Skip to main content

Posts

Showing posts from 2018

#LearnedIT: IT Security Foundations - Protecting Our Server

Hi again, same course, different submenu.

Let's play a game -  Based Upon the Menu, How Much Do I Remember? I did take Sever 2008/12 during my time in college and found it one of the more fun aspects!

Hardening the Server -
Put it behind a correctly-configured firewall if it's facing the internet. Correctly configured means the proper rules are established regarding access (think 'allow tcp any any') , and ports on the server should be closed if they're not being used unless, again, it's properly configured. Use ACLs to allow one computer located in an area you know is safe and has limited web access to configure the server. 

Run auditing, and don't give any one person more permissions than they need. Principal of least privilege! 

Train your users.

Lisa Bock, our author,  doesn't get as deep as I do, but helpfully reminds us that the physical server should be in a secure, monitored environment to ward off intruders and also overly cool or hot (or humid) …

Packages With JSON

Default name is name of folder you’re in (Node)
- enter
Version #
Description: What is the project about? It’s a tutorial, so let’s name it such.

GitHub link.

Javascript and Servers

A bigger step from My Phone, The File Server.

GitHub link - Open Servfile.js

Out of habit, I typed https in the opening const areas in several places. It doesn’t seem to have had ill effects, though you can see that the connection is not secure;




Welcome to Javascript

Node.js is an open source environment for Javascript.

And now that I've concluded the basics with Python, let's keep the ball rolling. I find that, even though Javascript looks a lot more complicated, I gel with it a bit easier, and I'm not sure why.

This is around the first 35 minutes of this tutorial here. I'm going to work through this and find some other resources. I've already found said resources and they look a little different in the code department than this, but it's mostly the same.

We make three things here;



Introduce ourselvesMake a small gameEstablish classes and events

Webinars and Where To Find Them

If you can’t easily reach an in-person seminar, there’s always the online option - but where do you find them?

Let me share with you how I've come across avenues that have increased my knowledge.




Cloud Fax (Yes, Faxing) Ft. Esker

Yeah, Fax is still a thing! And now it’s up there! *Makes a vague pointing motion to the sky*

This seminar is brought to us by Esker, and it was pretty informative! I didn't note everything. There are maintenance fees, security risks

Cloud has:
Tech support with no maintenance fees.
No ink or toner or troubleshooting - and there is a pay per use pricing mode.

You can send Cloud Faxes

- By email attachment (SMTP to fax)
- The cover page is the subject.
- “print” via virtual printer that takes you to a splash page on sending your fax.

Book: Click Here to Kill Everybody by Bruce Schenier

"There is a fundamental difference between crashing your computer and losing your spreadsheet data, and crashing your pacemaker and losing your life," 
Blog Post

If you follow me across the web, you know I deeply distrust the Internet of Things. In making things easier for the non-techie, having simple or non existent security options makes them - and everyone else - more at risk for cybercrime.

I finished my Security+ book and read Click Here to Kill Everybody.


Seminar: Cisco Live 2018: Best Case Security For Worst Case Scenarios

Machine learning! Metadata! Phone calls!

Secure My Business (With Cisco Umbrella)

☂️ ☂ What is Cisco Umbrella?

Cisco Umbrella is the solution. 
But of course!

As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

"How Retailers Are Taking Your Money This Holiday" ft. Visa

The title is a bit hyperbolic, but let's be honest with ourselves, when a retailer takes a payment with a Visa machine, they get paid, and they certainly get money if you use a Visa credit card.

It's a business.

So, let's see how they're taking your money this holiday season under the guise of a 'better experience'!Ho ho ho!

1. Stop Standing In Line, Start Leaving Today

From autonomous buying to virtual cuts, the time of lines is almost at an end if Visa has their way. Instead of a clunky POS system at a register, you can possibly interact with the customer from a mobile POS system with a decent and modern operating system (Like Square).


Today's Seminar: Practical Network Troubleshooting with Wireshark and other Network Monitoring Tools

COMPTIA offers many continuing education (CE) credits via seminars (and other things; Check it out here) so you can renew your certifications without paying 400$ again.

Pretty nice for something that employers aren't impressed by, right?

And they're fun to watch!

This one was Practical Network Troubleshooting with Wireshark and other Network Monitoring Tools. Unfortunately, I don't remember the gentleman's name who gave the presentation.

Said presentation is how I learned about EtherApe, a program we used to monitor traffic (Vaguely) a few days ago.

Others mentioned include;


REST with SDN

I came across a nifty site - Cisco DevNet, helping developers learn how to work with Software-Defined Networking, and I wanted to jump in feet first.

Luckily, the idea is to program in Python.


How it Works: Ralph Breaks the Internet

Disney's Ralph Breaks The Internet, the 57th entry into the Disney Animated Canon, was released on Wednesday, November 21st, 2018.

I saw it - Loved it more than the original, wanted to watch it with the mind of a Network Admin  instead of turning my brain off all the way.

While more technically sound than I expected, there are a few picks here and there.

Network Monitoring with EtherApe

Happy American Holiday Week! This is a very short post.


This new VM is from the Parrot Project.


Snazzy.

Cryptography in Children's Books: Gregor And the Code of Claw by Suzanne Collins

While rereading this book series - the first time was about six or seven years ago - I was struck at a rather cryptographic code in the final book and wanted to share it with you.



The Gregor the Overlander series is written by Suzanne Collins - The same woman who wrote The Hunger Games. I think this would make an excellent movie series.

Spoilers for a children's book that's eleven years old based off of the Holocaust and World War II featuring humans fighting talking rats, moles, ants, and many other natural anomalies.

Spot Hop + The High Sierra Network Utilities

With OnStar, you have the capability to have internet service! Unlimited for 20$, it's how I've been doing business since this disaster for awhile.


Here are some stats from the middle of the wreckage town using OnStar;


[Article] You Can’t Spell IoT Without IT: Three Considerations For CIOs As Their Companies Embark On IoT Projects By Subbu Iyer

Otherwise, it's just 'of'.

Article here.

Read the responses in depth at the source, I wanted to talk about;

Legacy WANs weren’t designed for IoT

Yep. Tell a hub that a laptop from 2017 is going to connect to it.

First, why do you have a hub in a working environment?

You've taken baselines - Can your network handle the variety of traffic that might arrive?

Your WAN is going to have to do some serious upgrading depending on what you plan to do.


What kind of new end-user devices are you looking to use?What do they do?Let's see your baseline for traffic and compare it with activity these devices have done on another network during a non-peak hour. You need to plan and be prepared to adjust for unwanted activity,

Where Do I Want To Go?

The many, many people offering advice all normally say the same thing;

Where do you want to go? Anywhere but here.
What companies or industries do you want to work for? Those listed in this post.
What do you want to do with your skills? Can you believe it, they are also listed in this post!

I just thought about talking about it. I'm not here to make 100k a year, that comes with too much responsibility, and my mental well-being is not worth sacrificing for your profit.

Simply put, here are three industries I would like to work in.

[Article] Want to Develop Apps for an Electric Car? Good Luck by Nate Swanner

Did I tell you I saw a Tesla store in person?

Sure did! At St. John's Town Center in Jacksonville, FL. Right by the Apple Store, ironically enough. Across the tiny avenue from the Disney Store and Nordstroms.

They just had one car and a bunch of employees.

Anyway, the article: Here.

API, or Application Programming Interface, is a set of routines, protocols, and tools for building software and applications - and that extends to the GUI in vehicles as well.


(Signal) Boost This Post (Ft. T-Mobile Again)

Yep, this happened. Refer back to Towers of Power Ft. T-Mobile. To recap: This is the fruits of my father’s effort, and the fruits of mine were getting our signals refreshed to the tower and reestablishing connectivity. That's part of the reason I'm even posting this, because there's no cost to actually use our T-Mo hotspot on our phones. It's pretty fast!
I'm not a shill, I swear.
This is a 4G LTE signal booster. There are two pieces - a Window Unit, and a Coverage Unit.
It comes with a few instruction booklets. I notice once says “You must register your device with your wireless provider and have your provider’s consent.”
Well, they sent it to me. I hope they know I have it. My first thought was actually “I haven’t had Xfinity for three weeks, how am I supposed to do that?” Before I remember context clues.

Towers of Power ( ft. T-MOBILE)

So, Hurricane Michael happened. Wiped out a lot of infrastructure - Xfinity is totally wiped out.

Most importantly, it reaffirmed how I really want to get somewhere else ASAP.

But we're going to poke around T-Mobile's network settings. Service was fairly restored around three days after the storm, and worked nicely until Thursday the 25th. While we had service, we were stuck on "emergency calls only" .

Why? I don't know. The first rep my father talked to wasn't quite aware of what was happening, but sent us a signal booster, so yay for more things to learn.

We could get the signal. We just didn't know why our phones - Two Samsungs and a LG - were no longer friends with the nearby tower.

So I took things into my own hands - With everything else happening, he was content to take their word for it, but I know abnormal behavior when I see it - and talked through direct message on Twitter to the company .

 Also, I'm not here to bad-mouth the carrier. They&…

How To Buy A Car

Wasn't able to get around to setting up my grandmother's Alexa (Why on earth do people buy those) - but want to save money on a car?

Regular posting should resume pretty quickly.

The Late Capitalism of Fast Food Twitter

(Only a video, dealing with Hurricane Michael aftermath. Talk to me on LinkedIn)

WiFi Overview 360

This is a screenshot of some local WiFi networks (17 in total - Somehow Direct TV is its own antenna with connectivity), courtesy of WiFi Overview 360 (No promo).

Routerworld

As I poke around my home office, I find two wireless routers. Technically they should be a combo switch/router, or a L3 Switch, but they're here.

Well, one is the combo device, one is a flat out wireless router that would connect to an ISPs router to give us access to the internet.

So I hooked one up to my PC (My Laptop doesn't have Ethernet ports) so I could poke around again with my old-found (as opposed to new-found) IT knowledge.

Welcome to Routerworld.


We own the equipment even though we don't have AT&T's internet anymore.

The Root of All Evil (To Samsung)

Warning - Rooting a phone makes it even more vulnerable to malware and attacks. Be mindful.

That being said, let's make our phone even more vulnerable to malware and attacks, shall we.

California enacts strongest net neutrality protections in the country [L.A Times]

...and the current administration doesn't like that.

California is one of more than 25 states to consider net neutrality protections since the FCC voted late last year to reverse the Obama-era internet regulations. FCC Chairman Ajit Pai, who was appointed by President Trump, and Republicans have called for an end to the utility-like oversight of internet service providers.
This has a very "Oh, we don't want everyone to have the possibility to access everything...might make the populace too educated." vibe to it, considering removing Net Neutrality would have ISPs throttling or boosting speed based on their own whims - or how much Netflix or Facebook are willing to pay.

As someone very interested in turning broadband internet into a utility...bah.  Make it like health care in developed countries - Basic for everyone, but if you want something better, you can pay for it.


My Phone, the Would-Be Wifi Extender

This is my Galaxy S5;



For the curious, the wallpaper is Splatoon 2 Promo Art.

Today, we are going to try using this as a Wifi Extender.


My Phone, The File Server

I'm cleaning out my room.

There's so much stuff that could make other people happier than it makes me. If anyone is interested in a variety of things, from fancy knapsacks to Tsum Tsums to dolls, let me know.
But that's not why we're here - We're here because I found my old Moto X phone. I'm not sure why I stopped using it, but I know I replaced it with the Galaxy S5 in 2014, and eventually my mother's hand-me-down LG Stylo until I dropped it and shattered the screen.



And receiving my own LG Stylo 2 this February. If I knew I still had my Moto, I wouldn't have paid money for an upgrade (Assuming it still works on T-Mobile's networks. It should).
So I found the article - What To Do With an Old Smartphone- And besides some usual suggestions - one stood out.
Make Your Phone into a File Server.
 I picked the app FTP Server - It opens the appropriate ports on the phone and grants file access. Of course, you could probably do it a different way without the…

Server 2016: Networking Your Virtual Machine (Text)

We're going to get started with how the VM interacts with the host in various forms.

Today's Glossary Guarded Fabric protect a VM from a compromised host. Nesting is a Hyper-V inside of a Hyper-V Virtual Machine TPM (Trusted Platform Module) Chip stores authentication artifacts (See Secure Boot and UEFI)
Secure Boot stops authorized code from running (See UEFI)
UEFI (Finally) - Unified Extensible Firmware (S2016 uses 2.3.1 Errata C) - digitally signed and validated bootloader


bootmgfw.efi

Server 2016: Your Network And You

In the Network Connections wndow, if you hit ALT, you open up some old school menus.
Hit Advanced, then Advanced Settings to see ao see a list of providers. Would you like your network to be more prominently used, or the Remote Desktop option?


(This used to show prioritizing protocols, obsolete now, removed in 2012 edition)

You can also check the priority of Network Settings in the command line (CMD), with netstat -rn.




It's An Ubuntu Server! To The Cloud

We haven't forgotten about you, Ubuntu.

I need some help with this one, folks;

Sync with client apps and generate and share links.

LAMP stack (Linux, Apache, MySQL, and PHP), configure a database manually.

Cool, but how about we just use the snap packaging system.


Server 2016: Multi Interfaces Per NIC (Short); Docker For Windows Server (Longer)

Adding more than one IP address to an interface, just incase said interface is being woefully underused. This is a good way to use avaliable resources.

The primary interface is Ethernet, with an Index of 2.




There's no need to set the gateway, as these are all in the same subnet. There's also no Windows-Imposed limit. Your only limit is your imagination (and hardware).

Although I can add IP addresses, they want me to set up the Server properly before I can finangle with NIC teaming.



There are two starter users; Rosanta Galamad and Juke Morrow. The latter is an Administrator. The folder added is a gussied-up test folder.

Meanwhile, I pop ahead in the textbook (MSCA 70-740 Cert Guide) to see - A Docker chapter! We can do that! (If we get the internet working properly in the server - What happened?)

But we can install it on our host machine. Why not?

Server 2016: Oddly Miscellaneous Setup Activity

Following this LinkedIn Learning Video (And a book) - Welcome!

Had to adjust the Memory, even though the recommended is 12GB, I could only manage about … 3. We’ll see what happens.

Consider Server Tools if you attach another computer in the same domain name (For Win. 10)

We set up, check some things - IP addresses, how the adapter works. Be mindful of your timezones. This was set to Pacific Time, when I’m in Central.

We don’t want our Server to get an IP Address from DNS - It’s a resource, not a client.




The author’s IP information is different from mine, they’ve received theirs from somewhere else, I simply ran ipconfig in the Command Line.

(Just in case we should reference, theirs is in the Initial Configuration video). Now, his DNS server (preferred) is in the same subnet as the ip address of his machine.


Learn Docker in 12 Minutes ��

Server 2016: Permissions (Text)

Permissions are not local, but based upon network access.
Basic: Read, Read/Write
Advance: Full Control, Change, Read

NTFS
Full Control
Modify
Read & Execute
Read
Write

Traverse/Execute
List/Read Attributes
Create Files/Write Data
Append Data
Write Attributes (Extended)
Delete
     ↪ Subfolders
     ↪ Files
Read/Change Permissions.

Now; Permissions in Pictures;

AWS Pricing

The Price Is….
Varied. How it works is more important than how it’s priced at this point, so this will be brief(er).
E2 and RDS have Reserved Capacity, save up to 75% over the equivalent of on-demand capacity.
Instances are;

It's An Ubuntu Server!: But You Can't Visit

We didn’t stop the Ubuntu party! Let’s block domains!

I had to check to remind myself that yes, we do have dnsmasq installed.


Kubernetes: A Rolling Deployment...

This is the last module of our beginner’s tutorial! My how time flies.
So, what’s the last piece of knowledge?
Rolling updates that allow Deployments updates to take place with no downtime.
How?

AWS: The Video Star

Or; How to Stream Video within Network Confines (And prevent piracy).



How it’s Delivered Content ————> Consumer Compression happens.Packaging happens based upon protocols.How does it adapt to the variation in network speeds?

Docker: With Networking

Now we're going to start an nginx container that's bound to port 80.

Building Small Containers (Kubernetes Best Practices)

Exactly what it says on the tin.

Docker: The Whale's Unstuck

So I did want to post that other Docker blog post, and it sat in my drafts for a week, but now I'm happy to show that yes, I did get Docker installed on Xenial;


It's the 'get' part of install that seems to be out of fashion these days.


So, let's get this tutorial on the road, finally.


Docker: The Whale's Stuck

Docker 1.2 - Words Mean Things
Images - The blueprints, make up the basis of containers. [docker pull to get Busybox] Containers - Made from images to run the application [docker run of Busybox image] Daemon - Background service managing running, building, distributing docker containers Client - The Command Line that talks to the daemon, though it can be a GUI. I prefer cmd line. Hub - Registry - Directory - of images.
2.0 - How to Run A Static Website
Pull image from HubRun ContainerSee how to run a webserver Well, mission (sort of) accomplished!

New Google Kubernetes Marketplace: A Look at the Partnered Vendors

An article by Tyler Stearns on Solutions Review.

Read it at the source, the gist is -


Google Cloud Launcher is now Google Cloud Platform Marketplace.Container based applications like Kubernetes.The New Marketplace has easily deployable apps.Security partners Aqua, DivvyCloud, and CyberArk approach Kubernetes security differently. There's more things about Databases, Storage, and Machine Learning at the article, so go read it.

Why Microsoft Can't Design a Consistent Windows

In the end, Windows 10 is still very reductive and looks like a child's toy. The only understandable aspect is people using legacy programs and 10 having to be on a HUGE variety of devices.

Kubernetes: Scale Every Application

SCALING: Changing the number of replicas in a Deployment.
The Deployment only created one Pod to run our application, and that just won't do. We need more when traffic increases.

When you scale, you make sure new Pods are created and scheduled to Nodes who have the resources.

Scaling in will "reduce the number of Pods to the new desired state".

"Can we do this automatically?" Yes! But not now.

Running multiple application instances require a way to distribute traffic to them all. There is an integrated load-balancers with Services to do so, and they will continuously monitor the running Pods with endpoints, ensuring the traffic is sent only to available Pods.


Docker: A Whale of A Time

Docker is another container service like Kubernetes. There are probably more prominent differences, but for now, I see that there is a whale.

Though we installed it through the GUI on Mac, we still use it through the good old command line / terminal.


We generated that with docker run hello-world, and while at first it gave me an error, it soon found the image from the hub, put the image into a container, and put it onto the bash. Technology is amazing.

Here's the tutorial! Let's look at 1.0 - 1.1

The Twelve Factor App

This is more relevant to the Developers out there, but our service-oriented mindset works too. Since we've finished our Kubernetes tutorial on the main site, Udacity also had one with videos.

By the way, did you know that Google has a Cloud Platform and Shell?

Here are Adam Wiggins' Twelve Factors.

WebTV Launch 1996

I mention this on occasion but this is the first video in a long time that actually describes this weird little getup I had as a kid. I miss the aesthetic.

Kubernetes: Are You Being Serviced?

In Pokemon, but one of them was Paras, a little bug with two little mushrooms on its back.

It evolved into Parasect, which was the shell of the body controlled by the parasite mushrooms.

I was trying to make an allegory with today’s subject matter but it doesn’t quite fit.

 If a Worker Node dies, the Pods running on it die too.

A Replication Controller ensures that a specific number of pod replicas are always up and running by creating new pods in an instance like this.

Remember that each Pod in a Cluster has a unique IP, even those on the same Node, so how do pods let everyone else know about the changes so everything keeps working.


VIDEO: Alden Interviews Havas Edge Founder & CEO Steve Netzley

Time to switch things up yet again; Here's an hour-long (nearly) interview with the CEO and founder of HAVAS EDGE, talking about expanding the advertising reach, how television isn't dying, and going "I know what that is!" When you see an advertisement in DraftKings.



AWS Web Hosting

These bits aren't as fun without hands-on work, but what can you do.

AWS: Web Hosting

When your system is slow in the morning but peaks at night, redistribute the resources and adjust capacity to the evening to save money.

AWS can respond in real time when unexpected traffic spikes happen by launching new hosts and can be scaled down afterward.

You can also provision testing fleets to stage enviroments quickly.

It’s all about the quickness.

Unless you’re simulating usertraffic.

Remember -

* Your network hardware is all virtual now. Nothing on your physical equipment. Wow, hope I get to experience that soon.
* Hosts should be ephemeral and dynamic.

#LearnedIT: IT Security Foundations: Protecting Our Email

Specifically, the Understanding Email Protection submenu. Here is the link to the course in full.

Kubernetes and Ubuntu stuff is still happening, but I keep you on your toes here.

Did you expect that?
A lot of this is review so I'll note the parts we should know.

Kubernetes: Node Time Like Show Time

The title was initially 'Bring Back the Node', but I didn't think people would get the reference. Applause if you did!




Making a deployment in the previous post made a POD for our application to be hosted in.

($POD_NAME variable)

Pods are an abstraction that represent 1 or more containers and shared resources for them, like Volumes, what the page describes as

‘Networking, as a unique cluster IP address’ (Sounds exciting, like a distant relative of subnetting or vlans)
 and instructions on  how to actually run the containers.


AWS Architecting

Let's not talk about how many times I had to respell Architecting.

Most Secure, High performing, resilient,  efficient

Consistent for evaluating architectures.

Quicker Build and Deploy.
Stop guessing, start automating.

Lower or Mitigate Risks
- What are they?
- Do something about it.


It's An Ubuntu Server!: What's Goin' On With It?

What's going on is that now we're downloading another program called Cockpit to monitor Saturnine-U.


Considering our server doesn't have a GUI, this will be interesting.


"That's So Sad, Kubernetes, Deploy It Anyway."

Talk about 'Things that are going to be outdated in about five minutes,".

So, while I did install Minikube onto my Mac, it brought my machine nearly to a crawl. Sticking with the in-house module for now.

Full disclaimer; I did this when I was very tired so the images may not line up in the right spots.

Hold Everything! It's time for Kubernetes Tutorial 1

(I was going to title this 'Kubernetes Khan', like Kublai Khan).

First; What is this?

I received some advice that Containers are all the rage. Containers make it possible for software on one system to work reliably upon another by shoving the environment software needs to run in a container.

It's like an ant farm - The ants still work if you move them from the forest to the beach.

We're going to learn Kubernetes, which schedules and distributes containers across clusters.


It's An Ubuntu Server!: Username Resolution with DNSmasq

I don’t actually have a domain name to use but let’s pretend!


AWS Security

Technically, part about 16, but these are the first published notes. No pictures, not fun stuff, but proof that I'm doing something.


Well, here's something funny;
 Gives training to employees (Unlike most companies who want the perfect person right out of the gate).
AWS Training
Security Compliance

- Risk and Compliance

- Compliance Approach
    - Shared responsibility
    - Services on secure and controlled platform w/ a wide array of security features
The Customer configures their IT infrastructure.


It's An Ubuntu Server! (Parts 1 - 3)

Welcome! I've taken my progress from Building an Ubuntu Server from a private Google Doc (It's not helping me there) to here, where people can read it. This is the first three parts culminated into one, we'll update ... updates separately later.
I used Linux systems quite a lot in college, and need a refresher.
We’re using 16.04.4 (Xenial Xerus), no GUI, terminal only. It’s on my Virtual Box.
So far, I've learned;