The headlines in the news these days are about hackers attempting to infiltrate sites, mostly from Russia or China. The targets are many American sites, both government and private. How does IT Cybersecurity folks know if they’re coming? Going through the application logs for all attempts is a start. However, the best source of knowledge is the first line of defense: the Firewall. So it’s best to have a tool like Elasticsearch to make a readable report on the firewall logs, to figure out which ports are being probed.
It’s imperative any exposed ports are being denied on the firewall side to prevent any successful hack. In a real world example, in the past 7 days, the hackers were scanning for popular vulnerable applications such as telnet, RDP (Windows Remote Desktop), Microsoft SQL, or SMTP.
Thankfully, those ports are being blocked on the firewall. Unfortunately, this does not deter them from trying again and again. Network and system admins must put in the due diligence in controlling access and patching applications. No matter the business requirements, security must take precedence and IT Professionals must have the tools to detect, analyze, and protect.
With the recent federal government shutdown, it’s quite apparent their IT administrators still renew SSL certificates manually since many government websites went offline after the certs expired. Politics aside, since having secured connection and valid certificates are important these days, it should be a point for administrators to start automating the process. At the very least, have a project or plan in place to anticipate the shutdown and go through all of the important websites for possible cert renewals, 1-2 months in advance. As an Enterprise administrator, it’s also essential to have alerts or calendar reminders to renew an expiring cert. However, the best solution is to setup an automated job.
This is where tools out there like getssl and certbot can help. For this website, getssl is used to automate the SSL renewal process. The key processes are as follows:
Ensure Apache web server is setup. Since getssl relies on obtaining the proper “ACME” code from the target website to confirm the correct URL host, a regular port 80 HTTP connection must be made available first.
Per getssl documentation, run the inital setup to create the proper folders and files in $HOME/.getssl
getssl -c yourdomain.com
Edit the getssl.cfg in $HOME/.getssl/yourdomain.com folder with the correct directory for Apache web server’s doc-root and configuration files. Note, package installed Apache HTTPD uses /etc/apache2 as the default config directory.
When getssl is all setup, create a crontab to run getssl twice every month, for timely renewal (within 30 days). Be sure to restart Apache HTTPD to make sure the web server reloads the latest cert files.
The business of selling Windows based laptops and desktops are at a critical point. The industry is still suffering from profit loss, notably with the most recently high profile exit of the PC business by Sony. Previously, many experts believed the PC business could have been saved by Windows 81. Unfortunately, the result was (and still is) much less than anticipated.
Is there still a future in the PC business? Most insiders will say they’re cautiously optimistic. After several years of lost revenues due to falling prices and lack of consumer demand, the industry is beginning to cut its losses. Several promised innovations, such as integrating the computer with TV, did not pan out. The PC itself sees no significant improvement in the technology, other than the usual CPU and OS upgrades. Laptops are starting to become more like a tablet, such as a “convertible tablet“, but the cost and usability are questionable when compared to the sleek and highly marketable Apple iPad.
A glimmer of hope is in the cloud services. With the rising demand of highly portable and cheaper devices, such as tablets and Chromebooks, the direction is to provide products on the lower end of the PC units. But, there is a big dependency on the ubiquity of wireless infrastructure, such as Wi-Fi or 4G/LTE. Then there are the security concerns over possible data leaks and hijacking. The balancing act is still being performed.
The PC industry’s downward spiral may also be contributed to the dependance of corporate and government mass purchases. In the past, they were always reliable sources of revenue, much more than consumers. However, in this tough economy, with rising cost on both private and public sectors, those revenue streams have dried up. No one expects high volume sales to increase the bottom line, any more.
So where’s the industry going? Like any good business, it has to stay on course: Continue to innovate and cut cost. It needs to weather storm. The free market will sort itself out and consumers will pick the best from the lot. Perhaps to be in the last few to remain standing will be the winner in this highly competitive business.
Even the release of Windows 8.1 failed to change people’s perceptions [↩]