Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Categories
Blogs

AWS CodeCommit: Streamlining Source Control in the Cloud.

What is AWS CodeCommit? Streamlining Source Control in the Cloud.

aws-code-commit

In the era of cloud computing, source control is a pivotal aspect of the workflow, ensuring that code changes are managed efficiently, collaborative efforts are streamlined, and the integrity of the codebase is maintained. Amazon Web Services (AWS) offers a robust solution for source control in the cloud with AWS CodeCommit. This article delves into the features, benefits, and use cases of AWS CodeCommit. We will also go ahead and create a code commit repository and clone the repo to our local machine, add files, commit and push them to our AWS code repository.

What is AWS CodeCommit?

AWS CodeCommit is a version control service hosted by Amazon Web Services that allows developers to store and manage their source code, binaries, and other assets in the AWS cloud.  Additionally, it is designed to work seamlessly with existing Git tools, making it easy for developers to integrate it into their current workflows.

Key Features of AWS CodeCommit.

Fully Managed Service: AWS CodeCommit takes care of the backend infrastructure, so developers can focus on writing code. There are no servers to manage.

Scalability: CodeCommit can handle repositories of any size, with the ability to scale up as your project grows.

High Availability and Durability: your repositories are always accessible and your data is protected against loss.

Security: CodeCommit integrates with AWS Identity and Access Management (IAM) to provide robust access control. You can use IAM policies to define who can access your repositories and what actions they can perform.

code-commit-security

Integration with AWS Services: CodeCommit integrates seamlessly with other AWS services such as AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline. This allows you to create a complete CI/CD pipeline using AWS tools, enhancing your development and deployment workflows.

integration-aws

Standard Git Interface: CodeCommit supports the standard Git interface, so developers can use their preferred Git client, command-line tools.

Getting Started with AWS CodeCommit

Prerequisite.

Make sure you have full permission to Codecommit, or you can log in as an administrative user additionally, you should have git installed and configured on your machine.

 

Create a Repository

Log in to your AWS management console, in the search box, type Codecommit then select codecommit under services.

repository

In the code commit UI on the left-hand side, select repositories then click Create Repository.

create-repository

In the create repository dashboard, under repository settings, name your repo, will call mine demo-commit-repo.

Codecommit is encrypted by default using KMS, but you can also choose your custom keys. We will leave it at AWS-managed keys with KMS.

Leave all other settings as default then click Create Repository.

create-respository

Success, we are greeted with connection steps. We can see HTTPS, SSH, HTTPS(GRC).

demo-code-commit

If you don’t see SSH then it means you are connected as the root user.

We will for now use HTTPS git credentials for Codemmit to connect to our git repository.

So let us log in to the I AM console.

 

services

Select users. Click your username, move to the security tab then scroll all the way down to HTTPS for git credentials.

 

git-credentials

Click on generate and your codecommit credentials will be generated. Click the download button.

git-download

Go back to the codecommit repository select your repo then click the drop-down button of the clone URL then select clone HTTPS.

In this case, it will copy the HTTPS-type URL.

repo-copied

Use your preferred Git client to clone the repository to your local machine. This allows you to start adding code and making changes.

Go back to your terminal and type in git clone and paste in the cloned URL. When you press enter, you will be prompted for your username and password. Paste them in then press enter.

git-command

We have cloned our remote repo into our local machine.

git-command

With the repository cloned, you can push your changes to CodeCommit.

We will now copy a few files into our directory, commit these files, and push them to our remote repo.

Using linux command make sure you are in the repo directory then add copy files to your repo.

git-command

Using git add the files and then commit the changes as shown in the picture bellow.

ubuntu-command-line
ubuntu-command-line

Once the changes are commited, you can then push them to the remote repo by using the below command.

ubuntu-command-line

Now let’s go and check codecommit, and yes indeed the new files have been pushed to the codecommit repository.

code-commit-repo

If you click on the commits on the left side of the repo UI, you can see the commit history.

code-commit-repo

This brings us to the end of this blog. AWS CodeCommit offers a powerful, secure, and scalable solution for source control in the cloud.

Thanks for reading, and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

 

Thank you!

Categories
Blogs

Check Your Cisco Software

Check Your Cisco Software

Use the Cisco Software Checker to search for Cisco Security Advisories that apply to specific software releases of the following products: Cisco ASA, FMC, FTD, FXOS, IOS, IOS XE, NX-OS and NX-OS in ACI Mode.

To use the tool, select a product, platform (as required) and one or more releases, enter the output of the show version command, or upload a text file that lists specific releases. Then narrow the check to certain advisories, if desired.

The availability of security fixes after the End of Sale is defined in the product’s End-of-Sale announcement, as explained in the Cisco End-of-Life Policy. Additional information about Cisco software updates, vulnerability rating and scoring is available in the Cisco Security Vulnerability Policy.

This tool does not provide information about Cisco IOS XR Software or interim software builds. Also note that for Cisco ASA, FMC, FTD and FXOS Software, the tool only contains vulnerability information for Cisco Security Advisories first published from January 2022 onward, and for NX-OS Software and NX-OS Software in ACI Mode from July 2019 onward.

To find vulnerabilities using the Cisco Software Checker, follow these steps:

Access the Cisco Software Checker:

Visit the Cisco Software Checker web page. You can find this tool on Cisco’s official website or by searching for “Cisco Software Checker” in your preferred search engine.

https://sec.cloudapps.cisco.com/security/center/softwarechecker.x

Provide Software Information:

Enter the details of the Cisco software version you want to check for vulnerabilities. This typically includes the software name, version number, and possibly other relevant information

Select a Method

  1. Search By Release
  2. Select a Cisco Operating System (In this tab you can select your device)

      3. Select FTD platform (in this tab you can select your device model)

     4.Select one or more FTD releases (In this tab you can select current OS version)

You can select more than one OS version too.

Run the Continue:

Click the ” Continue “button to initiate the vulnerability check. You can check/uncheck Cisco Security impact rating, like All, Critical, High, Medium etc.

Run the Continue

Click the ” Continue “button to initiate the vulnerability check

Review the Results:

The tool will generate a report that indicates whether the software version you entered is vulnerable to any known security vulnerabilities. The report may include details about the vulnerabilities, their severity, and potential impact.

In this report, we can see all impacts of Cisco FTD 2100 Series software release 7.0.2 and workaround/fixes as well.

Follow Recommendations:

For any identified vulnerabilities, the tool will provide recommendations on how to address the issues. These recommendations may include upgrading to a patched version, applying workarounds, or implementing other security measures.

Select any Title and you’ll get more information about that BU

•  Summary
• Affected Products
• Vulnerable Products
• Determine the Software Configuration
• Workarounds
• Fixed Software

Additional Information:

The tool may provide links to relevant Cisco Security Advisories or other documentation for further information about the vulnerabilities and how to mitigate them.

Take Action:

Based on the results and recommendations, take appropriate action to address the vulnerabilities. This may involve updating your software to a non-vulnerable version, applying patches, or implementing other security measures.

Remember that the Cisco Software Checker is designed to help you identify vulnerabilities in known software versions based on information provided by Cisco. It’s important to regularly check for updates and follow Cisco’s security advisories to stay informed about the latest vulnerabilities and recommended actions. Additionally, consider implementing a comprehensive security strategy that includes regular patching, network segmentation, intrusion detection, and incident response planning to enhance your overall network security.

Categories
Blogs

PKI – Public Key infrastructure

Public Key infrastructure

1. How you can make it healthier and safe

2. How to make it efficient

3. If we do PKI then what best practice should we move on with

PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates. The entities that facilitate and use PKI typically involve general internet users, web clients or browsers, and company servers -- though this can extend to other virtual machines (VMs) as well.

The word infrastructure describes PKIs since it does not refer to one single physical entity. Instead, it refers to the components used to encrypt data and authenticate digital certificates. These components include the hardware, software, policies, procedures, and entities needed to safely distribute, verify and revoke certificates.

Public key infrastructure (PKI) is the well-established protocol for organizations that need to secure distributed points of communication, such as browsers and IoT and mobile devices. For device manufacturers and application developers, revenue security depends on creating a highly secure ecosystem that ensures regulatory compliance and consumer trust.

The security needs of networks and the infrastructure protecting them change over time in response to new threats and advances in technology. With tens of billions of IoT devices already in operation, the potential attack vectors for hackers to steal data or infiltrate systems are great and growing exponentially. PKI is a vital element of IoT network security, provisioning unique device identities, bolstering authentication protocols, and enabling trusted communication channels between servers and devices. However, not all implementations follow PKI security best practices, resulting in flawed and vulnerable systems.

in technical terms, PKI is a two-key asymmetric cryptosystem that supports various information technology (IT) systems in their pursuit of high-level information confidentiality, encryption and confidence. The two keys, in this case, are also the two main pieces that facilitate this secure data management: a public key and a private key.

To put PKI in the best practice possible as well efficiently I would like to use the 7-Step Method in order.

To ensure a secure and smooth PKI setup, start by following some simple best practices. Plan Our implementation carefully from the beginning because making changes later can be difficult and costly. Understand your PKI needs well, both now and for the future. By doing this, we will avoid potential security risks and save time and resources, making your PKI experience much easier.

Define key and certificate security policies and protocols that address every stage of their lifecycle. Establishing a PKI may seem straightforward from the outset, but when one considers the millions of certificates that will possibly be issued, their expirations, and the security issues that would require revocation, it can quickly become very complicated. This becomes a potential security flaw, as the more complex a PKI is, the more difficult it is to track identities and revoke certificates that could be used to breach a system.

An important PKI design best practice is to plan for the entire lifecycle of certificates. By fully mapping the policies regarding the issuing, updating, monitoring, expiry, revocation, and decommissioning of certificates, all future managers of the PKI will have a clear outline of what should happen with certificates at all stages of their existence.

The cryptographic keys that are used in the PKI are the most vulnerable point of a PKI deployment and must always be protected. Hackers can use a variety of techniques to analyze and detect keys while they are in use or transit. Once in control of these keys, they can decrypt private data or pose as authenticated users to access systems. Within this context another PKI security best practice is to always use hardware security modules (HSMs), where possible, to store keys and perform cryptographic operations.

If you need to provision older devices without a secure update mechanism, which are already in the field, make sure to use white-box cryptography so that keys are not exposed in the clear during the provisioning process.
Throughout a PKI deployment, regular checks should be performed to ensure that the Certificate Policy and Certificate Practice Statements (CP/CPS) are being implemented and adhered to. Even for internal deployments, it is still a PKI design best practice to create audit trails that can be easily accessed and monitored. This ensures compliance with security policies and with the desired assurance level of the organization.
The root CA is the master key that underpins the entire PKI. If it is compromised, every certificate issued is invalid and would have to be revoked and reissued. PKI deployment best practices dictate that the root CA remains strictly protected and is never published online. The initiation of a PKI should begin with a root signing ceremony, where the policies surrounding the root are established. These policies should cover the root’s chain of custody, where the root is stored, and how it’s scripted.
Unfortunately, attacks on PKIs are not just an external issue. The private keys and other data surrounding your PKI can be extremely valuable. For that and other reasons, threats can also come from employees. There are a number of PKI deployment best practices that can be implemented to mitigate internal threats. These include using secured rooms for key and root programming that require two or more security IDs to access, and using a distributed security model that ensures there is no single point of responsibility that can be compromised.

Issuing certificates and provisioning keys and identities as PKI security best practices are still only one step in running a secure PKI. The ongoing integrity must be maintained. This includes a process for revoking keys and certificates that can no longer be trusted. Certificate authorities should maintain a certificate revocation list, which contains all suspended security certificates. Communications with a device or application using a revoked certificate should be blocked. For example, an IoT device using a certificate that is no longer authorized will not be able to gain access to a server.

Creating a highly secure and trusted ecosystem for your organization’s devices or applications depends on a successful and ongoing PKI deployment that follows PKI implementation best practices. While it’s possible to develop and manage a PKI internally, it requires resources and expertise outside of many organizations’ capabilities and may not scale smoothly as production grows.

Intertrust PKI is a managed PKI for IoT service that is trusted across the world and already secures the identities of billions of devices. Our scalable and flexible identity provisioning and PKI management is built on PKI design best practices and utilizes industry-leading security technologies, including white-box cryptography, to ensure that your networks and organizations are secured against risks arising from distributed communication points.