Cybersecurity

Discussions about cybersecurity frequently include the word Trust. It may be stated on it's own or as part of other terms such as "Trust No-one" or "Zero-Trust" or "Trust but Verify"... I recently spent some time thinking about trust and how it relates to cybersecurity. The more I thought about it, the more I realized that a bit of a deep-dive into who we are trusting (or not trusting) was well worth the effort.

'Twas the night before Christmas, when all through the house
Not a laptop was whirring, even those with a mouse;
The screens were all flashing with an eerie red glow
All Files Encrypted, All your secrets we know!

All the presents were nestled all snug in the sleigh
But poor Santa had no clue with whom they should stay.
After moving his list to a computer based tracker
It's all now encrypted, and in the hands of some hacker

After all the other network enhancements I have been working on, it was time to get some centralized logging going on. While I considered Logging Made Easy (LME) from CISA - this looked like just an abstraction on top of the ELK stack. Since I already had implemented that years ago, I elected for the latter and the die was cast.

Since it has been a few years since I needed to set up a new web site, I haven't been to the Observatory for a while. For those that don't know, it's an excellent way to check your web site against modern standards for configuration. I'm glad to see Mozilla still has it up and running and (at the time of writing) is planning a new version!

To use it, simple visit: https://observatory.mozilla.org/analyze/ 

Edit the URL to add the site you wish to analyze eg:

... let's drop a green monster into the mix.

Years ago I ran OpenVAS on my home network as a vulnerability scanner. It was great but updates were challenging and once my old VM host started to show it's age I turned down that VM. With all the other new updates I have been implementing, it was time to get scanning again.