Using JSONSchema to Validate input

There are a lot of REST APIs out there. Quite a few of them use JSON as the data structure which allows us to get data in and out of these devices. There are a lot of network focused blogs that detail how to send and receive data in and out of these devices, but I wasn’t able to find anything that specifically talked about validating the input and output of the data to make sure we’re sending and receiving the expected information.

Testing is a crucial, and IMO too often overlooked, part of the Infrastructure as Code movement. Hopefully this post will help others start to think more about validating input and output of these APIs, or at the very least, spend just a little more time thinking about testing your API interactions before you decide to automate the massive explosion of your infrastructure with a poorly tested script. ?

What is JSONSchema

I’m assuming that you already know what JSON is, so let’s skip directly to talking about JsonSchema. This is a pythonlibrary which allows you to take your input/output  and verify it against a known schema which defined the data types you’re expecting to see.

For example, consider Continue reading

Webinar – May 18 – WannaCry Ransomware: Why is it happening and (how) is it going to end?

What is happening with the WannaCry ransomware that has been attacking unpatched Windows computers around the world? How will it all end? What do we need to do collectively to deal with attacks like this? (Hint: Read Olaf's post.)

To learn more and pose questions to a panel of experts, you can join our partners at the Geneva Internet Platform and Diplo Foundation for a webinar on "Decrypting the WannaCry ransomware: Why is it happening and (how) is it going to end?"

Dan York

Worth Reading: IoT devices will never be secure

The biggest problem with IoT security is that most devices are going to be relatively simple and inexpensive connected things. The bandwidth consumption of these devices should be kept to the minimum to save bandwidth. Yet at the same time, security is supposed to be a continuous process. This involves a party that is responsible for keeping an eye on the various security vulnerabilities that emerge from time to time, and another one to make sure that suitable patches are being prepared and applied on timely basis. —CircleID

The post Worth Reading: IoT devices will never be secure appeared first on rule 11 reader.

IDG Contributor Network: Self-propagating ransomware: What the WannaCry ransomworm means for you

The reports came swiftly on Friday morning, May 12—the first I saw were that dozens of hospitals in England were affected by ransomware, denying physicians access to patient medical records and causing surgery and other treatments to be delayed. Said the BBC: The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down "one by one".NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.Throughout the day other, mainly European countries, reported infections.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Self-propagating ransomware: What the WannaCry ransomworm means for you

The reports came swiftly on Friday morning, May 12—the first I saw were that dozens of hospitals in England were affected by ransomware, denying physicians access to patient medical records and causing surgery and other treatments to be delayed. Said the BBC: The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down "one by one".NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.Throughout the day other, mainly European countries, reported infections.To read this article in full or to leave a comment, please click here

Privacy and Visibility – The dichotomy of encryption and inspection

The encoding or encryption of communications and information is a very old practice. The concept is relatively simple. One of the easiest examples is simply to reverse the alphabet, A for Z, B for X and so on. The reverse function is the ‘key’ to deciphering the message. We needn’t go into the detailed but fascinating history of the evolution of cryptography and the concept and method of the key. Instead we only need to touch on a few key historical milestones and how they have impacted the world today.

Cryptography is indeed an old practice. The ancient Romans would write encrypted messages on strips of cloth that were wrapped around wooden staffs of various widths. They would then send just the cloth strip with the courier. Only if the right staff was used could the message be deciphered. Here the ‘key’ is the width of the staff. That information would either be known or communicated to the receiver ahead of time so that they would have the right staff on hand to decipher the message. Obviously if anyone intercepted the information regarding the width of the staff, they could also decipher the message if they intercepted that as well. Continue reading

SAP wants to help enterprises learn from their smart devices

SAP has added machine learning to its Leonardo IoT software suite to help businesses handle data gathered from smart devices more intelligently.It unveiled the additions to Leonardo  -- and a cloud of other news -- at its customer conference, Sapphire Now, in Orlando on Tuesday.Leonardo runs on SAP Cloud Platform and provides a number of services to process data from the internet of things, including streaming and predictive analytics. Now, those predictive capabilities will include machine-learning tools tuned to work with the rest of the Leonardo components."It's about adding intelligence to existing business processes and integrating with the core systems of record. Leonardo's capabilities can be infused into SAP applications," said Mike Flannagan, SAP's senior vice president for analytics. "We see Leonardo as something that will help customers transform processes."To read this article in full or to leave a comment, please click here

Top 10 DevOps tools

The world of DevOps is a transformative new trend in the way applications are built and run. A hybrid engineer who both develops code for an app and manages the infrastructure operations the app runs on requires tools geared for multiple aspects of the application lifecycle process.+MORE AT NETWORK WORLD: Serverless Explainer: The next generation of cloud infrastructure | What you need to know about Microservices +To read this article in full or to leave a comment, please click here

Stopping ransomware starts with the security pros

Virtualization-based security software vendor Bromium surveyed security professionals about their behavior toward ransomware. The results were surprising. For example, 10 percent of them admitted to paying a ransom or hiding a breach. More alarming, 35 percent admitted to ignoring their own security protocols.To read this article in full or to leave a comment, please click here(Insider Story)

Stopping ransomware starts with the security pros

Virtualization-based security software vendor Bromium surveyed security professionals about their behavior toward ransomware. The results were surprising. For example, 10 percent of them admitted to paying a ransom or hiding a breach. More alarming, 35 percent admitted to ignoring their own security protocols.After last week’s WannaCry event, these numbers may start to go down as pressure mounts to prevent future attacks. However, Bromium’s data underscores an important point: The security professionals at the front line of defenses against ransomware and other threats need to set a strong example for following proper protocols.To read this article in full or to leave a comment, please click here(Insider Story)

The CSO IoT security basics survival guide

The Internet of Things – the connecting of billions of everyday and industrial devices using tiny sensors that transmit data and share information in the cloud – is revolutionizing the way we live and do business.To read this article in full or to leave a comment, please click here(Insider Story)

The CSO IoT security basics survival guide

The Internet of Things – the connecting of billions of everyday and industrial devices using tiny sensors that transmit data and share information in the cloud – is revolutionizing the way we live and do business.IoT platforms are expected to save organizations money, improve decision-making, increase staff productivity, provide better visibility into the organization and improve the customer experience. Six in ten U.S. companies now have some type of IoT initiative underway – either formal or experimental, according to IT trade association CompTIA.All this potential comes with some big security risks – mainly with the unsecured devices themselves, but also with their ability to join forces to bring down systems. This can leave corporate networks vulnerable.To read this article in full or to leave a comment, please click here(Insider Story)

Troubleshooting: Half Split

The best models will support the second crucial skill required for troubleshooting: seeing the system as a set of problems to be solved. The problem/solution mindset is so critical in really understanding how networks really work, and hence how to troubleshoot them, that Ethan Banks and I are writing an entire book around this concept. The essential points are these—

  • Understand the set of problems being solved
  • Understand a wide theoretical set of solutions for this problem, including how each solution interacts with other problems and solutions, potential side effects of using each solution, and where the common faults lie in each solution
  • Understand this implementation

    • of this solution

Having this kind of information in your head will help you pull in detail where needed to fill in the models of each system; just as you cannot keep all four of the primary systems in your head at once, you also cannot effectively troubleshoot without a reservoir of more detailed knowledge about each system, or the ready ability to absorb more information about each system as needed. Having a problem/solution mindset also helps keep you focused in troubleshooting.
So you have built models of each system, and you have learned Continue reading

Use a Zero Trust Approach to Protect Against WannaCry

network security iconMicro-segmentation with VMware NSX compartmentalizes the data center to contain the lateral spread of ransomware attacks such as WannaCry

On May 12 2017, reports began to appear of the WannaCry malware attacking organizations worldwide in one of the largest ransomware cyber incidents to date. The European Union Agency for Law Enforcement Cooperation (Europol) has reported more than 200,000 attacks in over 150 countries and in 27, with the full scope of the attack yet to be determined.  Victims include organizations from all verticals.

WannaCry targets Microsoft Windows machines, seizing control of computer systems through a critical vulnerability in Windows SMB. It also utilizes RDP as an attack vector for propagation. It encrypts seized systems and demands a ransom be paid before decrypting the system and giving back control. The threat propagates laterally to other systems on the network via SMB or RDP and then repeats the process. An initial analysis of WannaCry by the US Computer Emergency Readiness Team (US-CERT) can be found here, with a detailed analysis from Malware Bytes here.

One foundational aspect of increasing cybersecurity hygiene in an organization to help mitigate such attacks from proliferating is enabling a least privilege (zero trust) model by embedding security directly into the data center network. The Continue reading

Google’s the latest to take on IoT management headaches

Google wants to take on what may become one of the biggest cloud-computing needs of the next few years with a service that will manage IoT devices and help developers bring the data they generate into applications that use Google's analytics platforms.Its Google Cloud IoT Core, announced in a blog post on Tuesday, may be a good use of Google's reach, number-crunching power and device OS expertise. But the problem it aims to solve is daunting, and competitors are already focused on it.The good news for enterprises is that there are several solutions to IoT sprawl already available or taking shape. Just last week, VMware introduced Pulse IoT Center, the latest broad-based platform for setting up, managing and scaling IoT infrastructure. Cloud rival Microsoft has Azure IoT Hub, with a similar mission. Cisco Systems, General Electric and Nokia are also in the game.To read this article in full or to leave a comment, please click here

Microsoft, Amazon go after enterprises with new SAP cloud offerings

There are some fresh public cloud offerings on the horizon for SAP database customers, thanks to Microsoft Azure and Amazon Web Services. Both companies have announced new infrastructure services for the HANA database software aimed at giving customers tons of memory for workloads that need it.Azure customers will get access to M-series virtual machines that offer up to 3.5TB of RAM, designed for use with SAP’s database software. In addition, Microsoft announced Tuesday that it's working on new SAP HANA on Azure Large Instances to offer users between 4TB and 20TB of memory on a single machine specifically for use with software like the SAP Business Suite 4 HANA (S/4HANA).To read this article in full or to leave a comment, please click here

1 1,982 1,983 1,984 1,985 1,986 3,763