Random thoughts
Tuesday, September 9, 2014
Vienna DevOps & Security and System Architects Group meetup summary - Sept 9, 2014
Some twenty developers and security experts gathered at the Stockwork Coworking Space for today´s joint Vienna DevOps & Security and System Architects Group meetup http://meetu.ps/2v2DGg.
Starting services on AWS is easy. So is stopping.
Recent incidents show that a compromised infrastructure can cause more than short disruptions. Several companies went out of business when not only their online services but also data stores and backups were gone:
The (fancy!) slides are available here: https://speakerdeck.com/xeraa/i-am-what-iam-for-devops-vienna
The structure of ISO 27001 looks somewhat similar to ISO 9001 Quality Assurance, including the monitoring and continuous improvement loop of Plan-Do-Check-Act (PDCA).
For a successful implementation and certification, the ISO 27001 efforts must be supported and driven by the company leadership
The third talk about Splunk unfortunately had to be postponed.
Best practices for AWS Security
Philipp Krenn (@xeraa) nicely explained the fundamental risks of AWS services:Starting services on AWS is easy. So is stopping.
Recent incidents show that a compromised infrastructure can cause more than short disruptions. Several companies went out of business when not only their online services but also data stores and backups were gone:
- Code Spaces goes dark after AWS cloud security hack
- DrawQuest permanently shuts down after security breach
- Bonsai.io suffers from an AWS security incident
- Lock away the root account. Never use this account for service or action authentication, ever.
- Create an IAM user with a password policy for every service or action to limit damage in case an API key gets compromised.
- Use groups to manage permissions.
- Use two-factor authentication (2FA) using Google Authenticator.
- Never commit your credentials to a source code repository.
- Enable IP restrictions to limit who can manage your services even with an API key.
- Enable Cloudtrail to trace which user triggered an event using which API key.
The (fancy!) slides are available here: https://speakerdeck.com/xeraa/i-am-what-iam-for-devops-vienna
ISO 27001 - Goals of ISO 27001, relation to similar standards, implementation scenarios
Roman Kellner, Chief Happiness Officer :-) at @xtradesoft, gave an overview of the ISO 27001 and related standards:- ISO 27001:2013 Information Security Management System (ISMS) Requirements
- ISO 27002:2013 Code of Practice
- ISO 31000 Risk Management
The structure of ISO 27001 looks somewhat similar to ISO 9001 Quality Assurance, including the monitoring and continuous improvement loop of Plan-Do-Check-Act (PDCA).
For a successful implementation and certification, the ISO 27001 efforts must be supported and driven by the company leadership
The third talk about Splunk unfortunately had to be postponed.
Labels: cloud, events, itarchitecture, security, technology
Monday, September 1, 2014
Removing thumbnails from JPEG images
JPEG images downloaded from a digital camera often contain thumbnails in the EXIF metadata, which Windows 7 appears to use for the thumbnails shown in folders.
Unfortunately not every image editor also updates the thumbnails. As a result, changes to images are only visible on the full image, not on the thumbnail preview.
That's where the marvelous ExifTool library and command-line application by Phil Harvey come into play. This one-liner removes the thumbnail image and related size information, and sets the file modification timestamp to the capture timestamp:
exiftool -if "$exif:IFD1:XResolution" "-filemodifydate<datetimeoriginal" -ext jpg -IFD1:all= %*
Combined with Matt Ginzton's CmdUtils, the full batch script for Windows removes image backup copies before and after processing:
@echo off
if exist *.JPG_original recycle -f *.JPG_original
exiftool -if "$exif:IFD1:XResolution" "-filemodifydate<datetimeoriginal" -ext jpg -IFD1:all= %*
if exist *.JPG_original recycle -f *.JPG_original
Unfortunately not every image editor also updates the thumbnails. As a result, changes to images are only visible on the full image, not on the thumbnail preview.
That's where the marvelous ExifTool library and command-line application by Phil Harvey come into play. This one-liner removes the thumbnail image and related size information, and sets the file modification timestamp to the capture timestamp:
exiftool -if "$exif:IFD1:XResolution" "-filemodifydate<datetimeoriginal" -ext jpg -IFD1:all= %*
Combined with Matt Ginzton's CmdUtils, the full batch script for Windows removes image backup copies before and after processing:
@echo off
if exist *.JPG_original recycle -f *.JPG_original
exiftool -if "$exif:IFD1:XResolution" "-filemodifydate<datetimeoriginal" -ext jpg -IFD1:all= %*
if exist *.JPG_original recycle -f *.JPG_original
Labels: photography