IT Pro Tuesday #181

Get this in your inbox each week.

Welcome back to IT Pro Tuesday!

Hello everyone! Please note that IT Pro Tuesday will be taking a break for the holidays and will be back on Tuesday, January 4th, 2021.

In this final edition for 2021, we're asking for recommendations on your favorite IT-related blogs we can share with the community... those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we'll be featuring them in the coming weeks.

And as always, we’re updating the full list on our website here. Enjoy.

But on with this week's tools...! Here are the most-interesting items that have come across our desks, laptops and phones this week. Hornetsecurity has no known affiliation with any of these unless we explicitly state otherwise.

A Free Tool

Traefik is a self-maintaining HTTP reverse proxy and load balancer that makes deploying microservices as simple as pointing it at your orchestrator. Integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. A shout out to R8nbowhorse for the suggestion.

A Script

Monitoring with PowerShell: Detecting Log4J files—This blog post explains the author's timely script, 'Search-Everything,’ that detects Log4J files by checking the JAR file for the class that is used that has the vulnerability. Uses the well-loved "Everything" search tool by Voidtools to generate a quick, full index. Appreciation goes to Lime-TeGek, who adds, "Unfortunately more applications use this class than log4j so it's not 100% accurate, but it at least gives you a quick overview of what you need to investigate."

A Tip

Some advice from SpacePirate on when it makes sense to automate: "A prerequisite to automation is fully understanding (and ideally, documenting) the workflow for a given task. If you can’t draw it in Visio/Mermaid, how the f* are you going to script it successfully? … automating a bad process is a waste of time. Don’t fall into the trap of trying to automate a process that has too many variables, bottlenecks, or dependencies, or that is not actually repeatable. Instead, identify those bottlenecks, find out how to estimate their magnitude and frontload or eliminate them, and get as streamlined as possible in your workflow. Then, once it’s parameterized and repeatable with zero interventions, you can automate it."

A Free Service

OpenCVE is an open-source security alerting platform that lets you search the vulnerabilities from the NVD feed, filtered by vendor, product, CVSS or CWE. seuledr6616 appreciates that it "lets you subscribe to particular technologies and will email when there are vulnerabilities for them."

Another Free Tool

Vim is a highly configurable text editor built to improve efficiency. While often preferred by programmers, its usefulness extends well outside that world to any sort of text editing, from composing email to editing configuration files. It can be configured to work very simply, like Notepad.

P.S. Bonus Free Tools

Terraform is an infrastructure-as-code software tool providing a consistent CLI workflow so you can manage hundreds of cloud services. This open-source tool codifies cloud APIs into declarative configuration files and allows infrastructure to be expressed as code in simple, human readable language. It reads configuration files and provides an execution plan of changes that you can review for safety before application and provisioning. Another kind recommendation from R8nbowhorse.

ShareDrop is a web app for P2P file transfer that allows you to move data via a secure, encrypted connection without any server in between. Features drag and drop simplicity and uses WebRTC, which is built into modern browsers. A favorite of schwigityschwooty "for quick, one-time file transfers … [that is] platform agnostic."

Have a fantastic week and as usual, let us know any comments.