Month: October 2024

  • Private IP Address Ranges

    Private IP Address Ranges

    Introduction

    Private IP address ranges , sometimes called reserve ranges, are for internal devices only. This is the list along with a few other special ranges that are common and should be known.

    Class A

    10.0.0.0 – 10.255.255.255.255
    8 network bits and 24 hots bits
    subnet mask = 255.0.0.0

    Class B

    172.16.0.0 – 172.31.255.255
    16 network bits and 16 host bits
    subnet mask = 255.255.0.0

    Class C

    192.168.0.0 – 192.168.255.255
    24 network bits and 8 host bits
    subnet mask = 255.255.255.0

    Class D (Multicasting)

    224.0.0.0 – 239.255.255.255 (Reserved for TV networks)

    LoopBack

    127.0.0.1 – 127.255.255.255
    Used for network testing. Specifically, it tests a computer’s TCP/IP network software driver to ensure it is working properly.

    APIPA (Automatic IP Addressing)

    169.254.0.1 – 169.254.255.25

  • Updating the Linux OS & Installed Software

    Updating the Linux OS & Installed Software

    Introduction

    The apt (aptitude) command is just a a shortened version of the apt-get command. They are synonymous terms. Use the ‘apt’ command to update and manage your installed software packages. Use with Ubuntu or Debian Linux servers.

    Update and upgrade your system

    # apt update (date your local repository list)
    # apt upgrade (update all installed packages)
    # apt autoremove (remove packages that were installed as dependencies)
    # apt autoclean (clean the /var/cache/apt/archive folder).

    List all installed packages 

    dpkg --list
    apt list --installed

    Get a list of all packages that can be upgraded

    apt list --upgradable

    Remove packages with out uninstalling config files

    sudo apt remove {package name}

    Remove packages including config Files

    sudo apt remove --purge {package name}

    Repository location

    sudo cat /etc/apt/sources.list
    sudo ls /etc/apt/sources.list.d

    References

    https://askubuntu.com/questions/668582/false-disk-full-error-apt-get-unable-to-install-or-remove

  • 4-Hour Smoked Pork Ribs

    4-Hour Smoked Pork Ribs

    Preparation

    • Remove skin from back of ribs.
    • Liberally coat ribs with apple cider and dry rub.
    • Place ribs in pan. Cover pan with plastic wrap and place in frig 2 hours of time.
    • In mean time, soak wood chips in water.
    • Add coals 1/2 hour ahead to get grill temp to 250-275 deg.

    Cooking Instructions:

    • Place ribs on grill and cook for 2 hours. Add 1/2 wood chips @ the start and 1/2 @ 1 hour.
    • Wrap ribs in aluminum foil. Add apple cider and cook for 1 hour.
    • Remove foil and place ribs back on grill. Add BBQ sauce. Cook for 1 hour.

    Keep ribs moist, spritz with water, or place pan on top coals and add water. Add charcoal every 30 minutes during cooking!

    1 chimney = 300 deg with Chargriller Drum Barrel grill

  • Beer Can Chicken

    Beer Can Chicken

    Ingredient

    4-5 lb chicken

    Rub chicken skin with oil inside and out. Sprinkle with salt, pepper, and spices. Add butter under chicken skin. Place chicken on a can. Place can as far as possible from coals. Turn chicken every 15 minutes. Spritz skin, with water, to keep moist. Place a pan on top of coals and pour in some beer or water for added moisture.

    Cook at 350 deg for 1 1/2 hour until 170 deg.

    • 1 chimney = 300 deg for drum barrel Chargriller, about 1 1/2 chimney.
    • 1 chimney = 450 deg for Weber, about 2/3 chimney.
  • Regulatory, Compliance, & Security Frameworks

    Regulatory, Compliance, & Security Frameworks

    Introduction

    In the modern information age, there are numerous laws which affect the collection and storage of digital data. These laws often reference security standards that define specific methods of collection, the manner of storage, and other requirements that companies must follow. These regulations and laws are typically industry specific.

    The primary purpose of these laws is to create a base line of rules for companies that collect data on consumers. They outline security protocols that must be followed to keep data safe. For example, a customer’s username and password must be encrypted.

    These rules are collectively known as security frameworks, security standards, regulatory & compliance requirements, among other names.

    Common governing laws

    • GLBA (Gramm, Leach, Bliley Act) – Financial data.
    • CFPB (Consumer Protection Financial Bureau) – Financial data.
    • HIPAA (Health Insurance Portability Accountability Act) – Medical data.
    • GDPR (General Data Protection Regulation) – European consumers.
    • PCI DSS (Payment Card Industry Data Security Standards) – Financial data.
    • ISO 27001 – Information Security Management Systems. – Federal data.
    • FIPS (Federal Information Processing Standard) – Cryptography guidelines.
    • FERPA (Family Educational Rights and Privacy Act) – Educational records.

    Top cyber security frameworks (standards)

    • NIST Cyber Security Framework (NIST CSF 2.0) – Most common.
    • CIS Center Internet Security (Critical Security Controls).
    • PCI-DSS – Payment Card Industry Data Security Standards.
    • SOC2 – Systems and Organizational Controls. (Cert Pub Accountants).
    • ISO 27001 – Information Security. Generally for Fed Agencies.

    Best security practices (basic outline)

    Each framework will provide exact details, but there is a lot of overlap. Here is a general list of what to expect.

    • Governance & Risk
      • Maintain a risk assessment list. Update annually.
      • Establish a cyber security governance framework (NIST CSF 2.0 or CIS).
      • Ensure policies are written and enforced.
      • Establish supply chain risk management program.
    • Identify & Access
      • Implement MFA, 12 character & password rotation.
      • Delete unused accounts.
      • Just in time access for elevated roles.
      • Written job descriptions & RBAC permissions.
      • Limit number of global administrators, no local administrators.
    • Network & Infrastructure
      • Subnet the environment properly.
      • Conduct an annual firewall review.
      • Enforce internet filtering for end users (DNS filtering).
      • Create a golden image for new hosts.
      • Asset management (maintain a list of assets). Include cloud assets.
    • Endpoint & Data Security
      • Create an approved software list.
      • Patch and vulnerability program.
      • Endpoint Protection (virus software, XDR/EDR).
      • Data Protection & Encryption (enforce at rest and in transit).
      • Application security (scan your code, pen testing).
    • Continuous Monitoring & Response
      • Centralized logging & SIEM.
      • Integrate threat intel feeds & monitoring for zero day.
      • Make an incident response plan. Test with table top exercise.
      • Employee Training – phishing simulation.
    • Business Continuity & Compliance
      • Backups & Disaster Recovery Plan
      • Application security testing.
      • Compliance mapping. Ensure controls meet SOC2, PCI, HIPPA, etc.
      • Executive reporting & metrics. (risk dashboard, audit results, etc.)
  • Copy Files to S3 Using AWS CLI Tools

    Copy Files to S3 Using AWS CLI Tools

    Introduction to the AWS CLI

    There are three methods to upload and download data to Amazon Web Services. You can use the command line (CLI), AWS SDK, or the S3 REST API. In this article, we will explore the command Line interface, and the most common commands to manage an S3 bucket.

    The maximum size of a file that you can upload by using the Amazon S3 console is 160 GB. The maximum bucket size is 5TB. You can not use s3api on files uploads larger than 5GB. Command line tools can achieve upload speeds greater than 7 MB’s. But, you can go even faster if you turn on acceleration. It is not recommended because an additional cost will be incurred.

    Common switches

    • –dryrun = test what files would be uploaded, prior to running command.
    • — summarize = include a total at the bottom of the output.
    • — human-readable = show files sizes in Gb and not Bytes.
    • –output text = format the output on separate lines
    • –content-type=text/plain = Tell aws the upload data is text data (not video or other).
    • –recursive = show full file path
    • –exclude – leave out certain files.
    • –include = include certain files.
    • –delete = this flag is needed to remove any files.
    • –meta-data = Use this flag to upload custom data like the true MD5 hash

    List contents of a bucket

    aws s3 ls s3://bucket1/directory1/directory2/ --summarize --human-readable

    Copy a single file

    If the file is large, the cp command will automatically handle a multi-part upload dynamically. If the full path is not present, it will create it automatically in the s3 bucket.

    aws s3 cp ~/test.txt s3://bucket1/dir1/dir2/ --human-readable

    Copy multiple files from a local directory

    There are two commands that can be used to copy multiple files. Use sync or cp with the –recursive switch.

    aws s3 sync ./test/May s3://bucket1/May/ --human-readable --summarize

    OR

    aws s3 cp ./test/May s3://bucket1/May/ --recursive --content-type=text/plain

    Copy only files with .sum extension

    aws s3 sync ~/dir1/ s3://bucket1/dir1/ --exclude '*' --include '*.sum' --dryrun

    Copy a directory and exclude two files

    aws s3 sync ~/dir1/ s3://bucket1/dir1/ --exclude 'file1.txt' --exclude 'file2.txt'