Implementing a Custom AWS CloudWatch Dashboard

CloudWatch is an Amazon Web Services (AWS) service that automatically collects a wide range of performance and health data about your AWS resources. This data is available through an API, and also can be viewed as graphs on the AWS console. However the graphs are located on the separate console pages for each type of resource (e.g. EC2, RDS, load balancer, etc). The dispersed locations make it impossible to have a single dashboard view of multiple AWS resources. Continue reading

4 Common Mistakes IT Directors and Managers Make…Over and Over Again

The internet has brought us incredible changes in the way we use technology. The acceleration of new products and services to market seem to be happening at light speed. Yet the one area which hasn’t changed much are the mistakes IT Managers and Directors make in running their operation. The mistakes I saw from staff as a CIO are the same ones I see when I visit clients thru my role at Taos. So this note today deals with what I see are the 4 most common mistakes made by Directors and Managers today .Continue reading

Best Practices Rules and Baselines for Windows Server 2012 AD Certificate Authority

Authority information access (AIA) locations must be included in the extensions of issued certificates

Issue: This certification authority (CA) is not configured to include authority information access locations in the extensions of issued certificates. The authority information access extension provides the network location of the issuing CA’s certificate.

Impact: Clients may not be able to locate the issuing CA’s certificate to build a certificate chain, and certificate validation may fail. Certificate validation is critical to a correctly functioning PKI. A certification path that leads to a trusted root certificate is a requirement for a valid certificate. To build a certification path, the issuing CA’s certificate is retrieved by CryptoAPI, which reads the authority information access extension of issued certificates to identify the network location of the CA’s certificate. If the extension does not include the location of the CA certificate, then certificate validation cannot be completed and applications that require the certificate might fail.Continue reading

DNSSEC – Helping Secure the Internet

The DNS (Domain Name System) is one of the most critical protocols in use on the Internet. Virtually every end user transaction involves a DNS query. Every email, text message, and web page viewed requires interaction with a DNS server. With such a critical service, it’s no surprise that it has increasingly become the target of attack since its inception in 1983. There are multiple ways the DNS can be attacked. The current implementations of DNS are inherently insecure and prone to attack using various methods including cache poisoning, man-in-the-middle attacks, DDoS (Distributed Denial of Service) Amplification attacks, or simply just hijacking[1] the registrar and changing the authoritative DNS servers to the choice of the attacker, among others. Continue reading

Choose Security Partners Carefully

Over the past decade most companies have come to accept ongoing security evaluations as a cost of doing business. Companies take pride in the careful evaluation of vendor products and processes done to limit risk. However, the last two months of revelations have shown us that this straightforward approach is no longer enough.

Revelations in 2012 that Google, Microsoft, and other cloud business vendors were providing customer data to the U.S. government’s PRISM program without a warrant1 woke many up to the risks inherent in cloud storage. However, the last few months haven’t been easy reading for companies who avoid cloud storage either.Continue reading

Server Boot Speed | Why doesn’t my server boot as fast as my iPad?

Why doesn’t my server boot as fast as my iPad? I like my iPad-mini not just because I can take it anywhere, but because I don’t have to wait very long for it to boot. A simple test revealed that my iPad-mini boots in about 30 seconds. If the iPad is in a sleep state, which is essentially a power-save mode, then in one press of the button it’s awake and ready for use. Most servers also have a sleep mode, aka power save mode, but it’s usually disabled, as it’s been known to cause problems in production environments. In general, a server needs to be readily available 100% of the time.Continue reading

Why Most IT Organizations Aren’t Structured Correctly for Their New Role In the Business

For years, IT leaders have been driving to be more relevant to the business. Usually relegated to back office support and tucked under the domain of the CFO, breaking thru this value perception has been difficult.

Well, times are changing rapidly and as the leader of IT, you are getting what you have been asking for. The question is, “are you ready?”

This is the new age of computing where infrastructure is more tightly coupled with the revenue side of the business. Software as a service companies (SaaS) or companies moving their business model to SaaS are commonplace. Infrastructure as a Service (IaaS) companies are also sprouting up and growing quickly. Your organization is now under the microscope because you are either part of the product or ARE the product and how you manage has a direct impact on product margin.Continue reading

Powershell – What is it good for?

A whole lot, that’s what!

First, let us take a look at the name. Normally, I would say “What’s in a name?” but Powershell’s name actually holds some meaning. The first word, ‘Power,’ adequately describes the language, which is quite powerful. It was clearly designed from the ground-up to be a purebred full-throttle administration tool. And ‘Shell’ simply means it is a command-line user interface. Think of Powershell as a powerful command-line administration interface, and you know why they call it that.”Continue reading

Github Pull Requests: A Somewhat Sane Workflow

Corey Quinn | Senior Technical Consultant at Taos

Corey Quinn | Senior Technical Consultant at Taos

Earlier last week, the fine folks from SaltStack conducted an on-site training for us at Taos. For those who are unaware, Salt is a remote execution / configuration management system written in Python, and a project to which I’ve been a contributor for several years.

As often happens during such trainings, someone asked a question about how to achieve a certain goal. The answer was “that’s a good idea; we can’t do it yet, but patches are welcome!”Continue reading