Monitoring Amazon Web Services (AWS) - AWS CloudTrail

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.” (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

CIS Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

"Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

"Sometimes logging records are the only evidence of a successful attack. Many organizations keep audit records for compliance purposes, but attackers rely on the fact that such organizations rarely look at the audit logs, and they do not know that their systems have been compromised. Because of poor or nonexistent log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing, even though the evidence of the attack has been recorded in unexamined log files." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)


“AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.” (https://aws.amazon.com/cloudtrail/)


Creating a trail for all AWS regions, storing the logs in AWS Simple Storage Service (S3) and encrypting the logs using AWS Key Management Service (KMS).


  • An AWS Account
  • An AWS user, preferably not the Root User, with access to AWS CloudTrail, S3, KMS, etc.


Creating a Trail - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html


The NIST Definition of Cloud Computing

"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models." - https://csrc.nist.gov/publications/detail/sp/800-145/final

Consistency Is the Hobgoblin of Little Minds

"As with most things, context matters, which is what makes this quote inappropriate almost everywhere I see it used. In the context of IT, with consistency, a great soul can trade meaningless & soul-crushing work for important & strategic tasks, moving their organization forward rather than struggling just to keep up." - https://lonesysadmin.net/2017/10/25/consistency-is-the-hobgoblin-of-little-minds/


The Internet Engineering Task Force (IETF)

The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual. The IETF Mission Statement is documented in RFC 3935.1

Request for Comments (RFC)

A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society (ISOC), the principal technical development and standards-setting bodies for the Internet.

An RFC is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. It is submitted either for peer review or simply to convey new concepts, information, or (occasionally) engineering humor. The IETF adopts some of the proposals published as RFCs as Internet Standards.

Request for Comments documents were invented by Steve Crocker in 1969 to help record unofficial notes on the development of ARPANET. RFCs have since become official documents of Internet specifications, communications protocols, procedures, and events.2


The IETF Mission Statement - https://www.ietf.org/rfc/rfc3935.txt
Request for Comments (RFC) - https://www.ietf.org/rfc.html
RFC Index - https://www.rfc-editor.org/rfc-index.html


2 Request for Comments. (2017, June 26). In Wikipedia, The Free Encyclopedia. Retrieved 19:13, July 29, 2017, from https://en.wikipedia.org/w/index.php?title=Request_for_Comments&oldid=787685236

Kaizen, Kanban, Lean, DevOps, Software Development, Deming


The Japanese word kaizen simply means "change for better", with no inherent meaning of either "continuous" or "philosophy" in Japanese dictionaries or in everyday use. The word refers to any improvement, one-time or continuous, large or small, in the same sense as the English word "improvement". However, given the common practice in Japan of labeling industrial or business improvement techniques with the word "kaizen", particularly the practices spearheaded by Toyota, the word "kaizen" in English is typically applied to measures for implementing continuous improvement, especially those with a "Japanese philosophy". 1


Kanban is an approach to process change for organizations which uses visualization with a kanban board, allowing a better understanding of work and workflow. It advises limiting work in progress, which reduces waste from multitasking and context switching, exposes operational problems and stimulates collaboration to improve the system. Kanban is rooted in two sets of principles, for change management and service delivery, which emphasize evolutionary change and customer focus. The method does not prescribe a specific set of steps, but starts from existing context and stimulates continuous, incremental and evolutionary changes to the system. It aims to minimize resistance to change to facilitate it.

Kanban focuses on the customer and work which meets their needs, rather than individuals' activities. Kanban has six general practices: visualization, limiting work in progress, flow management, making policies explicit, using feedback loops, and collaborative or experimental evolution. They involve seeing the work and its process and improving the process, keeping and amplifying useful changes and learning from, reversing and dampening the ineffective.2

Reading List

  • Difference between Agile and Lean
  • The Toyota Way: 14 Management Principles from the World's Greatest Manufacturer - The Toyota Way reveals the management principles behind Toyota's worldwide reputation for quality and reliability. Dr. Jeffrey Liker, a renowned authority on Toyota's Lean methods, explains how you can adopt these principles - known as the "Toyota Production System" or "Lean Production" - to improve the speed of your business processes, improve product and service quality, and cut costs, no matter what your industry.
  • The Deming Management Method - Whether you are the owner of your own small business, a middle manager in a mid-sized company, or the CEO of a multinational, this book aims to show you how to improve your profits and productivity, following the principles of the Deming management method.
  • The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win - Learn how to recognize problems that happen in IT organizations; how these problems jeopardize nearly every commitment the business makes in Development, IT Operations, and Information Security; and how DevOps techniques can fix the problem to help the business win.
  • The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations - Increase profitability, elevate work culture, and exceed productivity goals through DevOps practices. More than ever, the effective management of technology is critical for business competitiveness. This non-fiction follow-up to The Phoenix Project shows leaders how to replicate these incredible outcomes, by demonstrating how to integrate Product Management, Development, QA, IT Operations, and Information Security to elevate your company and win in the marketplace.
  • Implementing Lean Software Development: From Concept to Cash - In 2003, Mary and Tom Poppendieck's Lean Software Development introduced breakthrough development techniques that leverage Lean principles to deliver unprecedented agility and value.

1 Kaizen. (2017, July 1). In Wikipedia, The Free Encyclopedia. Retrieved 14:16, July 7, 2017, from https://en.wikipedia.org/w/index.php?title=Kaizen&oldid=788434516
2 Kanban (development). (2017, June 21). In Wikipedia, The Free Encyclopedia. Retrieved 14:40, July 7, 2017, from https://en.wikipedia.org/w/index.php?title=Kanban_(development)&oldid=786767251

Microsoft Active Directory for SysAdmins

Active Directory (AD)

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Starting with Windows Server 2008, however, Active Directory became an umbrella title for a broad range of directory-based identity-related services.

A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Also, it allows management and storage of information, provides authentication and authorization mechanisms, and establishes a framework to deploy other related services: Certificate Services, Federated Services, Lightweight Directory Services and Rights Management Services.1

Terms / Concepts

Authentication, in AD terms, is the act of proving that you are who you say you are. This happens once when you first log on in the morning. You come in, boot up your machine, type in your logon name and password, and then you can get to your data.2

Authorization is the act of granting users appropriate access to resources—such as file shares, databases, applications, and mailboxes—once they’ve authenticated themselves to Active Directory. The concept of authorization is simply one of proving you have permission to do something.Error: Empty footnote

The forest is the whole of your Active Directory. It can contain one or more domains arranged in trees (that’s why it’s called a forest). The forest is named after the first domain created in the forest (known as the root domain, which can’t be changed).Error: Empty footnote

A domain is a container for the objects you’ll work with—users, computers, groups, and so on.Error: Empty footnote

An organizational unit (OU) is a container within a domain that can be used to hold user, computer, group, and other OU objects.Error: Empty footnote

Domains are inflexible objects, and reorganizing the domains in a forest is a major undertaking. In contrast, reorganizing the OUs (and their contents) within a domain is a relatively straightforward matter.Error: Empty footnote


  • Understanding Active Directory - This course provides students an introduction to Active Directory server roles in Windows Server. The course is intended for entry level students who want to get familiar with the Active Directory server roles and their basic functionality.

1 Active Directory. (2017, June 26). In Wikipedia, The Free Encyclopedia. Retrieved 02:04, July 6, 2017, from https://en.wikipedia.org/w/index.php?title=Active_Directory&oldid=787584651
2 Siddaway, Richard. Learn Active Directory Management in a Month of Lunches. Shelter Island, NY: Manning Publications, 2014. Print.

Linux Terminal and Windows PowerShell Commands

This will be an on-going post, with updates as needed..

TaskLinux TerminalWindows PowerShell
Get help man {command} Get-Help {cmdlet}
Get a directory listing ls -al Get-ChildItem
Create a user (local) adduser New-LocalUser
List system processes ps -ef Get-Process
Search for a file find / -name MyFile.txt Get-ChildItem C:\MyFolder -name -recurse MyFile.txt
Get network information ifconfig -a Get-NetIPConfiguration
Restart the system reboot Restart-Computer
Shutdown the system halt Stop-Computer
Edit a file vi, pico, nano notepad, edit

PowerShell Aliases
Microsoft was kind enough to alias PS cmdlets using common Linux / Unix commands:

PowerShell Cmdlet Alias
Get-Help man
Get-ChildItem ls
Get-Process ps

Programming for SysAdmins

While SysAdmins typically do not develop software applications, they do automate tasks, i.e. write programs / scripts. The concepts, tools, and techniques used by Software Engineers, can and should be applied to the code SysAdmins write. There are lots of programming / scripting languages that SysAdmins might use, my focus will be Python 3.x and Microsoft Windows PowerShell. The goal is to provide a basic overview of Python and PowerShell, and a solid understanding of various Software Engineering concepts, tools, and techniques. There are a lot of good resources available, I will try to provide links to many of these resources as we go.


Python is a widely used general-purpose, high-level programming language. Its design philosophy emphasizes code readability, and its syntax allows programmers to express concepts in fewer lines of code than would be possible in languages such as C++ or Java. The language provides constructs intended to enable clear programs on both a small and large scale.1

Windows PowerShell (including Windows PowerShell and PowerShell Core) is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework and .NET Core. 2

Concepts, Tools and Techniques

Lean software development is a translation of lean manufacturing principles and practices to the software development domain. Adapted from the Toyota Production System, a pro-lean subculture is emerging from within the Agile community.3

Git is a distributed revision control system with an emphasis on speed, data integrity, and support for distributed, non-linear workflows.4

Test Driven Development (TDD) is a software development process that relies on the repetition of a very short development cycle: first the developer writes an (initially failing) automated test case that defines a desired improvement or new function, then produces the minimum amount of code to pass that test, and finally refactors the new code to acceptable standards.5

1 Python (programming language). (2014, October 28). In Wikipedia, The Free Encyclopedia. Retrieved 02:07, October 29, 2014, from http://en.wikipedia.org/w/index.php?title=Python_(programming_language)&oldid=631489987
2 PowerShell. (2017, June 22). In Wikipedia, The Free Encyclopedia. Retrieved 19:25, July 4, 2017, from https://en.wikipedia.org/w/index.php?title=PowerShell&oldid=787006553
3 Lean software development. (2014, August 28). In Wikipedia, The Free Encyclopedia. Retrieved 21:52, October 18, 2014, from http://en.wikipedia.org/w/index.php?title=Lean_software_development&oldid=623158760
4 Git (software). (2014, November 19). In Wikipedia, The Free Encyclopedia. Retrieved 19:17, November 25, 2014, from http://en.wikipedia.org/w/index.php?title=Git_(software)&oldid=634539818
5 Test-driven development. (2013, October 9). In Wikipedia, The Free Encyclopedia. Retrieved 06:00, October 12, 2013, from http://en.wikipedia.org/w/index.php?title=Test-driven_development&oldid=576503904