Showing posts from 2018

SIEM: A rose by any other name

SLM/LMS, SIM, SEM, SEC, SIEM Following is an extract from the AlienVault whitepaper “ SIEM-for-Beginners ” Although the industry has settled on the term ‘SIEM’ as the catch-all term for this type of security software, it evolved from several different (but complementary)    technologies that came before it.     • LMS “Log Management System” – a system that collects and stores log files (from operating systems, applications, etc)     from multiple hosts and systems into a single location, allowing centralized access to logs instead of accessing them from    each system individually.     • SLM /SEM “security Log/Event Management” – an LMs, but marketed towards security analysts instead of system     administrators. SEM is about highlighting log entries as more significant to security than others.     • SIM “security information Management” – an asset Management system, but with features to incorporate security information    too. Hosts may have vulnerability re

What is a CASB (Cloud Access Security Broker)?

Cloud access security brokers (CASB) are on-premises or cloud-hosted software that sit between cloud service consumers and cloud service providers to enforce security, compliance, and governance policies for cloud applications. CASBs help organizations extend the security controls of their on-premises infrastructure to the cloud. Reference:

Amazon CloudFront and HTTP/2

HTTP/2 is a major revision of the HTTP protocol. This new version has several features that make page loading and rendering faster. ·          Multiplexing allows multiple requests and response messages between the client and Amazon CloudFront to be in flight at the same time over a single connection, instead of multiple connections, which improves page load times. ·          Header compression reduces the overhead bytes downloaded by the client, helping get the content to the viewer sooner. This is especially useful for mobile clients that are already constrained on bandwidth. ·          Stream priority , allows for quicker page rendering by enabling the client to control the order in which web assets are delivered, thereby optimizing user experience. HTTP/2 is enabled by default for all new Amazon CloudFront distributions, and for existing distributions HTTP/2 can be enabled by editing the distribution configuration. There is no additional charge for using this feature

MySQL - Get size of table

Get the Size of all tables in a database select table_name, round(((data_length + index_length) / (1024*1024)),2) as 'size in megs' from information_schema.tables where table_schema = 'the_name_of_my_db'; Get the Size of a specific table in a database select table_name, round(((data_length + index_length) / (1024*1024)),2) as 'size in megs' from information_schema.tables where table_schema = 'the_name_of_my_db' AND table_name = 'the_name_of_my_table'; The name "table_schema" is a bit misleading, in fact  you have to specify the database name . REFERENCES:

Vulnerability Scanning - authenticated scan vs unauthenticated

Imagine you have the choice between opening a box and looking inside, or shaking and prodding it from the outside to guess what it may contain. Imagine further, that if you are unable to successfully guess the contents of the box, something bad may happen, something damning, damaging or dangerous. Which of the two choices would you decide to take? Unauthenticated testing alone will not fully simulate targeted attacks on your application or system. Although unauthenticated scans will show weaknesses in your perimeter, it will not show you what the attacker will exploit once breaching your perimeter: weaknesses within your network. Authenticated scans allow vulnerability scanners to use privileged credentials to dig deeper into a network and detect threats around weak passwords, malware, installed applications, and configuration issues. They are able to simulate what a user of the system can actually do. By finding and fixing internal security holes, you can prevent an attack

Profitable SaaS Ideas

The way to get profitable startup idea is not to try to think of startup ideas (including SaaS development). It's to look for problems, preferably problems you have yourself .   In fact, for many entrepreneurs, successful business ideas start out as solutions designed to address a challenge they face personally. Solving the problem that frustrates you may be one of the best ways of finding an idea for your startup. Look at these software developers who turned their problem into success. REFERENCE : TOP SOFTWARE DEVELOPERS SHARED HOW THEY CAME UP WITH PROFITABLE SAAS IDEAS ,

Install fortune & cowsay to give some life to your terminal

I have tested on Centos 7 yum install cowsay.noarch yum install fortune-mod.x86_64 [root@localhost ~]# vim .bash_profile Add the following line fortune | cowsay Let's try it. [vicky@localhost ~]$ su - Password: Last login: Fri Aug  3 18:21:46 MUT 2018 on pts/2  ____________________________________ / Be consistent.                     \ |                                    | \ -- Larry Wall in the perl man page /  ------------------------------------         \   ^__^          \  (oo)\_______             (__)\       )\/\                 ||----w |                 ||     || [root@localhost ~]#

You can't add both CNAME and TXT to the same subdomain

I was a bit surprised to learn about this while processing the request of a customer. Here is the reason why "If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. This rule also insures that a cached CNAME can be used without checking with an authoritative server for other RR types." REFERENCES

Deploy your own mail hosting with Mail-in-a-Box

Mail-in-a-Box lets you become your own mail service provider in a few easy steps. It’s sort of like making your own gmail, but one you control from top to bottom. Technically, Mail-in-a-Box turns a fresh cloud computer into a working mail server. But you don’t need to be a technology expert to set it up. The box also includes: automatic DNS configuration,  spam filtering, greylisting ,  backups to Amazon S3,  static website hosting,  and free TLS (SSL) certificates from  Let’s Encrypt . Your box can host mail for multiple users and multiple domain names. It implements modern mail protocols ( SPF ,  DKIM , and  DMARC ) and the latest security best practices, including  opportunistic TLS , strong ciphers, and  HSTS . When enabled,  DNSSEC  (with  DANE TLSA ) provides a higher level of protection against active attacks. Exchange ActiveSync is also available as a beta feature. It has web based interface for administration and features RoundCube webmail as client. Rea

What is SELinux

SELinux is a security enhancement to Linux which allows users and administrators more control over access control. Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications. SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specifby access to many resources other than files as well, such as network resources and interprocess communication (IPC). Reference :

LINUX - How do I change swap partition

On the fly: sudo swapoff /dev/hda3 sudo mkswap /dev/hda4 sudo swapon /dev/hda4 For bootime :  after you have run the mkswap, edit the /etc/fstab file and the change the /dev/hda3 line accordingly. SOURCE :

Side-channel attack

In  computer security , a  side-channel attack  is any attack based on information gained from the  implementation  of a computer system, rather than weaknesses in the implemented algorithm itself (e.g.  cryptanalysis  and  software bugs ). Timing information, power consumption,  electromagnetic  leaks or even  sound  can provide an extra source of information, which can be exploited. An attempt to decode  RSA  ... Key bits using  power analysis . The left peak represents the CPU power variations during the step of the  algorithm without multiplication, the right (broader) peak – step with multiplication, allowing an attacker to read bits 0, 1. Side-channel attack. (2018, April 27). Retrieved from

Public Key Certificates

A public key certificate provides a safe way for an entity to pass on its public key to be used in asymmetric cryptography. The public key certificate avoids the following situation: if Charlie creates his own public key and private key, he can claim that he is Alice and send his public key to Bob. Bob will be able to communicate with Charlie, but Bob will think that he is sending his data to Alice. A public key certificate can be thought of as the digital equivalent of a passport. It is issued by a trusted organization and provides identification for the bearer. A trusted organization that issues public key certificates is known as a certificate authority (CA). The CA can be likened to a notary public. To obtain a certificate from a CA, one must provide proof of identity. When the CA is confident that the applicant represents the organization it says it represents, the CA signs the certificate attesting to the validity of the information contained within the certificate. A public

Raid 5, Raid 1+0 & Raid 0+1

RAID 5 The minimum number of disks in a RAID 5 set is three (two for data and one for parity).  The maximum number of drives in a RAID 5 set is in theory unlimited, although your storage array is likely to have built-in limits.  However, RAID 5 only protects against a single drive failure . Cited From : RAID 0+1  vs  RAID 1+0 Got a bit of difficulty of understanding and interpreting this ? Start with the last number it will be easier RAID 0+1  : Mirror of Stripes (Raid 0) RAID 0+1 means arrays implemented as RAID 1, whose elements are RAID 0 arrays. RAID 1+0  : Stripes of Mirrors (Raid 1) A RAID 1+0 array is implemented as RAID 0, whose elements are RAID 1 You can read more on this here :

General Data Protection Regulation (GDPR) requirements, deadlines and facts

Following article cited from website What is the GDPR? GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. The GDPR also regulates the exportation of personal data outside the EU. And non-compliance could cost companies dearly. Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply. The GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but