Seeking Sys Ops Wizard!

Photo by Startup Stock Photos on Pexels.com

Want to come work for my team? Seeking a systems administrator, for web-based Linux and Windows infrastructure, to work on my Operations Team at CF Webtools.

  • Yes you work from home so pants are optional unless you are Skyping.
  • Looking for folks legal to work in the US only. (sorry! We still love you world!)
  • Yes the position is W2 with benefits after a short (30 day) trial period.
  • Yes benefits include health care.
  • Health Insurance won’t cover your calls to the Psychic hotline, but you might be able to use FSA for that.
  • Yes there are other benefits – 401k, dental, PTOs, disability, life insurance, and a positive, encouraging environment.
  • Our operations group consists of 3 team members so far.
  • They spend their days fixing, migrating, managing and upgrading servers.
  • AWS is involved in about 80% of what we do.
  • You will need to be able to find memes that appropriately obscure as inside jokes among your team members.
  • Plenty to do. Lots of scrambling. Lots of appreciative customers and developers who will see you as a savior if you can fix their problem.

While a knowledge of ColdFusion is not required it would be a plus. This job will involve managing servers and server instances (this is not a help desk job) – provisioning, migrating code, upgrading OS or Java. Below are some of the technologies we use and you will need to work with. To qualify you’ll need to know at least a handful of these.

  • Linux – For this job you probably need more than just a passing knowledge of Linux. You should be fluent in Linux administration. If you’ve set up some distros, used YUM or other package managers, know how to find stuff on a Linux box etc. you are probably qualified. But the more the better!
  • Windows Server – We have a high percentage of windows servers. Operations manages backups, patching, migrating, upgrading etc.
  • AWS – about 70% of our managed stack is AWS. If you apply for this job you will be expected to eventually test for an associate certification. Training (online Udemy) and testing are paid for, but you have to put in the work to get there.
  • Java/Tomcat – Our primary stacks invariably include Tomcat/JVM. If words like garbage collection, heap, context, web connectors etc. seem familiar you are on the right track.
  • Networking – you should know your way around a network stack, be familiar with firewall rules, IP addressing, NAT etc.
  • Troubleshooting – you should understand how to troubleshoot issues that arise from CPU, memory or disk constraints and performance.
  • DNS – you should understand DNS zones and record types, how they work, and how to modify them.
  • Web Servers – You should understand how to set up a website in one or both Apache and IIS.
  • Email Servers – We manage a number of email servers or email relays.
  • Jenkins – More of a “nice to have”. We deploy code through Jenkins from SVN or Git. Ops manages deployments.
  • Nagios (network monitoring) – Also a “nice to have”. We use Nagios to manage an array of uptime alerts from external and internal customers.

About CF Webtools

We are not a staff augmentation company trying to find someone to fling out to a spot in hopes they stick. While you work with customers, we care about developers and work culture. We intend to know you and support you. We strive to create a workplace you enjoy. We are looking for developers that match our culture of Can-do, Caring, Communication and Competency. Here’s some items that you need in order to fit in here.

  • You should be able to setup multiple local environments on your own dev workstation. You should know words like “Apache” or “IIS”. Yes you will be exposed to ______ (windows/mac) even if you are religiously devoted to ________ (windows/mac). We don’t make the rules.
  • You should be able to work with SVN or GIT and sometimes other source control products.
  • You should Maintain positive attitude – We interact with respect and gentle humor. Snark is minimized and encouragement is the order of the day. If you are quirky and self-deprecating that will be a plus and you will love it here.
  • You should Maintain and enhance your skills set – you will be given the opportunity to work on lots of code, different versions, platforms, integrations, libraries and SDLC organization and procedure. Everyone of these is a growth opportunity. If that has you licking your chops climb aboard.
  • We like Balanced Developers – Our devs have a full life. They ride horses, snowshoe, skydive, sword fight, play instruments, love dogs, golf, learn languages, rear children, go to plays, like to bake, fish, hunting, equestrian sports, skydiving, guitar playing, dog training, macramé, Golf, racquetball, Mandarin, Politics (careful!), family outings, child rearing, school plays, choirs, baking, snowshoeing, ice fishing, hunting, aquaponics, mudding, and the list goes on. We love it all! We think those things make you a better developer and it makes us want to be around you. We aren’t looking for 80 hour a week developers slavishly devoted to coding. We are looking for eclectic, interesting people who enjoy coding and want to do it for a living.

Hopefully this helps explain how we operate enough to pique your interest. If you want to take a shot send your resume to jobs@cfwebtools.com or call (402) 408-3733 ext 126 and ask for the Kurt. You can try extension 105 and ask for the Muse, but you have to get past Rachel so be creative! We look forward to hearing from you!

#job

Getting AWS Java SDK 2.0

In the past I’ve always used REST calls to the AWS API from ColdFusion. There are never any complete CFC libraries that work and they’re almost always dated. The reason being that AWS moves so fast, it’d require a full time person or more to keep it up-to-date and complete.

I am moving towards using the AWS Java SDK to call Java methods from ColdFusion. The SDK is kept up-to-date regularly by AWS and is quite complete and proven. The most common SDK in use today is version 1.x. However, late last year they came out with version 2.0.

According to AWS, “it is a major rewrite of the 1.11.x code base. Built with support for Java 8+, 2.x adds several frequently requested features, like nonblocking I/O, improved start-up performance and automatic iteration over paginated responses. In addition, many aspects of the SDK have been updated with a focus on consistency, immutability, and ease of use.”

But as a non-Java developer that uses Java libraries, this hasn’t come without difficulties. Because of its sheer size, AWS requires you to compile the source into a JAR file. You can compile all of it, which took me 1 hour and 3 minutes at a size of 122MiB. However, they recommend only compiling the (components) service that you plan on using.

I initially installed Maven on Windows 10 to compile it. However, as of version 2.3.6 there is a bug which makes the test fail in Windows, and thus the build. An issue was opened to resolve this and as of 1/22/2019 is pending to be merged into the master branch.

Therefore I compiled in Ubuntu for Windows.

Here’s my commands I used to get the environment ready and build the whole SDK using Maven:

sudo su
apt-get update && apt-get upgrade
# Install Maven
apt install maven
# Install Java SDK 8
apt-get install software-properties-common
add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java8-installer
# Verify Maven works and it does not throw a JAVA_HOME notice
mvn-version
# Get the AWS SDK source
git clone https://github.com/aws/aws-sdk-java-v2.git
# Check out a tag containing the release you want to use for the build
cd aws-sdk-java-v2
git fetch && git fetch --tags
git checkout 2.x.x
# Build out the SDK
mvn clean install
# compiles to ./bundle/target/aws-sdk-java-bundle-2.x.x.jar

Now, as I mentioned before, it’s recommended to compile only the components (services) you are going to use to reduce the JAR footprint.

The guide for this can be found here: https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/setup-project-maven.html

However, I found that guide to be fairly unhelpful. Currently I haven’t been able to get it to build successfully (it creates an empty JAR file).

Basically it’s supposed to use a “Bill of Materials” in the “MVN Repository” as your dependency dictionary. Then I believe it’s supposed to download the source files located in the MVN Repository, based upon your dependency definitions.

Here’s my pom.xml file that is used to define all that:

mvn-no-jar

After hours of frustration, I decided to boot up an AWS Linux 2 instance to see if maybe it was Windows Ubuntu related. Interestingly enough I got a different outcome.

When looking at the contents of the target jar, it looks promising. Not exactly sure what to expect just yet.

#jar, #java, #sdk

Estimating AWS EC2 EBS Snapshots

Estimating and understanding what AWS EC2 EBS Snapshots will cost you can be more difficult than you may think.

Here are some key points to keep in mind:

  • Snapshots are not compressed. Therefore your first snapshot will be equal to the GiB used in the source EBS volume.
  • Additional snapshots are incremental. Each incremental snapshot uses pointers, pointing to the prior snapshot’s blocks that have not changed. New blocks are recorded.
  • You can use the AWS Cost Explorer to view past usage. Today is not available. Filter down by “Usage Type Group” and set the value to “EC2: EBS – Snapshots”. Narrow down further by region and/or tag.
    • Usage (GB) are measured by “GB-Month”. So if there are 30 days in that month, multiple the metric by 30 to get that day’s actual usage.
  • As of 12/10/2018, the cost of a snapshot is $0.05/GB/mo

The hard part is estimating the amount of change per snapshot. The most lenient method would be to use a 100% change value. But that’s not practical.

Let’s say you estimate that 3% of your total volume size will be modified per snapshot. Therefore plan on an additional cost of $.15/mo for every 100 GiB of used volume space on every snapshot produced..

AWS Database Migration Service Endpoint Connection Issue

When setting up an AWS Database Migration Service (DMS) endpoint to an EC2 instance, within your VPC, you may get the error stating the connection could not be established and there’s a login timeout.

Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HYT00 NativeError: 0 Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired ODBC general error.

This may be due to lack of ingress into your EC2 instance. Create a security group that allows the appropriate port into your EC2 instance, for example 1433 for SQL Server, limited to the private IP address of the DNS instance. Then attach that security group to the EC2 endpoint (database).

That’s the easy part. But how do you find the private IP? It’s not listed anywhere in the DMS console.

  1. Go to your DNS Replication Instance and copy the VPC and public IP address listed.
  2. Go to Network Interfaces inside your EC2 console.
  3. Look for the network interface with the copied public IPv4 address and VPC ID.
  4. Copy the Primary Private IPv4 IP.
  5. Go to Security Groups.
  6. Select or create on that is associated with your database endpoint instance.
  7. Add the copied IP into the source field of an inbound rule.

Elon Musk on The Joe Rogan Experience

Elon Musk is one of my favorite people to follow. I’d love to own a Tesla as well. From SpaceX to The Boring Company to Tesla, I find them all interesting.

Here’s some pretty interesting insight into Elon’s mind.

Password Spraying

In a statement release by Homeland Security yesterday, TA18-086A: Brute Force Attacks Conducted by Cyber Actors, they indicate that brute force attacks using a “password spraying method” is increasing. Here’s a copy:


National Cyber Awareness System:

 

TA18-086A: Brute Force Attacks Conducted by Cyber Actors

03/27/2018 06:00 PM EDT

 

Original release date: March 27, 2018

Systems Affected

Networked systems

Overview

According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad.

On February 2018, the Department of Justice in the Southern District of New York, indicted nine Iranian nationals who were associated with the Mabna Institute for computer intrusion offenses related to activity described in this report. The techniques and activity described herein, while characteristic of Mabna actors, are not limited solely to use by this group.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are releasing this Alert to provide further information on this activity.

Description

In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow 3-to-5 bad attempts during a set period of time. During a password-spray attack (also known as the “low-and-slow” method), the malicious actor attempts a single password against many accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.

Password spray campaigns typically target single sign-on (SSO) and cloud-based applications utilizing federated authentication protocols.  An actor may target this specific protocol because federated authentication can help mask malicious traffic.  Additionally, by targeting SSO applications, malicious actors hope to maximize access to intellectual property during a successful compromise.

Email applications are also a target.  In those instances, malicious actors would have the ability to utilize inbox synchronization to (1) obtain unauthorized access to the organization’s email directly from the cloud, (2) subsequently download user mail to locally stored email files, (3) identify the entire company’s email address list, and/or (4) surreptitiously implements inbox rules for the forwarding of sent and received messages.

Technical Details

Traditional tactics, techniques, and procedures (TTP’s) for conducting the password-spray attacks are as follows:

  • Use social engineering tactics to perform online research (i.e., Google search, LinkedIn, etc.) to identify target organizations and specific user accounts for initial password spray
  • Using easy-to-guess passwords (e.g., “Winter2018”, “Password123!”) and publicly available tools, execute a password spray attack against targeted accounts by utilizing the identified SSO or web-based application and federated authentication method
  • Leveraging the initial group of compromised accounts, download the Global Address List (GAL) from a target’s email client, and perform a larger password spray against legitimate accounts
  • Using the compromised access, malicious actors attempt to expand laterally (e.g., via Remote Desktop Protocol) within the network, and perform mass data exfiltration using File Transfer Protocol tools such as FileZilla

Indicators of a password spray attack include:

  • A massive spike in attempted logons against the enterprise SSO Portal or web-based application. Using automated tools, malicious actors attempt thousands of logons, in rapid succession, against multiple user accounts at a victim enterprise, originating from a single IP address and computer (e.g., a common User Agent String). Attacks have been seen to run for over two hours
  • Employee logons from IP addresses resolving to locations inconsistent with their normal locations

Typical Victim Environment

The vast majority of known password spray victims share some of the following characteristics [1][2]:

  • Use SSO or web-based applications with federated authentication method
  • Lack multifactor authentication (MFA)
  • Allow easy-to-guess passwords (e.g., “Winter2018”, “Password123!”)
  • Use inbox synchronization allowing email to be pulled from cloud environments to remote devices
  • Allow email forwarding to be setup at the user level
  • Limited logging setup creating difficulty during post-event investigations

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • Temporary or permanent loss of sensitive or proprietary information
  • Disruption to regular operations
  • Financial losses incurred to restore systems and files
  • Potential harm to an organization’s reputation

Solution

Recommended Mitigations

To help deter this style of attack, the following steps should be taken:

  • Enable MFA and review MFA settings to ensure coverage over all active, internet facing protocols
  • Review password policies to ensure they align with the latest NIST guidelines and deter the use of easy-to-guess passwords
  • Review IT Helpdesk password management related to initial passwords, password resets for user lockouts, and shared accounts. IT Helpdesk password procedures may not align to company policy, creating an exploitable security gap
  • In addition, many companies offer additional assistance and tools the can help detect and prevent password spray attacks, such as the Microsoft blog released on March 5, 2018 (link below):

https://cloudblogs.microsoft.com/enterprisemobility/2018/03/05/azure-ad-and-adfs-best-practices-defending-against-password-spray-attacks/

Reporting Notice

The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at CyWatch@ic.fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact. Press inquiries should be directed to the FBI’s national Press Office at npo@ic.fbi.gov or (202) 324-3691.

References

ST05-12 – Supplementing Passwords

Heading to MuraCon

69EF409D-B9C9-4404-AE6152196A4E039D_W354_H295At CF Webtools we not only support customers that use Mura CMS but we use it ourselves on our website at cfwebtools.com.

This year CF Webtools is proud to sponsor MuraCon!

Nick Devre and myself will be attending both the “Pre-Con Content Manager’s Training” on April 4th and the conference on April 5th to the 6th.

We will have direct access to industry experts to talk to them about challenges that we have run into along with collaborating with other community professions. This will allow us to provide our customers with great support and integration for their companies.

The conference will focus on storytelling, flow and Docker (containers). Other topics include themes, CSS, JavaScript, API, Slatwall, React, Alexa, Rest, Swagger, OAuth, ColdFusion and more!

Add a comment if you’ll be there and be sure to say hi!