Technology changes quickly. This is especially true in web development. With companies such as Google, Facebook, Amazon, or Netflix leading the way, there will always be the “next best thing” every IT professional has to pay attention to. Depending on the size and budget, not all companies can invest in the latest trend of technology. The question always asked: “What can we invest in?” As a guideline, annually Gartner publishes their infamous Hype Cycle, that charts the popularity (or decline) of technology. For those who are on the cutting edge will try to follow anything towards the “Peak of Inflated Expectations”, where the technology is hot. However, the most interesting set are the ones sliding into the “Trough of Disillusionment”. In 2018, those web applications were:
Cloud-Native Application Architecture
Mesh App and Service Architecture
Public Web APIs
Enterprise has already started to invest in those declining trendy ideas. However, in order to get to full adoption, IT Professionals have to familiarize with (and embrace) the new technology. It’ll be a difficult journey, but may be worth the investment. At this point, a great deal of material will be available since the concept has been around for a few years already. This is known as the “Slope of Enlightenment”. In order to get started, here are some suggestions on which presentation to listen to:
After listening to the presentations, one can determine the trend and make decisions on where/how to go to get Enterprise environments to the next level. It’ll take more time to get to the “Plateau of Productivity” where value can be realized by streamlining their execution for the long term production use.
The headlines in the news these days are about hackers attempting to infiltrate sites, mostly from Russia or China. The targets are many American sites, both government and private. How does IT Cybersecurity folks know if they’re coming? Going through the application logs for all attempts is a start. However, the best source of knowledge is the first line of defense: the Firewall. So it’s best to have a tool like Elasticsearch to make a readable report on the firewall logs, to figure out which ports are being probed.
It’s imperative any exposed ports are being denied on the firewall side to prevent any successful hack. In a real world example, in the past 7 days, the hackers were scanning for popular vulnerable applications such as telnet, RDP (Windows Remote Desktop), Microsoft SQL, or SMTP.
Thankfully, those ports are being blocked on the firewall. Unfortunately, this does not deter them from trying again and again. Network and system admins must put in the due diligence in controlling access and patching applications. No matter the business requirements, security must take precedence and IT Professionals must have the tools to detect, analyze, and protect.
With the recent federal government shutdown, it’s quite apparent their IT administrators still renew SSL certificates manually since many government websites went offline after the certs expired. Politics aside, since having secured connection and valid certificates are important these days, it should be a point for administrators to start automating the process. At the very least, have a project or plan in place to anticipate the shutdown and go through all of the important websites for possible cert renewals, 1-2 months in advance. As an Enterprise administrator, it’s also essential to have alerts or calendar reminders to renew an expiring cert. However, the best solution is to setup an automated job.
This is where tools out there like getssl and certbot can help. For this website, getssl is used to automate the SSL renewal process. The key processes are as follows:
Ensure Apache web server is setup. Since getssl relies on obtaining the proper “ACME” code from the target website to confirm the correct URL host, a regular port 80 HTTP connection must be made available first.
Per getssl documentation, run the inital setup to create the proper folders and files in $HOME/.getssl
getssl -c yourdomain.com
Edit the getssl.cfg in $HOME/.getssl/yourdomain.com folder with the correct directory for Apache web server’s doc-root and configuration files. Note, package installed Apache HTTPD uses /etc/apache2 as the default config directory.
When getssl is all setup, create a crontab to run getssl twice every month, for timely renewal (within 30 days). Be sure to restart Apache HTTPD to make sure the web server reloads the latest cert files.