CCSP study notes

December 1, 2019 - 15 mins read

ccsp
isc2

Unstructured CCSP study notes PDF slides version EPUB version PDF report version I highly recommend reading cromwell-intl.com - Cybersecurity / ISC2-CCSP for further notes. Business Requirements Analysis Inventory of Assets Surveys, audits, interviews, automation, etc Valuation of Assets Do not put a $10 lock on a $5 bicycle Data owner is the business manager in charge of the data Determination of Criticality Tangible assets - Cars in a Car Rental Agency Intangible assets - Music copyright for a Label Processes - Register failure in a fast food restaurant Data paths - Logistical coordination, Cargo to Carriers Personnel - Surgeon in a surgery Identify Single Points of Failure (SPOF) Criticality - SPOFs SPOF - Single Point of Failure

Intel/Linux process isolation and containment

October 1, 2019 - 8 mins read

The Linux process model We’ll take a traditional multi-user Linux environment as a starting point. In this scenario, the provider runs the hardware, the operating system and supporting system functions. It turns out that on Linux processes cannot actually do much beyond compute operations on data in their own memory space. In order to do anything outside of that a process has to request that the kernel perform an operation on its behalf.

Fault Event Model

June 1, 2019 - 1 min read

model

Fault Event Model Source Notes Diagrams created with PlantUML PlantUML requires Graphviz to be installed to generate component diagrams Probabilities Success Abort Failure 0.9700 0.0291 0.0009 Human Error Probability (HEP) HEP Magnitude Reference - Human limit (team) 0.00001 10^-5 Reference - Human limit (person) 0.00010 10^-4 Task - Routine, familiar 0.00040 10^-4 Task - Routine, instruction 0.00600 10^-3 Task - Routine with deviation 0.01600 10^-2 Task - Non-routine, instruction 0.03000 10^-2 Task - Emergency with plan 0.

Kafka pattern visualization

January 20, 2019 - 1 min read

documentation

Kafka pipeline - dataflow Source Kafka pipeline - connection initialization Source Kafka pipeline, multi-platform - dataflow Source Kafka pipeline, multi-platform - connection initialization Source Notes Diagrams created with PlantUML PlantUML requires Graphviz to be installed to generate component diagrams

R - Coin toss

January 6, 2019 - 1 min read

r

Code library(ggplot2) library(gridExtra) set.seed(1) coin <- c(0,1) flipCoin <- function(num_flips=1000) { sample(coin, size=num_flips, replace=TRUE) } flipEstimate <- function(flips) { sum(flips==1) / length(flips) } plotFlips <- function(coinflips) { qplot( 1:length(coinflips), cumsum(coinflips==1) / (1:length(coinflips)), geom='line', ylim=coin, xlab = '# of flips', ylab = 'Freq coinflip == 1' ) } g1 <- plotFlips(flipCoin(10)) g2 <- plotFlips(flipCoin(100)) g3 <- plotFlips(flipCoin(1000)) g4 <- plotFlips(flipCoin(10000)) grid.arrange(g1, g2, g3, g4, ncol=2) Plot

R - plotting notes

January 5, 2019 - 2 mins read

Setup library(ggplot2) library(gridExtra) Distribution size <- 100 vect <- seq(1, size, by=1) m <- mean(vect) std <- sqrt(var(vect)) distF <- data.frame( indx = vect, gaus = dnorm(vect, mean=m, sd=std), pois = dpois(vect, vect), unif = dunif(vect, min=1, max=size) ) g1 <- ggplot(data=distF, aes(x=indx, y=gaus)) + geom_point(shape=1) + guides(legend.title=element_blank()) g2 <- ggplot(data=distF, aes(x=indx, y=pois)) + geom_point(shape=1) g3 <- ggplot(data=distF, aes(x=indx, y=unif)) + geom_point(shape=1) grid.arrange(g1, g2, g3, ncol=3)` Random sampling randF <- data.

New repository - PlantUML Kubernetes icons/sprites

December 20, 2018 - 1 min read

documentation

Update 2019-11: This work has been integrated into the PlantUML standard library 🎉🎉 New repository with sprites for Kubernetes in PlantUML projects. These sprites have been generated using the PlantUML encodesprite command. See http://plantuml.com/sprite. The source of the images is the kubernetes-icons repository at https://github.com/octo-technology/kubernetes-icons. This repository inherits the Apache license from there. See LICENSE. Example @startuml !include ../resource/k8s-sprites-unlabeled-25pct.iuml package "Infrastructure" { component "<$master>\nmaster" as master component "<$etcd>\netcd" as etcd component "<$node>\nnode" as node } Sprites References https://github.

New Rust library - actix-web-middleware-opa

December 5, 2018 - 1 min read

OPA is a lightweight general-purpose policy engine that can be co-located with your service. You can integrate OPA as a sidecar, host-level daemon, or library. - Open Policy Agent Published a new middleware library for actix-web to enable OPA integration. Source https://github.com/michiel/actix-web-middleware-opa Rust crate https://crates.io/crates/actix-web-middleware-opa Docs https://docs.rs/actix-web-middleware-opa/0.1.0/actix_web_middleware_opa/

Service mesh visualizations

December 1, 2018 - 1 min read

documentation

Direct connections Source Central proxy Source Sidecar proxy Source Istio Source Notes Diagrams created with PlantUML PlantUML requires Graphviz to be installed to generate component diagrams

Kubernetes building blocks

November 5, 2018 - 1 min read

kubernetes

mtail mtail - extract whitebox monitoring data from application logs for collection into a timeseries database - https://github.com/google/mtail This project does not have an official docker image. I have a public, automated build at, https://hub.docker.com/r/michielkalkman/mtail https://github.com/michiel/docker-mtail tlsrouter TLSRouter is a TLS proxy that routes connections to backends based on the TLS SNI (Server Name Indication) of the TLS handshake. It carries no encryption keys and cannot decode the traffic that it proxies.