Open Source Software Use in DT Pan-Net
The journey of open source software in our company started several years ago. It was smart, logical, but rather tough decision to open the door for open source software use. Thanks to it, today, more than 200 of our engineers integrate, write, or modify vast amount of open source code.
At the beginning, we were not sure, how to handle the idea of open source software use. Should we have some strategy?
What is identity and its basic management?
I’m pretty sure you’ve already heard of Identity and Access Management IAM expression in your tasks if you are working as an engineer in IT development industry. If not, I hope you will at the end of reading this article. Handling of identities, users, services or any kind of accounts and the automation of related tasks could be considered as a core activity of this field.
In this article I’d like to present some basic understanding of IDM and where it stands in terms of Identity Governance and Administration IGA.
Let's Hijack Some Packages!
Being able to hijack a Python package gives you a lot of opportunities. pip does not just place a package to some specified location. It runs the setup.py file that comes with most packages. This means you are effectively running unknown code on your machine every time you install a new package. Moreover, since pip runs as your user, it has the same permissions you do1. It can read ssh keys, gpg keys, inspect your home directory or install ransomware, you name it.
Up The Cybersec Ante With Honeypots
Up the Cybersec Ante with Honeypots In the interest of brevity, ubiquitous IT acronyms (such as VM, IP, SSH etc.) are used in this article. You can find a comprehensive list of Common IT acronyms and their meanings here
The Name of the Game Imagine you are playing a game of poker, and you are dealt a really poor hand. You don’t know what cards your adversaries have in their hands, but they certainly look confident and they might as well have a good reason to.
ModSecurity Rules Management in Kubernetes
How to manage ModSecurity rules for Nginx using web UI, Kubernetes, CICD and git Most of the online companies nowadays understand the risk of exposing web applications to the Internet. We are not any exception. As many others we are running the workloads in Kubernetes and try to utilize this platform for ensuring application security as well.
The most convenient option is to utilize Kubernetes Ingress Annotations and Nginx & ModSecurity or Openresty.
cURL security anti-patterns
curl is a widely used command line tool for interacting with HTTP resources. People use it to download binaries from command line or to interact with HTTP API endpoints from automation scripts. This blog shows some of the common curl security anti-patterns and how to avoid them.
The way how Pan-Net is improving the throughput of Compute Nodes
Pan-Net is using Openstack CMS (Cloud Management System) with OVS (Open vSwitch) as SDN (Software Defined Network) solution. OVS is configured and managed by Neutron (OS project used for networking).
Three main OVS components are:
ovs-switchd: the main process of OVS, used to make a decision about packet/frame forwarding, deployed in userspace. kernel module (datapath): forwarding packets/frames, deployed in the kernel. ovsdb-server: DB used to store OVS configuration, deployed in userspace.
SSH, Who is really on the other side?
It is interesting to observe how efficient engineers are able to deliver their work in the short period of time. But if we look deeper in the way how they do that, then we can see it is not so simple. Good engineers usually are doing that by having rich professional experience, they will use frameworks with high level of automation. But of course, there is another side of fast delivery, some product will be delivered but with ignoring good security practice, such as ignoring of strict SSH host checking.
A simple explanation of CORS
It’s a well known fact that software developers try to eliminate repetitive work with automation. In our company, admins of services that are responsible for identity and access management receive multiple requests for resource creation every day.
How we sped up fetching our Gitlab resources in Python tenfold
Some time ago, a colleague approached me with an issue he was having with one of our homebrew Python scripts our team uses - a handy tool, which scans all the past jobs in a Gitlab project and searches for the ones that had leaked sensitive data, with possibility to delete such jobs.