8 min
Komand
Quick security wins in Golang (Part 1)
We all know security is hard. Let’s walk through some basic security principles
you can use to get your Golang web application up and running securely. If you
just want to see the code check out the application on Github: Golang Secure
Example Application (gosea) [http://github.com/komand/gosea].
Recently, I gave a lightning talk on using Golang middleware to implement some
basic security controls at the Boston Golang Meetup
[http://www.meetup.com/Boston-Go-lang-User-Group/]. This post will i
3 min
IT Ops
Backup Log Checks and What They Can Tell You
There is simply no substitute for a recent, accurate backup when it comes to
recovering from file or system damage or outages. But that backup must be
complete and error-free to make a full recovery possible. That’s why inspecting
log files from backups is a critical and important step in verifying their
accuracy or coverage, and a necessary check before performing a restore that
converts any backup image or files into production status.
Your backup logs
[https://logentries.com/centralize-log
4 min
Komand
A Guide to Defending Pokemon Go Gyms: Lessons from Cybersecurity
You’ve probably heard of this Pokemon Go thing. We recently featured the game in
our latest newsletter, and have since been running around like PokeManiacs
trying to catch ‘em all. While discussing our Komand group strategy (Yes, we’re
playing as a team 😅), we couldn’t help but notice parallels between Pokemon Go
and cybersecurity. In particular, we see strong correlations between gym defense
and cyberdefense.
For those that aren’t privvy, the goal of Pokemon Go is to collect and train as
many
5 min
IT Ops
Keep Your Code Clean while Logging
In my consultancy practice, one of the things that I do most frequently is help
teams write so-called “clean code.” Usually, this orients around test-driven
development (TDD) and writing code that is easily maintained via regression
tests and risk-free refactoring. Teams want to understand how to do this, and
how to do it in their production code (as opposed to in some kind of toy “let’s
build a calculator” exercise).
One of the most prominent, early sticking points that rears its head tend
9 min
Komand
Local Cybersecurity Meetups Near You
Here at Komand, we understand the importance of being part of a community
[https://komunity.komand.com]. [https://komunity.komand.com/] Not everyone can
can afford the cost or time commitment necessary to attend large conferences.
But that shouldn’t stop you from staying current, connected and active with the
security community. Think local meetups: easy access, inexpensive, and in a
relaxing environment with familiar faces.
Recently, we featured US Cybersecurity Conferences
[/2016/06/22/us-cyb
9 min
IT Ops
Self-describing Logging Using Log4J
UPDATE POSTED 12.12.21: If you are using Log4j, please be aware that on December
10, 2021, Apache released
[https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.15.0]
version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228
[https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228], a critical (CVSSv3
10) remote code execution (RCE) vulnerability affecting Apache Log4j 2.14.1 and
earlier versions. This is a critical vulnerability, and we strongly urge you t
9 min
Automation and Orchestration
The Best Strategies for a Successful Security Operations Center Explained by 4 Security Experts
The threats we all hear about today aren’t new. They also aren’t going away, but
they are evolving. Hackers have existed for many years, and so too have our
defenders. What has and is changing is the tactics used to defend against
increasingly complex threats. And it’s on our security operations centers (SOCs)
[https://www.rapid7.com/fundamentals/security-operations-center/] to batten down
the hatches and sound the alarms, but are they enabled and prepared to do so?
While we have many ideas on
4 min
IT Ops
How Audit Logs Help Confirm and Correct Security Policy
There are many possible definitions for the term “security policy,” but all of
them share certain elements in common. A security policy should lay out what
assets, both physical and digital, an organization wishes to protect. It should
explain what it means to be secure and to behave securely. In short, a security
policy identifies what assets are to be protected, what kinds of risks such
protection is meant to defeat or mitigate, and how security can be established,
measured, and monitored. A
6 min
IT Ops
Signal AND Noise The Best of All Worlds for Logging
One of the absolute, classic pieces of advice that you’ll hear when it comes to
logging is what I think of as the iconic Goldilocks logging advice. It goes
something like this.
When it comes to logging, you don’t want to miss anything important because
logging helps you understand your application’s behavior. But youalsodon’t want
to log too much. If you log too much, the log becomes useless. You want to log
just the right amount.
Sage advice, to be sure. Right?
Or, maybe, when you sto
5 min
Automation and Orchestration
AWS Series: Creating a Privoxy, Tor Instance
Synopsis:
If you want to increase your privacy or perform security research with Tor
[https://www.torproject.org/], Privoxy [http://www.privoxy.org/], etc. a virtual
server is an excellent choice. I’m using Amazon EC2 which provides a years worth
of a VM with limited resources for free. A few benefits are listed below
1. Low cost
2. Access from just about anywhere
3. Low resource allocation
4. Easy to spin up
Creating the Cloud Instance:
After logging into your Amazon cloud account select
6 min
Automation and Orchestration
AWS Series: OpenSWAN L2TP over IPSEC VPN Configuration
Synopsis:
We will look at how to configure an L2TP over IPSEC VPN using OpenSWAN
[https://www.openswan.org/] and how to connect to it using Mac OSX. This guide
is written for running the VPN software on a CentOS 7 x86_64 EC2 instance
(ami-6d1c2007) provided by Amazon Web Services. The VPN will be configured to
use local authentication and a pre-shared key. This is a great way to allow
access into your AWS VPC.
Procedure:
The procedure is broken into 3 parts:
* AWS – Create an EC2 instance
*
5 min
Automation and Orchestration
Bro Series: Creating a Bro Cluster
Synopsis:
This short article will demonstrate how to setup a minimal Bro cluster
[https://www.bro.org/sphinx/cluster/index.html] for testing. Because of its
minimal nature, this article will exclude discussion of load balancing traffic
across multiple bro workers (processes), security conscious permissions, and
other bro related tuning and features such as sending e-mail. Its purpose is to
get a Bro cluster up and running as quickly as possible so you can begin
familiarizing yourself with cluste
4 min
IT Ops
Migrating a web app to Angular
At some point many applications get to a state in which a large refactoring or
in some cases a complete rewrite needs to happen. The decision to do so can be
driven by many factors. For example, the code base is growing rapidly and the
current architecture cannot support the growth, components are becoming too
tightly coupled and need to be split, new and better technology becomes
available which offers significant improvements or due to other factors the
current code base is just not maintain
3 min
IT Ops
Webinar Recap: Tableau Server Log Analytics
Our webinar
[http://info.logentries.com/tableau-pluralsight-logentries-webinar-2016] was
broadcasted & recorded on June 16th 2016. During this broadcast Tableau Zen
Master Mike Roberts of Pluralsight discussed how to develop a simple technology
stack for next-gen management of Tableau using Logentries
[https://logentries.com/centralize-log-data-automatically/?le_trial=tableau_webinar_june16_recap-logentries_blog-post_cta-create_trial&utm_campaign=tableau_webinar_june16_recap&utm_source=logentr
6 min
Komand
Defender Spotlight: Ryan Huber of Slack
Welcome to Defender Spotlight! In this weekly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how.
Today, we're talking with Ryan Huber. Currently at Slack, Ryan has previously
held positions at companies such as Orbitz and Risk I/O, doing security,
engineering, or a combination of both. He enjoys computers, and can often b