Step into cloud security
Some of you may say that cloud is nothing new and it is just someone else’s computer, and it is there for decades. While there is grain of truth in this point of view, but not nowadays, when cloud comes in its overall orchestrated, highly available and elastic form. Cloud is almost unavoidable in this day projects, that’s why it comes with the extra price in terms of security.
In this article we will try to explain with simple analogies and easy to grasp parallels, how approach to information security in the cloud is slightly different from the standard way of securing services deployed on-premises.
Cloudified solutions can preserve necessary level of security in comparison with themselves but deployed inside on-premise data centers or even deliver higher level of it. To achieve this, we should adapt our way of thinking, use different approaches, and apply best practices to the type of cloud we are on-boarding our application.
We DO need Sales!
But why? Your customers are also in DT group?! Pan-Net is providing cloud services for the DT group, so we mainly deal with internal customers within the Group, and we are frequently asked “Why would you need sales department, when your main customers are internal?”. The question comes from the “legacy” understanding of sales person being somebody like a used car seller, a guy with a wide smile trying to sell you a lemon, haggling with you and forcing to buy something what you may not need for a higher price to get better profit margin.
Directions Of The Cybersecurity Industry
Photo by Jon Moore
Covid crisis and the forced work-from-home comes with the rapid transformation of a traditional established company to an online only business with most of the work force working remote. Even the software houses struggle to keep up with this rapid transformation. Lots of companies are finding out that they don’t have control over the digital assets they are owning or managing. Security teams, when there is any, struggle how to inventarise all the assets that are exposed to the internet and have to be protected from the outside threats.
Ceph-to-Ceph migration for Openstack leveraging RBD mirroring
Introduction In IT, we use the term migration when we move stuff from A to B, where stuff = data + metadata.
Translating this to Cloud Infrastructure, data is the virtual machine’s image/volume (blocks of data), metadata is the virtual machine’s attributes: cpu, memory, interfaces, ip addresses, ownership, etc. (Let me ignore now the Object Storage scenario where we have a similar approach to distinguish data/metadata - but the migration strategy/solution is different.
Open Source Software Use in DT Pan-Net
The journey of open source software in our company started several years ago. It was smart, logical, but rather tough decision to open the door for open source software use. Thanks to it, today, more than 200 of our engineers integrate, write, or modify vast amount of open source code.
At the beginning, we were not sure, how to handle the idea of open source software use. Should we have some strategy?
What is identity and its basic management?
I’m pretty sure you’ve already heard of Identity and Access Management IAM expression in your tasks if you are working as an engineer in IT development industry. If not, I hope you will at the end of reading this article. Handling of identities, users, services or any kind of accounts and the automation of related tasks could be considered as a core activity of this field.
In this article I’d like to present some basic understanding of IDM and where it stands in terms of Identity Governance and Administration IGA.
Let's Hijack Some Packages!
Being able to hijack a Python package gives you a lot of opportunities. pip does not just place a package to some specified location. It runs the setup.py file that comes with most packages. This means you are effectively running unknown code on your machine every time you install a new package. Moreover, since pip runs as your user, it has the same permissions you do1. It can read ssh keys, gpg keys, inspect your home directory or install ransomware, you name it.
Up The Cybersec Ante With Honeypots
Up the Cybersec Ante with Honeypots In the interest of brevity, ubiquitous IT acronyms (such as VM, IP, SSH etc.) are used in this article. You can find a comprehensive list of Common IT acronyms and their meanings here
The Name of the Game Imagine you are playing a game of poker, and you are dealt a really poor hand. You don’t know what cards your adversaries have in their hands, but they certainly look confident and they might as well have a good reason to.
ModSecurity Rules Management in Kubernetes
How to manage ModSecurity rules for Nginx using web UI, Kubernetes, CICD and git Most of the online companies nowadays understand the risk of exposing web applications to the Internet. We are not any exception. As many others we are running the workloads in Kubernetes and try to utilize this platform for ensuring application security as well.
The most convenient option is to utilize Kubernetes Ingress Annotations and Nginx & ModSecurity or Openresty.
cURL security anti-patterns
curl is a widely used command line tool for interacting with HTTP resources. People use it to download binaries from command line or to interact with HTTP API endpoints from automation scripts. This blog shows some of the common curl security anti-patterns and how to avoid them.