identity_uri`` paramtresinin değeri ``https://`` ile başlayan bir Kimlik " -"API'ye ayarlı ise ya da ``manila.conf`` dosyasında ``[keystone_authtoken]`` " -"bölümündeki ``insecure`` parametresinin değeri ``False`` ise." - msgid "" "**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` " "section in ``/etc/cinder/cinder.conf`` is set to ``keystone``." @@ -1086,25 +1053,6 @@ msgstr "" "yalnızca donanım izleme ve CRUD olaylarını içerebilen günlük dosyalarının " "ötesine geçecektir." -msgid "" -"A common reason to perform a security review on an OpenStack project is to " -"enable that project to achieve the *vulnerability:managed* governance tag. " -"The OpenStack Vulnerability Management Team (VMT) applies the `vulnerability:" -"managed tag `_ to projects where the report reception and " -"disclosure of vulnerabilities is managed by the VMT. One of the requirements " -"for gaining the tag is that some form of security review, audit or threat " -"analysis has been performed on the project." -msgstr "" -"Bir OpenStack projesi üzerinde güvenlik incelemesi yapmak için ortak bir " -"neden, o projenin *vulnerability: managed* yönetişim etiketi elde etmesini " -"sağlamaktır. OpenStack Güvenlik Açığı Yönetimi Ekibi (VMT), `vulnerability: " -"managed etiketi `_ raporların alınması ve güvenlik açıklarının " -"bildiriminin VMT tarafından yapıldığı projelere uygulanır. Etiket kazanma " -"gereksinimlerinden biri, proje üzerinde bazı güvenlik incelemesi, denetim " -"veya tehdit analizi uygulanmış olmasıdır." - msgid "" "A complete tutorial on secure boot deployment is beyond the scope of this " "book. Instead, here we provide a framework for how to integrate secure boot " @@ -2127,9 +2075,6 @@ msgstr "" "Örneğin, Xen Server'ın XSM veya Xen Güvenlik Modülleri, Sanal, Intel TXT " "veya AppArmor." -msgid "Ansible" -msgstr "Ansible" - msgid "" "Any changes to ``/etc/manila/policy.json`` are effective immediately, which " "allows new policies to be implemented while the Shared File Systems service " @@ -3192,9 +3137,6 @@ msgstr "" msgid "Checklist" msgstr "Kontrol listesi" -msgid "Chef" -msgstr "Chef" - msgid "" "Cinder supports an NFS driver which works differently than a traditional " "block storage driver. The NFS driver does not actually allow an instance to " @@ -3228,11 +3170,12 @@ msgstr "" "öğelere daha yakından bir göz atalım." msgid "" -"Cipher suites using the `RSA `_ exchange, authentication or either respectively." +"Cipher suites using the `RSA `_ exchange, authentication or either respectively." msgstr "" -"Şifreleme takımları, `RSA ` _ değiştirme, kimlik doğrulama veya sırasıyla kullanır." +"Şifreleme takımları, `RSA ` _ değiştirme, kimlik doğrulama veya sırasıyla " +"kullanır." msgid "" "Client authentication with TLS requires certificates be issued to services. " @@ -3304,9 +3247,9 @@ msgid "" "an update to \"The OpenStack Cookbook\" as well as books on VMware " "automation." msgstr "" -"Cody Bunch, Rackspace ile Özel Bulut mimarı. Cody, \"The OpenStack Cookbook" -"\" a ait bir güncellemenin yanı sıra VMware otomasyonu üzerine kitaplar da " -"hazırladı." +"Cody Bunch, Rackspace ile Özel Bulut mimarı. Cody, \"The OpenStack " +"Cookbook\" a ait bir güncellemenin yanı sıra VMware otomasyonu üzerine " +"kitaplar da hazırladı." msgid "" "Collection of containers; not user accounts or authentication. Which users " @@ -6150,19 +6093,6 @@ msgstr "" msgid "In an OpenStack deployment you will need to address the following:" msgstr "Bir OpenStack dağıtımında aşağıdakileri ele almanız gerekecek:" -msgid "" -"In cases where a security review has already been performed by a third " -"party, or where a project prefers to use a third party to perform their " -"review, information on how to take the output of that third party review and " -"submit it to the OSSP for validation will be available in the upcoming third " -"party security review process." -msgstr "" -"Bir güvenlik incelemesinin üçüncü bir taraf tarafından daha önce yapıldığı " -"veya bir projenin incelemesini yapmak için üçüncü bir tarafı tercih etmesi " -"durumunda, söz konusu üçüncü taraf incelemesinin çıktısını alma ve doğrulama " -"için OSSP'ye sunma hakkında bilgi yaklaşmakta olan üçüncü parti güvenlik " -"inceleme sürecinde kullanıma sunulacaktır." - msgid "" "In cases where software termination offers insufficient performance, " "hardware accelerators may be worth exploring as an alternative option. It is " @@ -6866,21 +6796,6 @@ msgstr "" "RPC iletişimini gerektiren tüm bileşenler için :ref:`queue-authentication-" "and-access-control` ile sağlanan yönergeleri izlemeniz önerilir." -msgid "" -"It is recommended to avoid the manual image building process as it is " -"complex and prone to error. Additionally, using an automated system like Oz " -"for image building or a configuration management utility like Chef or Puppet " -"for post-boot image hardening gives you the ability to produce a consistent " -"image as well as track compliance of your base image to its respective " -"hardening guidelines over time." -msgstr "" -"Elle imaj oluşturma işleminin karmaşık olması ve hataya eğilimli olması " -"nedeniyle önlenmesi önerilir. Ek olarak, görüntü oluşturma için Oz gibi " -"otomatik bir sistem veya açılış sonrası imaj sıkılaştırması için Chef veya " -"Puppet gibi bir yapılandırma yönetimi programı kullanarak, tutarlı bir imaj " -"üretmenin yanı sıra, taban görüntüsünün kendi sıkılaştırma kurallarına " -"uyumunu izleyebilirsiniz." - msgid "" "It should be noted that with this type of implementation sensitive access " "tokens will be stored in the browser and will be transmitted with each " @@ -8062,8 +7977,8 @@ msgid "" "specification of what constitutes a \"secure password\"." msgstr "" "Sistem güvenlik kontrolleri tanımlandıktan sonra, bir OpenStack mimarı, özel " -"kontrol seçimi için NIST 800-53'ü kullanacaktır. Örneğin, \"güvenli parola" -"\"yı neyin oluşturduğunun belirtimi." +"kontrol seçimi için NIST 800-53'ü kullanacaktır. Örneğin, \"güvenli " +"parola\"yı neyin oluşturduğunun belirtimi." msgid "" "Once the SSH host key is generated, the host key fingerprint should be " @@ -9726,16 +9641,6 @@ msgstr "MySQL için bağlama adresini sınırlama" msgid "Restricting listen address for PostgreSQL" msgstr "PostgreSQL için dinleme adresini kısıtlama" -msgid "Review by OpenStack Security Project" -msgstr "OpenStack Güvenlik Projesi tarafından İncelenmek" - -msgid "" -"Review by a third party review body, with validation from the OpenStack " -"Security Project" -msgstr "" -"OpenStack Güvenlik Projesi'nden doğrulama ile üçüncü parti inceleme organı " -"tarafından incelenmesi" - msgid "Review common security principles." msgstr "Yaygın güvenlik prensiplerini gözden geçirmek." @@ -9800,12 +9705,12 @@ msgstr "Çalışma zamanı doğrulama" msgid "" "SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking " -"servers that are turned off `__" +"servers that are turned off `__" msgstr "" "SANS Teknoloji Enstitüsü, InfoSec İşleyicileri Günlüğü Bloğu. 2012. " -"`Kapatılmış sunucuları ele geçirmek `__" +"`Kapatılmış sunucuları ele geçirmek `__" msgid "" "SDN services node: Management, guest and possibly public depending upon " @@ -9876,9 +9781,6 @@ msgstr "yük dengeleyici üzerinden SSL/TLS" msgid "SSL/TLS proxy in front" msgstr "Ön taraftaki SSL/TLS vekili" -msgid "Salt Stack" -msgstr "Salt Stack" - msgid "" "Sanitize portable, removable storage devices prior to connecting such " "devices to the cloud infrastructure." @@ -10063,19 +9965,6 @@ msgstr "Veritabanı arka uçları için güvenlik referansları" msgid "Security review" msgstr "Güvenlik incelemesi" -msgid "" -"Security review by the OSSP is expected to be the normal route for new " -"projects and for cases where third parties have not performed security " -"reviews or are unable to share their results. Information for projects that " -"require a security review by the OSSP will be available in the upcoming " -"security review process." -msgstr "" -"OSSP tarafından yapılan güvenlik incelemesinin, yeni projelerin ve üçüncü " -"şahısların güvenlik incelemeleri yapmadığı veya sonuçlarını paylaşamadığı " -"durumlarda normal yol olması beklenmektedir. OSSP tarafından bir güvenlik " -"incelemesi gerektiren projeler için bilgi gelecek güvenlik inceleme " -"sürecinde kullanıma açılacaktır." - msgid "Security reviews" msgstr "Güvenlik gözden geçirmeleri" @@ -11222,16 +11111,16 @@ msgid "" "The Health Insurance Portability and Accountability Act (HIPAA) is a United " "States congressional act that governs the collection, storage, use and " "destruction of patient health records. The act states that Protected Health " -"Information (PHI) must be rendered \"unusable, unreadable, or indecipherable" -"\" to unauthorized persons and that encryption for data 'at-rest' and " -"'inflight' should be addressed." +"Information (PHI) must be rendered \"unusable, unreadable, or " +"indecipherable\" to unauthorized persons and that encryption for data 'at-" +"rest' and 'inflight' should be addressed." msgstr "" "Sağlık Sigortası Taşınabilirliği ve Hesap Verebilirlik Yasası (HIPAA), hasta " "sağlık kayıtlarının toplanmasını, depolanmasını, kullanılmasını ve tahrip " "edilmesini yöneten Birleşik Devletler Kongresi yasasıdır. Yasaya göre " "Korunan Sağlık Bilgisi (PHI), yetkisiz kişilere \"kullanılamaz, okunamıyor " -"veya okunaksız hale getirilmelidir\" ve verilerin \"dinlenme\" ve \"uçuş için" -"\" şifrelenmesi için ele alınmalıdır." +"veya okunaksız hale getirilmelidir\" ve verilerin \"dinlenme\" ve \"uçuş " +"için\" şifrelenmesi için ele alınmalıdır." msgid "The IOMMU feature is marketed as VT-d by Intel and AMD-Vi by AMD." msgstr "" @@ -11627,29 +11516,6 @@ msgstr "" "denetimlerinin mümkün olmadığı karar verme için çatılar sağlamak üzere " "tasarlanmıştır." -msgid "" -"The OpenStack Security Project (OSSP) has worked with the VMT to agree that " -"an architectural review of the best practice deployment for a project is an " -"appropriate form of security review, balancing the need for review with the " -"resource requirements for a project of the scale of OpenStack. Security " -"architecture review is also often referred to as *threat analysis*, " -"*security analysis* or *threat modeling*. In the context of OpenStack " -"security review, these terms are synonymous for an architectural security " -"review which may identify defects in the design of a project or reference " -"architecture, and may lead to further investigative work to verify parts of " -"the implementation." -msgstr "" -"OpenStack Güvenlik Projesi (OSSP), OpenStack ölçeğinde bir proje için en iyi " -"uygulama dağıtımının mimari bir incelemesinin, güvenlik incelemesinin uygun " -"bir biçimi olduğuna ve bir ölçekli projenin kaynak gereksinimleriyle gözden " -"geçirme gereksinimini dengelemesi konusunda VMT ile birlikte çalışmıştır. " -"Güvenlik mimarisi incelemesine genellikle *tehdit analizi*, *güvenlik " -"analizi* veya *tehdit modelleme* denir. OpenStack güvenlik incelemesi " -"bağlamında, bu terimler, bir proje veya referans mimarisi tasarımındaki " -"kusurları belirleyebilecek ve uygulamanın parçalarını doğrulamak için daha " -"fazla araştırma çalışmalarına yol açabilecek mimari bir güvenlik incelemesi " -"için eşanlamlıdır." - msgid "" "The OpenStack components are only a small fraction of the software in a " "cloud. It is important to keep up to date with all of these other " @@ -12610,24 +12476,6 @@ msgstr "" "bileşenlerdeki etkinliklere ek olarak yöneticilerin, kiracılardaki ve " "konukların günlük işlemlerine görünürlük sağlar." -msgid "" -"The goal of security review in the OpenStack community is to identify " -"weaknesses in design or implementation of OpenStack projects. While rare, " -"these weaknesses could potentially have catastrophic effects on the security " -"of an OpenStack deployment, and therefore work should be undertaken to " -"minimize the likelihood of these defects in released projects. The OpenStack " -"Security Project asserts that once a security review of a project has been " -"completed, the following are known and documented:" -msgstr "" -"OpenStack topluluğunda güvenlik incelemesinin amacı, OpenStack projelerinin " -"tasarımında veya uygulamasındaki zayıflıkları tespit etmektir. Nadiren de " -"olsa, bu zayıflıklar bir OpenStack dağıtımının güvenliğinde felaket " -"yaratacak etkilere sahip olabilir ve bu nedenle yayınlanan projelerdeki bu " -"kusurların olasılığını en aza indirgemek için çalışmalar yapılmalıdır. " -"OpenStack Güvenlik Projesi, bir projenin güvenlik incelemesinin " -"tamamlanmasının ardından aşağıdakilerin bilinir ve belgelendirildiğini iddia " -"eder:" - msgid "" "The importance of encrypting data on behalf of tenants is largely related to " "the risk assumed by a provider that an attacker could access tenant data. " @@ -13275,17 +13123,6 @@ msgstr "" "rehberliğin yanı sıra endüstri liderleri ve tedarikçilerinin tavsiyelerini " "almak isteyebilecekleri bir alandır." -msgid "" -"There are many configuration management solutions; at the time of this " -"writing there are two in the marketplace that are robust in their support of " -"OpenStack environments: :term:`Chef` and :term:`Puppet`. A non-exhaustive " -"listing of tools in this space is provided below:" -msgstr "" -"Birçok yapılandırma yönetimi çözümü vardır; Bu yazının yazıldığı tarihte, " -"piyasada OpenStack ortamlarını destekleyen iki güçlü araç var: :term:" -"`Puppet` ve :term:`Puppet`. Bu alandaki kapsamlı olmayan bir liste aşağıda " -"sunulmuştur:" - msgid "" "There are no general provisions for granular control of database operations " "in OpenStack. Access and privileges are granted simply based on whether a " @@ -13339,13 +13176,6 @@ msgstr "" "Mimari sayfada bazı önemli bölümler bulunmaktadır. Bunlar aşağıda daha " "ayrıntılı olarak açıklanmıştır:" -msgid "" -"There are two routes that an OpenStack project may take to complete a " -"security review:" -msgstr "" -"Bir OpenStack projesinin bir güvenlik incelemesi tamamlayabileceği iki yol " -"vardır:" - msgid "There are two types of SOC 1 reports:" msgstr "2 tür SOC 1 raporu vardır:" @@ -14822,27 +14652,6 @@ msgstr "" "değerlendirmenizi ve burada tartışılan mimarilerden birini izlemenizi " "öneririz." -msgid "" -"We recommend using a separate, isolated network within the management " -"security domain for provisioning. This network will handle all PXE traffic, " -"along with the subsequent boot stage downloads depicted above. Note that the " -"node boot process begins with two insecure operations: DHCP and TFTP. Then " -"the boot process uses TLS to download the remaining information required to " -"deploy the node. This may be an operating system installer, a basic install " -"managed by `Chef `__ or `Puppet `__, or even a complete file system image that is written " -"directly to disk." -msgstr "" -"Sağlama için yönetim güvenliği alanında ayrı bir izole edilmiş ağ " -"kullanmanızı öneririz. Bu ağ, yukarıda tasvir edilen daha sonraki önyükleme " -"aşaması yüklemeleri ile birlikte tüm PXE trafiğini işleyecektir. Düğüm " -"önyükleme işleminin iki güvensiz işlemle başladığını unutmayın: DHCP ve " -"TFTP. Daha sonra önyükleme işlemi, düğümü dağıtmak için gereken kalan " -"bilgileri indirmek için TLS kullanır. Bu bir işletim sistemi yükleyicisi, " -"`Chef `__ veya `Puppet `__ tarafından yönetilen temel bir kurulum veya doğrudan diske yazılan " -"eksiksiz bir dosya sistemi imajı olabilir." - msgid "" "We recommend you disable filters that parse things that are provided by " "users or are able to be manipulated such as metadata." @@ -15938,11 +15747,6 @@ msgstr "`Oozie `_" msgid "`OpenSCAP `_" msgstr "`OpenSCAP `_" -msgid "" -"`OpenSSL and FIPS 140-2 `_" -msgstr "" -"`OpenSSL ve FIPS 140-2 `_" - msgid "`Pig `_" msgstr "`Pig `_" @@ -16016,12 +15820,12 @@ msgstr "`Tripwire `__" msgid "" "`Trusted Security Principles `_" +"informationtechnology/resources/soc/trustservices/pages/" +"trust%20services%20principles—an%20overview.aspx>`_" msgstr "" "`Güvenilen Güvenlik Prensipleri `_" +"informationtechnology/resources/soc/trustservices/pages/" +"trust%20services%20principles—an%20overview.aspx>`_" msgid "" "`U.S. NIST FIPS PUB 180-3