My Preferred Cloud Tools and Readings - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

My Preferred Cloud Tools and Readings

Here are some of tools I created or found online. 



Most of sites are listing at (keep updating)

My Online Tools

  1. Portainer -
  2. Log - https://51sec.loggly.com/
  3. Email - https://51sec.org/mail
  4. Google Drive Indexer- 
  5. Wiki - https://sec.myxwiki.org/
  6. Zabbix -
  7. Proxy - https://proxy.itprosec.eu.org/
  8. Nodequery - VPS Monitoring (10 VPS, API supported) - NodeInfo - https://51sec.org/monitor
  9. Online Calendar Booking - https://calendly.com/51sec/
  10. Bookmarks - https://sites.51sec.org, https://nav.51sec.org
  11. Download Google Drive - http://download.51sec.org
  12. http://51sec.org/monitor/
  13. https://monitor.51sec.eu.org/
  14. OneDrive Manager
  15. Github - https://github.com/51sec
  16. KMS -  key : https://docs.microsoft.com/zh-cn/windows-server/get-started/kmsclientkeys
    • 192.168.2.8
  17. Jira / Confluence / Trello - https://51sec.atlassian.net/ (need to re-create)
  18. WebSSH - http://ssh.51sec.org 
  19. IFTTT - Connects all of your different apps and devices together with a chains of simple conditional statements. I am using Blogger-2-Weebly and Blogger-2-Wordpress two applets to help me updating multiple sites. 
  20. Photos.51sec.org - Backblaze storage integrated with Cloudflare in Bandwidth Allience (10G) 
  21. p.51sec.org - tebi.io - 
  22. Scaleway - S3 - 75GB of Storage in C14 Cold Storage's Glacier class. Support bandwith alliance as well. Trying to see if it can be integrated with cloudflare CDN. 
  23. Show Public ip: https://ip.51sec.org/api  (Vercel Deployment)
  24. Camera App: https://camera51.herokuapp.com/



Online Business Tools





    Other Online Tools

    1. Short-tem exchange of pasted information between parties: https://paste.ubuntu.com/
    2. Free Kubernetes cluster to play : https://www.katacoda.com/courses/kubernetes/playground 
    3. Free Docker Playground:https://labs.play-with-docker.com/
    4. Free deploy app into Kubernetes: https://kubesail.com/
      • Oketeto
      • IBM Red Hat OpenShift
    5. Heroku is a platform as a service (PaaS) that enables developers to build, run, and operate applications entirely in the cloud: https://www.heroku.com/
      • Vercel
      • Netlify
    6. Azure Sandbox: Once activated sandbox from Azure Exercise, you can sign into  Azure portal for sandbox to explore at most 10 sandboxes for a day. Each sandbox lasts 4 hours. 



    My Readings

    1. Top Six Communicating Skills - Listening, Coaching (Learning&Sharing), Teaching, Guiding, Advising, Motivating
    2. Operation - (运维 )
      • Agile - (Documentation -> Process -> Technology -> Monitor -> Backup) - Jira / Confluence / Wiki
      • CMDB - Device42? 
      • Some posts in this forum
    3. Architecture 
      • Multi-layered Security -  Vertical - Cloud - Perimeter - network - endpoint - Application - data
      • Multi-Zones Security - Lateral (Horizontal) - 产品区域、生产区域、内网区域、合作区域
      • Zero Trusted Network / Security - identify verification for every person and device. - IAM & PAM (Least Privilege Access), 0 Day Attack, MicroSegmentation, MFA , CASB (Identity verification, Access Control, DLP, URL Filtering, Packet Inspection, Sandboxing, Browser Isolation, Anti-Malware), 
    4. CISO Skills
    5. NIST 
      • CSF - 50% used at US organizations at 2020
      • Other Publications
        • Special Publication 800-53: provides a catalog of security and privacy controls for all U.S
        • Special Publication 800-40: Creating a Patch and Vulnerability Management Program 
        • Special Publication 800-30: Risk Management Guide for Information Technology Systems
      • Roadmap - CSF
        • Tiers - (1. Partial, 2. Risk Informed, 3. Repeatable, 4. Adaptive) vs Maturity level
        • Categories with Core Functions - Identify , Protect, Detect, Respond, Recover - 23 Categories, 108 Subcategory, mapping to CSC, ISA, ISO, COBIT, NIST SP 800-53
        • Profiles - For each subcategory, set up Priority, Gaps, Budget, Short/Intermediate/Long Term activities
      • Vulnerability Management
        • 800-30 & 800-40
      • TRA
        • Qualitative vs Quantitative
    6. ISO27001
    7. 52PJ
    8. Pen Testing


    No comments: