operations

now browsing by tag

 
 

#cybersecurity | #hackerspace | Securing Containers and Multi-Cloud Operations

Source: National Cyber Security – Produced By Gregory Evans

The shift toward cloud-native applications is changing the building blocks of IT. Development and maintenance of infrastructure and applications in-house just isn’t an option anymore in many cases. Cloud-native application development and the use of containers and orchestration frameworks like Kubernetes offer undeniable advantages in performance, portability and scale.

However, it’s obvious to security teams that the possible attack surface has grown as a result. On-demand, large-scale deployment of IT resources across a mix of public and private clouds means that security vulnerabilities or exploits can often go undetected. Knowing who and what can be trusted is a constant struggle, as malicious code, untrusted connections, and misconfiguration all lead to one thing – more risk.

Several mechanisms help application and security teams to mitigate these risks, but identity is at the core. Identifying all of the “things” (e.g. workloads, services, code) across every cloud or network, verifying integrity, and encrypting connections end-to-end is half the battle. Two critical functions that make this possible are signature enforcement and trust authentication, both of which can be accomplished through the use of X.509 certificates.

SIGN EVERYTHING

Developers should always digitally sign code to protect end users from downloading and installing compromised code. Code signing ensures that the application cannot be modified by an unauthorized user, and provides high assurance that only authentic code developed and vetted by the vendor will be executed. Once the software is packaged into containers for deployment to the cloud, the containers can be signed as well. For instance, Docker supports container signing to enable verification of container integrity and publisher.

We recommend both levels of signing. If the application is signed, but the container is not, then a malicious user could potentially run other malicious code on the container in addition to the legitimate code. Enforcing signatures is no doubt necessary, but even more important is the protection of certificates – and their associated private key – used for signing. If these keys are compromised, attackers can use them to sign malicious code, making it appear authentic and trusted the same as your software.

Keyfactor Code Assure is purpose-built to solve these problems. The platform provides developers with programmatic access to certificates to sign code, while the security team keeps a tight audit trail of all signing activities and ensures that the private keys remain secure in an integrated Thales HSM. Storing the private keys in a FIPS 140-2 Level 3 complaint Thales HSM – either on-premises or cloud-based – ensures that, even if someone has access to the location, they cannot extract or copy the certificate.

Notably, signing can be done remotely, eliminating the need to distribute sensitive keys to multiple teams or locations. The Keyfactor Cryptographic Storage Provider (CSP) and APIs allow integration into nearly any CI/CD pipeline or build process, whether you’re using Microsoft SignTool for Windows executables, jarsigner for Java authentication, or a more complex tool like Jenkins.

ESTABLISH SECURE IDENTITIES FOR EVERYTHING

A best practice is to ensure that every connection to, from, or within a container or cluster uses SSL/TLS to enable mutual authentication and end-to-end encryption. This prevents unauthorized adversaries from making a connection that could compromise the security of a container or entire cluster. It’s also important to monitor and audit SSL/TLS certificates that are issued and active. Unknown, rogue or non-complaint certificates can result in an unexpected outage, or worse, misuse that allows unintended access to restricted systems.

For instance, Kubernetes can generate and issue certificates on its own, but most find that it doesn’t provide the visibility they need to ensure that certificates haven’t been issued inappropriately. However, Kubernetes also supports the ACME protocol, which can be used to obtain certificates from other sources, such as Let’s Encrypt. This protocol integrates with the Keyfactor ACME Server and is included as part of Keyfactor Command (our PKI-as-a-Service and certificate automation platform) to obtain certificates from any enterprise-supported PKI, whether public or private, that is configured in the Keyfactor platform. This enables secure, automatic issuance of a unique, trusted identity certificate for every container at deployment. This is done with robust role-based access control to different certificate templates or products, along with extensive workflow, auditing, and alerting capabilities, to provide the peace of mind that no certificates are being issued or used when they should not be.

Certificates issued for containers should be short-lived to limit the number of unexpired certificates active at any given time, which can often exceed thousands. This will help reduce the risk of compromise and lessen the impact if a certificate were stolen, since it will expire soon anyway. However, the certificate that cannot be short-lived is also the most important – the certificate of the Certificate Authority (CA) itself.

As with code signing, securing the CAs that issue the certificates is critical. If a CA is compromised, attackers can issue their own identities that will be trusted by default across an organization’s ecosystem, and this can be extremely costly to remediate, as it effectively invalidates every identity issued by that CA. The Keyfactor Command platform, integrated with Thales HSMs to secure CA certificates and keys, ensures robust protection and complete visibility, policy enforcement, and automation for all certificates.

Keyfactor and Thales offer integrated solutions designed to provide organizations with the tools they need to seamlessly automate secure operation of containerized and multi-cloud environments with minimal effort.

For more information, please check out our recent webinar on “Unlocking DevOps Security with PKI Automation”.

The post Securing Containers and Multi-Cloud Operations appeared first on Data Security Blog | Thales eSecurity.

*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Robert Masterson. Read the original post at: https://blog.thalesesecurity.com/2020/02/11/securing-containers-and-multi-cloud-operations/

Source link

The post #cybersecurity | #hackerspace |<p> Securing Containers and Multi-Cloud Operations <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Marketing Agency Temporarily Halts Operations after Ransomware Attack

Source: National Cyber Security – Produced By Gregory Evans A marketing agency announced just days before Christmas that it would be temporarily suspending operations as it works to recover from a ransomware attack. Sandra Franecke, CEO of the Heritage Company, sent a letter to employees that the company would temporarily be suspending its operations. She […] View full post on AmIHackerProof.com

Senior Engineer, IT Development Operations

Source: National Cyber Security – Produced By Gregory Evans

American Airlines – Fort Worth, TX

Location: AA Headquarters 2 (DFW-HDQ2) 
Additional Locations: None 
Requisition ID: 15253 

Job Description 

American Airlines is seeking a talented and technical Senior DevOps Engineer who is capable of leading process and tool set implementation and improvement that will enable Continuous Integration/Deployment environments and workflows. The Senior DevOps Engineer must be innovative, energetic, and driven to provide supper customer experiences. You will leverage your combination of consulting skills, technical ability, development knowledge to assess the needs of a customer to leverage DevOps methodologies. This role requires coordination with internal customers in a DevOps fashion with Developers, QA, Operations and Release Managers as well as leaders across the enterprise. 

The ideal candidate would be someone with an application development and technical analysis background in CI/CD process of an application. The ideal candidate would be someone with background in technical analysis and CI/CD process of an application development. 

Duites and Responsibilities 
Work with application development team to adopt continuous integration and continuous delivery (CI/CD) tools including GitHub Enterprise, Cloudbees Jenkins, SonaType Nexus Repository Manager, SonarQube. 
Integrate upstream and downstream development/QA/Security testing tools in to the enterprise toolchain. 
Automate application build and deployment pipeline utilizing the DevOps toolchain and drive for best practice. 
Provide tools training to new users. 
Continuous support to application teams with their development pipeline. 
Engage with application teams for Requirement gathering, documenting and transitioning. 
Provide inputs on improvement opportunities to ensure commitment on deliverables and alignment on projects. 
Assist in the implementation of a comprehensive release approach including people, process and tools. 

Job Qualifications 

Minimum Qualifications 
Bachelor’s degree in computer science, business or other related technical field. 
Minimum 5 years of experience in Information Technology industry. 
Experience with configuration and administration of continuous integration tool Jenkins. Experience with CloudBees Enterprise Jenkins is preferred. 
Strong knowledge with Jenkins Pipeline job and Groovy scripts. Have experience creating shared library and Jenkins plugin. Knowing declarative pipeline is a plus. 
Minimum of 2 years of experience with source code management system configuration and administration, such as Git, SVN, AccuRev. GitHub Enterprise is preferred. 
Strong knowledge of branching strategy. Can work with application team and recommend the right branching strategy based on their development process. 
Ability to integrate Quality testing and Security testing tools into CI process (e.g., HP QTP, Selenium, JMeter, HP Fortify, SonarQube). 
Experience with build tools Ant and Maven is a must. Knowledge with Gradle is a plus. 
Working knowledge of common networking protocols (e.g., HTTP, TCP, IP, SSH, FTP, SMTP, DNS, LDAP), load balancer, firewall, storage. 
Capable of writing comprehensive technical documentation and diagrams.
Can communicate technology effectively with different level of audience. 
The candidate should understand end to end application development lifecycle from code commit to Production deployment. 
Good communicator. Be able to work/collaborate with other teams to drive for result. 
Have an Ops mind and understand production change process. 
2 or more years of experience working in Agile software development environment. 

Job Qualifications (Continued) 

Preferred Qualifications 
Understanding of service-oriented architecture (REST APIs, micro-services, etc.) and ability to develop code to make API calls. 
Large scale application deployment experience. Extensive build and release engineering experience and proven ability to design and develop automated deployment solutions. 
Knowledge of Cloud-native platform such as Cloud Foundry. 
Experience with creating infrastructure as code (Docker). 
Additional Locations: None 
Requisition ID: 15253

The post Senior Engineer, IT Development Operations appeared first on National Cyber Security .

View full post on National Cyber Security

Mac Certified Tech/ IT Operations Support Engineer

Source: National Cyber Security – Produced By Gregory Evans

Mac Certified Tech/ IT Operations Support Engineer

Position Summary
Chegg is looking for a strong Desktop Support Engineer to join its lean but highly visible and productive team. This person will provide day-to-day hands on support to Chegg’s end user desktop and applications. There will be a ton of interaction with all areas of the company, directly with internal customers and various departments, troubleshooting user desktop issues to resolution.

Other areas of responsibility are LAN support, workstation deployments, break/fix, software/hardware upgrades, patch management, Anti-Virus management, workstation security, image management, application installs, user support and training, etc. Ever the collaborative role, there are a number of additional specific processes and services outside the desktop support role that this position may also be involved in. Most notably, this position will also act as first level support to critical systems and applications during normal business hours.

The role reports to our Sr Manager of IT Operations and is located in our Santa Clara, CA headquarters.

Responsibilities:

Maintain detailed and up-to-date licenses and hardware/software inventory
Deployments and Break/Fix
for workstations, printers, faxes, etc.
IT Equipment and Supplies Procurement
Hardware/Software installs and upgrades
Workstation Patch Management
User Support and Training
Maintain WDS Image Library
Manage IT Department documentation
Perform Preventive Maintenance
LAN Support
Exchange/Outlook Support and Active Directory support
Blackberry / iPhone/ wireless devices deployment and support
Windows 7 Enterprise/ Microsoft Application Support
Avaya IP phone support
VPN Account Setup and Support
- Desktop Security
AntiVirus Management and Support

Qualifications:

Education and/or Experience

A Bachelor’s degree in a related field or IT related degree and/or combination of directly related work experience commensurate to 2-5 years experience

Computer / Technical Skills
LAN / WAN experience required
Desktop and Laptop Break/Fix experience
WDS (Windows Deployment Services) experience
Exchange/Outlook 2010, 2013 (Mac 2011) experience
Lenovo IBM Hardware / MacBook and MacBookPro experience required
Desktop Security Best Practices required
Solid and current experience in the following: Windows7 Enterprise, FTP Server, Symantec AntiVirus, DNS/DHCP Administration; Active Directory
Proficient in Microsoft Office (Excel, Word, PowerPoint, Access)
Demonstrated work experience in project and task management proficiency with the ability to prioritize and execute accordingly
Must be able to work varied work hours, ‘On-Call’, including evenings, weekends and holidays

The post Mac Certified Tech/ IT Operations Support Engineer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Security Operations Engineer

Source: National Cyber Security – Produced By Gregory Evans

Onsite: On location at the Client’s site 100% of the time. No telecommuting or remote work. Description: Our Client, a healthcare organization, is looking to hire a Security Operations Engineer in New York, NY. Responsibilities: • Operate and maintain the InfoSec team’s portfolio of vulnerability management, Security Incident and Event Management (SIEM),…

The post Security Operations Engineer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Increased tension in cloud operations opens new doors for cybersecurity vendors

Source: National Cyber Security – Produced By Gregory Evans

Finding more comprehensive and robust ways of protecting data and medical information from hackers is even more necessary as the digital world continues to evolve. Everyone is talking about the positives of cyber technology, as well as the “dark web,” but no orene has put a number on its growth…

The post Increased tension in cloud operations opens new doors for cybersecurity vendors appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IT Operations Analyst (Mid)

Source: National Cyber Security – Produced By Gregory Evans

Job Description: Provides support for installation, testing, repair, and troubleshooting of stand-alone computers, computers linked to networks, printers, mobile devices, and other computer peripherals. Responds to telephone calls, email, and personal requests for technical, operational, and training support. Documents, tracks, and monitors problems to ensure a timely resolution. Provides end user…

The post IT Operations Analyst (Mid) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Security Operations Analyst II

Source: National Cyber Security – Produced By Gregory Evans

Summary: The Security Operations Analyst II will be responsible for providing the direction and technical expertise needed to design, implement and maintain Heartland’s information security environment. This role includes responsibility for implementing appropriate information security policies and procedures, safeguarding sensitive information, prevention of unauthorized access, configuring and managing security software,…

The post Security Operations Analyst II appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IT Security Operations Manager

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans Sequoia’s Information Technology (IT) department is seeking an IT Security Operations Manager to develop and run the Security Program and to protect …

The post IT Security Operations Manager appeared first on Become007.com.

View full post on Become007.com

Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution

Source: National Cyber Security – Produced By Gregory Evans

Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution

As more companies move to the cloud, current methods of managed security just aren’t good enough. That’s what the Fishtech Group believes, and the Kansas City, Mo.-based security solution provider is ready to help as it announced on Thursday that it would launch a new Cloud Security Operations Center (CSOC). “Our vision is that you have to think differently,” CEO …

The post Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures