by Jason Ritzke, Senior Technical Consultant at Taos When architecting secure infrastructure a natural place to begin is a common standard set, such as those provided in a DISA STIG or CIS guideline. However, while industry standard compliance documents can often be a provocative starting point for thinking about your infrastructure requirements, they are no […]
By Jeff Lucchesi DevOps started out as a necessity for development and IT Operations to collaborate on rapid deployment and better efficiency in operating and supporting the product. With products in the high tech world changing rapidly, keeping up with the engineering organizations has proven to be a challenge for CIOs. In the last few months, […]
by Mark McCullough, Senior Technical Consultant at Taos User Account Management (UAM) is a hard problem. Many people have tried to simplify this problem down to “Just use AD”, but that isn’t a one-size solution, nor does it address most of the issues of UAM. To have an effective UAM framework requires cooperation from multiple […]
October is Cyber Security Awareness month, and got off to an exciting start with major new security breaches at Experian, Scottrade, and Trump Hotels. Many of us in the IT world deal with security on a daily basis, but others in our communities may not have the same expertise. Take the opportunity this month to reach out and help educate the non-IT communities.
by Jess Males | Technical Consultant at Taos I had the opportunity, recently, to attend AutomaCon, an exciting new conference dedicated to all things automation. It was three days of sharing and discussion around systems automation. Attending, one question that floated in the back of my mind was: what is DevOps? I don’t subscribe to […]
First, a review of simple TCP SSH tunnels:
Many of us are quite familiar with the setup of SSH tunnels using the “-L” and “-R” options to do TCP port-forwarding — to access a web server behind a NAT and/or firewall, to connect to a MySQL or Oracle database that isn’t directly reachable, or to make a desktop workstation at the office reachable via SSH through a bastion host which is SSH-reachable. Here are some examples of SSH commands that probably look quite familiar:
When first starting out at a company and building the infrastructure out from the ground up, you’re inevitably going to need to start the install process for the first systems in an inefficient manner. The first few systems will always end up being launched from ISOs, be it by way of CD, DVD, or USB, until you advance your technology and automation stack to the next level. When your initial bottleneck is one person with one piece of physical media (CD, DVD, USB) at one server, you’re in a situation that doesn’t scale very well. The more ideal target area for scalability is one where a single person can spawn multiple new systems and manage multiple systems simultaneously.
Breaker breaker, are you required to have a “special” character in your password? Thank the UNIX password system of the 1970s, also the time of the CB radio craze in the BC (Before Cellphones) epoch.
The Web as we know it today started primarily on UNIX computers, and in the earliest days, web site accounts often were actual UNIX accounts. Shortcomings of the original UNIX password system included:
Entering the security field after having built my career in technical operations, I’ve most often been on the “receiving end” of security policies. It’s frustrating to think that I’ve completed a project, only to have security issues kick it back into the queue. It’s equally frustrating for a security professional to be asked to approve a completed project, only to find that security policy wasn’t followed. Our own government’s Office of Personnel Management was breached in 2015, and the FBI reported as many as 18 million records were compromised in attacks going back to June 2014. LifeLock, a company providing identity theft protection, was found by the FTC to have failed to uphold minimum security standards handling their clients’ personal data.
By Mike Julian, Senior Technical Consultant at Taos I have led or assisted in many monitoring projects over the years—too many to count. I’ve managed more than my fair share as a full-time system administrator. After a while, I’ve found myself giving the same advice to any one who asks, so it seems only fitting to […]