1. Update / Upgrade Commands

• sudo apt-get update : In a nutshell, apt-get update doesn't actually install new versions of software. Instead, it updates the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.
• sudo apt-get upgrade : will fetch new versions of packages existing on the machine if APT knows about these new versions by way of apt-get update. An update must be performed first so that apt-get knows that new versions of packages are available.
• sudo apt-get dist-upgrade: will do the same job which is done by apt-get upgrade, plus it will also intelligently handle the dependencies, so it might remove obsolete packages or add new ones. 

Note: we can combine commands with && signs, such as:

• sudo apt-get update && sudo apt-get dist-upgrade

Basic Installation 

• A correlation alert is triggered by a query that looks back over a specified time period to determine if alert threshold has been met. The Guardium Anomaly Detection Engine runs correlation queries on a scheduled basis. By default, correlation alerts do not log policy violations, but they can be configured to do that.
• A real-time alert is triggered by a security policy rule. The Guardium Inspection Engine component runs the security policy as it collects and analyzes database traffic in real time.

There are more and more websites using CDN (Content Delivery Network) to help deliver their contents to end users. It is faster, safer and more reliable. At the same time, CDN such as cloudflare company hides your real ip behind their public ip. Is there a way we can bypassing CDN and find out those websites' real ip addresses.

I found following a couple of websites can help you do that.

This post is to record steps how to configure IBM Guardium to do  Vulnerability Assessment. In next couple of posts, I will write more about how to use Guardium to complete some basic task, just like this one. Please keep tuned.

Let me get it started now.

Docker is a technology that allows you to build, run, test, and deploy distributed applications that are based on Linux containers. Docker is already available on many different operating systems, including most modern Linux distributions, like Ubuntu, and even Mac OSX and Windows.If you are using Amazon EC2 already, you can launch an instance and install Docker to get started.

Youtube Video:

I were using Ubuntu 16.04 as my web server and mysql server for quite a few years. They are all in the same server , either running in a docker container or in a service. For better performance, I decided to separate them to different layer. I am going to use GCP Cloud SQL service as my database layer.

What is Risk:
Risk = Threat x Vulnerability x Asset

The enterprise risk assessment and enterprise risk management processes comprise the heart of the information security framework. These are the processes that establish the rules and guidelines of the security policy while transforming the objectives of an information security framework into specific plans for the implementation of key controls and mechanisms that minimize threats and vulnerabilities. Each part of the technology infrastructure should be assessed for its risk profile. From that assessment, a determination should be made to effectively and efficiently allocate the organization’s time and money toward achieving the most appropriate and best employed overall security policies. The process of performing such a risk assessment can be quite complex and should take into account secondary and other effects of action (or inaction) when deciding how to address security for the various IT resources.

I am working on Symantec ATP , which new name is EDR. Here lists some of experience I learned from this set up. It is still updating.


YouTube Video:

By default, Google Compute Engine offers the browser-based Google Cloud Platform Console tool that lets you manage your Google Compute Engine resources through a graphical interface. Use the GCP Console to manage your resources if you prefer using a user-interface through the browser.

In the GCP documentation setting up ssh keys  which shows how to set up your own ssh key to access all your virtual machines in GCP. here's the summary of steps:

1. Generate your keys using ssh-keygen or PuTTYgen for Windows, if you haven't already.
2. Copy the contents of your public key. If you just generated this key, it can probably be found in a file named id_rsa.pub.
3. Log in to the Developers Console.
4. In the navigation, Compute->Compute Engine->Metadata.
5. Click the SSH Keys tab.
6. Click the Edit button.
7. In the empty input box at the bottom of the list, enter the corresponding public key, in the following format: 
   
   <protocol> <public-key> username@example.com 
   
   This makes your public key automatically available to all of your instances in that project. To add multiple keys, list each key on a new line.
8. Click Done to save your changes. 
   
   It can take several minutes before the key is inserted into the instance. Try connecting with ssh to your instance. If it is successful, your key has been propagated to the instance.