Vulnerability Scanning
Define Your Terms
A security vulnerability is a flaw or bug that could be exploited by a threat agent/threat actor. According to CrowdStrike, “A threat actor, also known as a malicious actor, is any person or organization that intentionally causes harm in the digital sphere.”
Once a bug or flaw is deemed a vulnerability, it is registered by the MITRE Corporation as a Common Vulnerability or Exposure (CVE) and stored in their CVE database. A CVE is given an identifying number by a CVE Numbering Authority (CNA), for example, Red Hat, Microsoft, and other designated authorities.
Threat levels are quantified by assigning a Common Vulnerability Scoring System (CVSS) score from 0 to 10. CVSS is a free and open standard for evaluating the level of threat to a business or organization maintained by the Forum of Incident Response and Security Teams (FIRST).
The National Institute of Standards and Technology (NIST) is a federal agency housing the National Vulnerability Database (NVD). NIST provides a CVSS calculator. The NIST NVD database synchronizes with the MITRE CVE database. Only the NVD includes CVSS scores.
The Attackers
Real live people spend a lot of time and money …
!-->security
CI/CD with Azure DevOps
Photo by Dylan Wooters, 2022.
A development process that includes manual builds, tests, and deployments can work for a small-scale project, but as your codebase and team grow, it can quickly become time-consuming and unwieldy. This can be particularly true if you’re a .NET developer. We all know the struggle of merging in the latest feature and clicking build in Visual Studio, only to have it fail, citing cryptic errors. “Maybe a clean will fix it?”
If this sounds like your current situation, it’s likely time to consider building a Continuous Integration and Continuous Deployment pipeline, commonly known as “CI/CD”. A good CI/CD pipeline will help you automate the painful areas of building, testing, and deploying your code, as well as help to enforce best practices like pull requests and build verification.
There are many great options to choose from when selecting a CI/CD tool. There are self-hosted options like Jenkins and TeamCity. There are also providers like GitHub and Azure DevOps, which offer CI/CD alongside cloud-hosted source control. All of these options have pros and cons, but if you’re looking for a large feature set, flexibility, and in particular good support for …
dotnet devops cloud
Kansas State University: One Year with VisionPort
It has been almost a year since Kansas State University brought the VisionPort platform into their Hale library. I recently had the pleasure of connecting with Jeff Sheldon, Associate Director of the Sunderland Foundation Innovation Lab, to discuss how the school has been using the platform.
It’s no surprise to hear that the Architecture, Planning and Design (AP) students have taken to VisionPort immediately. Being originally designed around displaying geographic information system (GIS) data, the platform allows users to fly over and through city streets and see buildings in 3D, as well as travel around the world looking for areas of possible real estate development. Many of our clients also use VisionPort to give panoramic, three-dimensional tours of building interiors, to show future tenants properties right from their office and brainstorm design possibilities.
In addition to the AP Design students, VisionPort has found itself being used to immerse students in their education with an incredible National Geographic presentation that features 360° videos including swimming with sharks and getting up close to sea lions and elephants in their natural habitats, as well as …
visionport education
Ansible tutorial with AWS EC2
Photo by David Buchi
Ansible is a tool to manage multiple remote systems from a single command center. In Ansible, the single command center is known as the control node and the remote systems to be managed are known as managed nodes. The following describes the 2 nodes:
-
Control node:
- The command center where Ansible is installed.
- Supported systems are Unix and Unix-like (Linux, BSD, macOS).
- Python and sshd are required.
- Remote systems to be managed are listed in a YAML or INI file called an inventory.
- Tasks to be executed are defined in a YAML file called a playbook.
-
Managed node:
- The remote systems to be managed.
- Supported systems are Unix/Unix-like, Windows, and Appliances (eg: Cisco, NetApp).
- Python and sshd are required for Unix/Unix-like.
- PowerShell and WinRM are required for Windows.
In this tutorial we will use Ansible to manage multiple EC2 instances. For simplicity, we are going to provision EC2 instances in the AWS web console. Then we will configure one EC2 as the control node that will be managing multiple EC2 instances as managed nodes.
Prerequisites
For this tutorial we will need the following from AWS:
- An active AWS account.
- EC2 instances with Amazon …
ansible aws linux sysadmin
Implementing Backend Tasks in ASP.NET Core
As we’ve already established, Ruby on Rails is great. The amount and quality of tools that Rails puts at our disposal when it comes to developing web applications is truly outstanding. One aspect of web application development that Rails makes particularly easy is that of creating backend tasks.
These tasks can be anything from database maintenance, file system cleanup, overnight heavy computations, bulk email dispatch, etc. In general, functionality that is typically initiated by a sysadmin in the backend, or scheduled in a cron job, which has no GUI, but rather, is invoked via command line.
By integrating with Rake, Rails allows us to very easily write such tasks as plain old Ruby scrips. These scripts have access to all the domain logic and data that the full-fledged Rails app has access to. The cherry on top is that the command-line interface to invoke such tasks is very straightforward. It looks something like this: bin/rails fulfillment:process_new_orders
.
All this is included right out of the box for new Rails projects.
ASP.NET Core, which is also great, doesn’t support this out of the box like Rails does.
However, I think we should be able to implement our own …
!-->csharp dotnet aspdotnet
SSH Key Auth using KeeAgent with Git Bash and Windows CLI OpenSSH
In a previous blog post we showed how to configure KeePass and KeeAgent on Windows to provide SSH key agent forwarding with confirmation while using PuTTY and other PuTTY agent compatible programs. In this post we’ll expand on that by showing how to use the same key agent to provide SSH key auth when using Git Bash and the Windows command line OpenSSH.
Git Bash support
Open KeePass, click on Tools → Options, select the KeeAgent tab.
Create C:\Temp
if it does not exist.
Check the two boxes in the Cygwin/MSYS Integration section.
Directly after each box, fill in the path: C:\Temp\cygwin-ssh.socket
for the Cygwin compatible socket file, and C:\Temp\msys-ssh.socket
for the msysGit compatible socket file.
Click OK.
Open Git Bash.
Create the file ~/.bash_profile
with the contents:
test -f ~/.profile && . ~/.profile
test -f ~/.bashrc && . ~/.bashrc
Create the file ~/.bashrc
with the contents:
export SSH_AUTH_SOCK="C:\Temp\cygwin-ssh.socket"
Close and reopen Git Bash.
You should now be able to SSH with Git Bash using your loaded SSH key and a dialog box should appear to approve the use of the key.
Windows command line OpenSSH support
Open KeePass, click on Tools …
!-->windows ssh
Auburn University and VisionPort: How the World Gets Its Water
The IBT Water Project at Auburn University, headed by Associate Professor P.L. Chaney, has done outstanding work illustrating in a GIS format how cities around the world get their water. The Geoscience department has mapped how water is captured and distributed in Australia, Egypt, India, Mexico, Kazakhstan, and the western USA.
The department chose the Central Arizona Project to turn into an interactive presentation on the VisionPort platform.
Starting at the Mark Wilmer Pumping Plant, water is pumped from the Colorado River towards over a dozen plants and lifted up over 2,000 feet in elevation across a series of “stair-steps” before it reaches its final destination near Tucson, where it is then distributed across the state to where it is most needed.
This data displayed on their VisionPort, installed in a custom wood case in their library, allows students to see the entire journey in a 3D environment spanning seven 65-inch displays. The presenter can take them to each stop and explain the functions of the many plants, check gates, and turnouts along the way.
Numerous departments at Auburn University have had success turning their presentations into engaging experiences on the …
visionport gis education
Running PostgreSQL on Docker
Introduction
PostgreSQL, or Postgres, is an open-source relational database. It is officially supported on all the major operating systems: Windows, Linux, BSD, MacOS, and others.
Besides running as an executable binary in an operating system, Postgres is able to run as a containerized application on Docker! In this article we are going to walk through the Postgres implementation on Docker.
Prerequisites
- Docker or Docker Desktop. Please refer to my previous article for help with Docker installation.
- Internet access is required to pull or download the Postgres container image from the Docker Hub.
- A decent text editor, such as Vim or Notepad++, to create the configuration YAML files.
Get to know the official Postgres Image
Go to Docker Hub and search for “postgres”.
There are a lot of images for PostgreSQL at Docker Hub. If you don’t have any special requirements, it is best to select the official image. This is the image maintained by the Docker PostgreSQL Community.
The page that search result links to describes the Postgres image, how it was made and how to use it. From this page we know the image name and the required parameters. This is essential …
!-->docker postgres containers