In this study, I will introduce Blockchain Systems Reference model(BSR) for securing blockchain information.
According to the European Commission and ACS’s reporting, the most impacted challenges across Europe and Australia in relations to blockchain technically consist of: scalability, security, apart from the non-technical challenges, such as regulation, education and employment.
Challenges in relation to blockchain [1] Continue reading
If you want to understand the cloud infrastructure better, I would suggest you start looking at the resource zoning. Within resource zoning, there will be things like IAM, Data Encryption, network, HA, Disaster Recovery, etc. You can take this “road trip” to walk throughout the Cloud “kingdom”.
If you can compare the services across different cloud providers, you can get more insights horizontally.
In this series, I will compare cloud services in different topics, with resource zoning in this session. I won’t cover all the services, but security related ones as usual.
Here is the detailed list from my GIT repo. Welcome to contribute to this repo.
A couple of examples here are listed on how to utilise the table.
All the security logging services across different Cloud provider are either global or cross-region. But there is a little bit difference.
GCP Audit Logging
AWS Cloudtrail
AZure Activity Logs
GCP Audit Logging within Stackdriver service is global resource. It has resource types including project, organization, folder, billing account.
AWS Cloudtrail is cross-region resource, but you have to manually enable for all regions.
AZure Activity Logs can exported on the Subscription level while you can select multiple regions for steaming to Event Hub or export to Storage Account.
In GCP VPC is global resources. And Subnet is regional resources. So logically you can understand the IP ranges is associated on Subnet level. Routes are global resource, so they are defined on VPC level. In AWS, VPC is regional resources, and Subnet is zonal resources. You can only assign one subnet entirely into one AZ. You can then imagine the IP ranges and routes should be on the VPC level. In Azure because not all the Azure regions support availability zones. So subnets, routes, network security groups and application security groups are all regional resources.
Driving from all the facts above, it would be much easier to explain more details in the following few section around networking in this series.
GCP all resources, whether global, zonal, or regional, must be unique within the project.
Global, regional, and zonal resources Resource Locations AWS Global vs Regional vs AZ resources - Certification What are Availability Zones in Azure?
F5 Big-IP LTM-VE is NOT officially supported on Oracle VirtualBox. But it does work if you set up the NICs correctly.
In this post, I will talk about the installation process of F5 and the troubleshooting during the process.
1.Prerequisites
a) Oracle VirtualBox 4.2 or later
b) Download the LTM-VE virtual image file(s)
My downloaded version is BIG-IP 11.3.0.39 VE-Trial.
2.Import and configure VMs
a) Import VM
Using the VBox Console, click File > Import Appliance, then Open appliance, and select the .OVA file that you unzipped from the downed image files.
b) Install and configure VBox Host-Only Network
c) Install and configure VBox Bridged Mode Network
3. Troubleshooting
Continue reading
The main and primary objective of iptable firewall or any other firewall for that matter is to define a set of rules, once rules matched criteria no further processing would be done and it goes to the rules specified in the target (or) executes the special values mentioned in the target.
For example as the following rule set:
The request from IP 192.168.100.100 will be denied. All other packet other than WWW from other IPs will be denied.
If the rule set sequence is change as following, the WWW service can be used from IP 192.168.100.100:
When we are testing IAM solution in Virtual environment, there are a lot of IP address and VIP names to be resolved. It is very time-consuming to modify the local hosts file on each VM. This is a quick guide to install Dnsmasq on OS X and use it to resolve DNS to your testing VMs.
Installing Homebrew is fairly simple but beyond my scope here.
ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”
Once you have Homebrew installed, using it to install Dnsmasq is easy:
# Update your homebrew installation brew up # Install dnsmasq brew install dnsmasq
The installation process will output several commands that you can use to start Dnsmasq automatically with a default configuration. I used the following commands but you should use whichever commands brew tells you to:
# Copy the default configuration file.
cp $(brew list dnsmasq | grep /dnsmasq.conf.example$) /usr/local/etc/dnsmasq.conf# Copy the daemon configuration file into place. sudo cp $(brew list dnsmasq | grep /homebrew.mxcl.dnsmasq.plist$) /Library/LaunchDaemons/
# Start Dnsmasq automatically. sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
Insert this into your /usr/local/etc/dnsmasq.conf file (I put it near the exampleaddress=/double-click.net/127.0.0.1 entry just to keep them all together) and save the file.
Continue reading
During the configuration of OIM, virtual IP Address is required for both Oracle Identity Manager managed server and SOA managed server. This enables the servers to participate in Server migration.
Provision a virtual IP address in the application tier so that it can be bound to a network interface on any host in the application tier.
ifconfig subinterface virtual_ip_address netmask netmask_value
Substitute INTERFACE = the interface which this VIP will be based on, IP_ADDRESS = the new VIP IP address (note: this must exist) and NETMASK = the netmask of the new VIP.
For example, on IAMHOST1, enter the following:
ifconfig ech1:1 192.168.56.211 netmask 255.255.255.0
arping -b -A -c 3 -I eth1 192.168.56.211
Note: changes made will be lost when the machine is rebooted.
Identity and Access Management blog 