Category Archives: Cloud

Cloudy with a Chance of Cyber-attacks webinar

Kind of cloudy

I’m doing a free cloud security webinar for Parasoft next week. It’s titled Cloudy with a Chance of Cyber-attacks – Securing Cloud-based Applications

The session is on Thursday, January 24, 2013 10:00 AM – 10:30 AM PST. You can
register ahead of time.

Cloud Security Webinar Overview

Distributed denial-of-service attacks, SQL injections, and other security breaches are lurking in the cloud for their chance to wreak havoc on computers, servers, networks, and mobile devices. Security standards, such as NIST (SAMATE), CWE, OWASP, and PCI DSS offer invaluable guidance, but enforcing a security policy based on these standards is shady at best.

In this webinar, we’ll discuss the most effective development testing activities for ensuring application security, as well as how to ensure that your development team is consistently adhering to your development policy.

We’ll also cover:

New cloud service technologies that have made software infrastructure more vulnerable.

The exorbitant costs of failing to meet security standards.

The most effective development testing solution for improving application security.

Hope to see you there. After you can view a recording of the webinar at the same link.

Virtual Machine Networking Options

3Q12 10:01 Derby RTC - Carlisle Wapping Sidings

I am frequently asked to help people setup virtual machines. One of the most common questions is about how to setup networking properly, so I thought I’d share that information here.

Virtual machines have a variety of networking setups available. In addition there are also many options for the underlying OS, such as Windows, OSX, or Linux. Before you can make real use of a virtual machine, it will be necessary to make sure that you have a proper IP address. Enterprise deployments should be on a dedicated hypervisor, such as
vSphere / ESXi from VMware, VirtualBox, Hyper-V, etc. For them you setup networking as you would any other machine.

The VM can use either a static IP address or DHCP. By default virtual machines are often preset for DHCP or dynamic setup. If you want to use a static address you will need to set it to an appropriate value. For more details on linux networking, check the Ubuntu Network Configuration guide.

Desktop VM Network Configuration
VMware provides three types of networking configurations: Nat, Bridged, and Private or host-only. I expect most desktop hypervisors to have similar options.

NAT addressing
NAT means that the VM is running on a private network confined to the host machine. It can see external machines, but is generally unavailable to other machines on the network – they cannot see it. The IP address for the VM is supplied from the VM server itself, using DHCP. This setup is well suited to normal, personal use or a demo, but is usually inappropriate for an actual deployment.

Bridged addressing
Bridged lets your virtual machine share the network adapter from the host machine. In
this setup, your machine gets a “normal” IP address on your network. Typically this
is something like DHCP, and may require you to give the MAC address of the VM to your system administrator. This is a good setup if you need others to be able to access the VM. You can find your MAC address by following the instructions above under “Getting the MAC address”. If you know the correct range of IP addresses, you can also assign a fixed address this way, but you’ll need to have all the necessary information for a static network configuration.

Host-only addressing
Host-only mode lets your VM ONLY see your host machine. The VM has no access to
the network or the world at large. This is ok for certain demos, but not useful for general purpose use. It is very secure.

Your Address
You can find your network address and mac address either by using the ifconfig command from a prompt for linux, (described above under “Getting the MAC address”), or from the user menu when logged in you can select “System – Preferences – Network Connections”. For windows you can using the ipconfig command or right-click your networking icon.

Getting the MAC address
If you want to use DHCP for the address, you will probably need to give the MAC address for the VM to your system administrator. Some networks may require the MAC address for any access at all. From the VM terminal (see “logging in” for details) you can run the command: “ifconfig”. You will see two or more entries. One is “lo” which is for the loopback and can be ignored. The other should be eth followed by some number, such as eth1 or eth2. Take note of this value as you will use it later on in the configuration. On the same line as the ethx you should see a label that says “HWaddr” – the value following that label is your mac address for that network interface.

If there are others tricks you know, please share them. If there are other topics you’d like me to cover, let me know.

Poll: When Are You Moving to the Cloud?

This morning SD Times hosted a cloud migration webinar that I participated in for Parasoft. The topic was “Migrating Applications to the Cloud – Prevent the Most Common Reasons for Failure”. In a day or two you should be able to view a recording of the webinar at: SD Times Signup

One of the polls we used was quite interesting, which is “What has your organization done to migrate internal applications to the cloud”. I’d love to get your feedback as well.

Here’s the slides in powerpoint.

Download (PPTX, 684KB)

If there are any topics you’d like to have covered, please let me know via twitter or the comments below.

Cloud Migration Webinar

A strike made by Boyce

Tomorrow (Wednesday December 5, 2012 at 1PM EST / 10AM PST) SD Times is hosting a webinar that I’m participating in for Parasoft. The topic is “Migrating Applications to the Cloud – Prevent the Most Common Reasons for Failure”.

As always, attendance is free, you can sign-up at: SD Times Signup

While I don’t usually explain why I chose the silly pictures I sometimes choose for my blog, I think this one is relevant. One of the topics we’ll cover is how much you want to drag your baggage with you on your way to the cloud. If you’ve been puzzling over that, you’ll want to attend.

Hope you can make it! For those who miss it, sign up anyway to view the recording afterward at a time convenient to you.

If there are any topics you’d like to have covered, please let me know via twitter or the comments below.

Cloud Migration Webinar Overview

Are you planning on migrating existing applications to the cloud? Stop, take a deep breath, and consider that you are about to try to go off-roading with a Toyota Prius.

Organizations that don’t take a long hard look at application architecture and code structure will be extremely disappointed at the results of deploying applications in private or public clouds. The expected business benefits of cost savings, scalability, and high-availability will inevitably fall short— with the blame targeted at the cloud rather than the application.

In this webinar, we’ll explore the challenges of migrating existing applications to a cloud infrastructure, then present proven strategies for mitigating the risks You’ll learn how to:

– Prioritize application migration
– Plan for “big-blocks”
– Assess your existing applications’ ‘fit’ for cloud
– Leverage a centralized development testing platform to align your business goals with coding decisions
– Create a cloud migration policy
– Use process to mitigate the risks associated with cloud migration