Welcome!

@DevOpsSummit Authors: Zakia Bouachraoui, Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan

Related Topics: @DevOpsSummit, Microsoft Cloud, Linux Containers, Open Source Cloud, Containers Expo Blog

@DevOpsSummit: Blog Feed Post

Using GuardRail to Validate Windows SChannel Update

We've seen a landslide of vulnerabilities announced in the last few months, fromShellShock to Poodle

Using GuardRail to Validate Windows SChannel Update

We've seen a landslide of vulnerabilities announced in the last few months, fromShellShock to Poodle, and it looks like that trend will only continue. The discovery of a critical vulnerability in Windows SChannel-and the even worse problems introduced with a hasty patch-has added a heap of unplanned work for Windows IT pros.

GuardRail provides a really easy way to validate that the update has been successfully applied and the registry keys deleted. In addition to giving you validation that patches have been applied now, our Schannel check can be run automatically to protect against regressions.

Using the SChannel Policy

First, register your free ScriptRock account and connect any nodes you want to protect.

Go to the "Policies" section and select "Public Policies." These are test suites we've created based on best practices that anyone can use to validate their configurations.

Click "Execute" and then select the node you want to run the policy against. If you have a lot (like I do) then the filter might come in handy.

The policy contains four checks: that the patch is installed and that the three registry keys have been deleted. After running the policy you'll get a report on which tests have passed.

You can click into any portion to learn more about what the test is checking, why it failed, and how to remediate.

Because the checks are assembled in natural language it's easy for you to understand what's going on without reading a bunch of documentation. It also makes it easier to hand these tests off to other administrators, or to clone and edit them for your particular needs. And if Microsoft changes their advisory notice you can easily modify your version of the policy to look for different keys or to succeed when those keys are found.

For more resources to keep your Windows environments safe, check out our IIS 8 Checklist to ensure that your IIS servers are CIS compliant.

Read the original blog entry...

More Stories By ScriptRock Blog

ScriptRock makes GuardRail, a DevOps-ready platform for configuration monitoring.

Realizing we were spending way too much time digging up, cataloguing, and tracking machine configurations, we began writing our own scripts and tools to handle what is normally an enormous chore. Then we took the concept a step further, giving it a beautiful interface and making it simple enough for our bosses to understand. We named it GuardRail after its function — to allow businesses to move fast and stay safe.

GuardRail scans and tracks much more than just servers in a datacenter. It works with network hardware, Cloud service providers, CloudFlare, Android devices, infrastructure, and more.

@DevOpsSummit Stories
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
This session will provide an introduction to Cloud driven quality and transformation and highlight the key features that comprise it. A perspective on the cloud transformation lifecycle, transformation levers, and transformation framework will be shared. At Cognizant, we have developed a transformation strategy to enable the migration of business critical workloads to cloud environments. The strategy encompasses a set of transformation levers across the cloud transformation lifecycle to enhance process quality, compliance with organizational policies and implementation of information security and data privacy best practices. These transformation levers cover core areas such as Cloud Assessment, Governance, Assurance, Security and Performance Management. The transformation framework presented during this session will guide corporate clients in the implementation of a successful cloud solu...
So the dumpster is on fire. Again. The site's down. Your boss's face is an ever-deepening purple. And you begin debating whether you should join the #incident channel or call an ambulance to deal with his impending stroke. Yes, we know this is a developer's fault. There's plenty of time for blame later. Postmortems have a macabre name because they were once intended to be Viking-like funerals for someone's job. But we're civilized now. Sort of. So we call them post-incident reviews. Fires are never going to stop. We're human. We miss bugs. Or we fat finger a command - deleting dozens of servers and bringing down S3 in US-EAST-1 for hours - effectively halting the internet. These things happen.
Hackers took three days to identify and exploit a known vulnerability in Equifax’s web applications. I will share new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 4th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert research and analysis.Attendees can join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine intelligence.