Tag Archives: secops

The Dual-Edged Sword: How AI is Revolutionizing Cybersecurity and the New Threats It Poses to Businesses

September 22, 2024Techai, cloud, cyber threats, cybersecurity, ml, paas, saas, secops, security, software, sysopsHarout

Advancements in artificial intelligence (AI) have had a profound impact on cybersecurity, both positively and negatively. On one hand, AI has enabled organizations to enhance their security measures by automating threat detection, improving response times, and identifying complex patterns in network traffic that would be impossible for humans to recognize. AI-driven tools can analyze vast amounts of data in real-time to detect anomalies, flag potential vulnerabilities, and even predict future cyberattacks based on historical trends. This means businesses can stay ahead of increasingly sophisticated threats and react swiftly to prevent breaches.

Continue reading →

Back Up and Running in Cloud Native

February 20, 2023Techautomation, aws, cloud, cloudcomputing, cloudfront, cloudnative, cybersecurity, devops, devsecops, lightsail, networksecurity, S3, secops, security, sysadminHarout

Finally had the time to rebuild and refresh the blog site. gotsudo.com in now full Cloud Native running in AWS (has always been, however in a more traditional server-based installation).

The recent migration included an AWS Lightsail service that provides various bundles of OS/applications, which in my case is WordPress running on Linux. Various tiers are also available to fit every budget out there.

I decided to take things a step further, and serve the public facing version of the website in a static configuration, leveraging AWS S3 to host the site files, with AWS CloudFront caching layer sitting upfront for the parent gotsudo.com address.

This allows me to limit access to the actual WordPress site running in Lightsail, transforming it to a true authoring and publishing site, rather than a public front-facing one.

Various WordPress plugins are available that can easily produce a static version of the website, and can also integrate with AWS services (or any other CSP) to auto publish files into S3 or any other repository of choice. While these make things much easier and more integrated, I decided to air-gap the systems, allowing me to selectively produce the published files and upload them to S3 using other means of tailored automation.

Later on, I may add some more integrations to the site, however at this point I’m quite happy with how far it came over a busy weekend’s time.

DNS Security

February 2, 2023Techcybersecurity, dns, dnssecurity, networking, networksecurity, secops, security, sysops, systemsecurityHarout

Well this is an interesting approach by Google to counter DNS cache poisoning effectiveness.

https://www.theregister.com/2023/01/19/google_dns_queries/

If your DNS queries LoOk liKE tHIs, it’s not a ransom note, it’s a security improvement.

Tech Audits

December 28, 2022Techaudit, audits, business, businesscontinuity, cybersecurity, operationalexcellence, projectmanagement, secops, security, securitymanagement, soc2, sysadmin, sysopsHarout

What systems do security and availability audits cover? A fair question!

Well, the hard truth is that it is your responsibility to identify this as a system owner; and not the duty of an auditor. Don’t sit around waiting for auditors to show up and expect them to answer this question.

Simply put, everything and anything within your ecosystem that may interrupt business continuity should be part of the audit. This can easily include systems that do not even reside in your ‘PROD VPC’, or even be tagged as ‘Production’.

You’ll be surprised how many times it comes down to a small neglected server that sits in the corner and very few folk know about, yet holds a critical role in your supply chain processing, or mailing important notifications and updates to clients.

Do a true/practical risk assessment, identify your systems, minimize your exceptions, properly document your findings, and present them as the lay of the land; your auditors will be very thankful.

Multilingual Passwords

October 15, 2022Techcyber, devops, devsecops, passwordcracking, passwordmanagement, passwords, secops, security, securityawareness, securitycompliance, sysadminHarout

Benefits of being multilingual in the world of technology: Passwords are so simple to remember, yet meet every password complexity policy being 12 characters long, alphanumeric, Upper case, and special characters 😄

Hold my beer!

October 13, 2022Techcybersecurity, dataloss, datalossprevention, devsecops, holdmybeer, secops, security, securityawareness, whatcouldgowrongHarout

Company: “Our data is encrypted at rest, and in transit. We are SOC2 assessed and HIPAA compliant. Our Cyber team conducts quarterly audits, our Security Ops are 24/7, and our employees go through quarterly security training.”

That one developer about to run a wild query exporting all data to a CSV file: “Hold my beer!”

Invest in Data Access Controls

Wickr, by AWS

August 19, 2022Techaws, bestinclass, collaborationsolutions, encryption, highsecurity, secops, security, wickr, zerotrust, zerotrustsecurityHarout

Does your establishment handle sensitive communication on daily basis? Are you looking for a secure, no compromise, zero trust, SaaS collaboration suite? Check out wickr; an AWS company.

http://wickr.com/

Uptime…

May 22, 2022Techavailability, devops, devsecops, dns, dnssecurity, engineering, homeoffice, linux, networkinfrastructure, networksecurity, secops, security, sysadmin, uptimeHarout

Remember the days when server up-time was how we measured service availability and bragged about it? This Pi-hole DNS server running on a Debian-loaded mini PC at my home office, is now at 177 days since last reboot, yet is fully patched and running latest version of Pi-hole DNS. Maybe it’s because there are no windows near this mini PC 😏

Security Assessments

April 22, 2022Techaudits, compliance, devsec, devsecops, secops, security, securityaudit, securityconsulting, securitycontrols, trainingHarout

The deal with security compliance assessments and certifications is not just about that annual or bi-annual point in time, during which auditors certify your establishment as compliant. It’s about whether your organization and all of its individuals follow security guidelines and best practices as outlined in the assessment during their day-to-day operations.

Remember: Once auditors issue a compliance certificate and leave your office, from that point forward, your security is as good as your staff’s training, and discipline to follow security controls.

This is an everyday thing; not once or twice a year thing!

A Security+ Nostalgia

April 19, 2022Techcloud, cybersecurity, devops, devsecops, nostalgia, oldschool, secops, securityplus, sysadminHarout

Going through modern Security+ material, seeing mentions of legacy technologies and methodologies such as Sub7 or War-driving was a pleasant time travel 🙂