UpGuard Blog

Assessing Critical Cyber Risks with UpGuard

Given the complexity of modern information technology, assessing cyber risk can quickly become overwhelming. One of the most pragmatic guides comes from the Center for Internet Security (CIS). While CIS provides a comprehensive list of twenty controls, they also provide guidance on the critical steps that "eliminate the vast majority of your organisation's vulnerabilities." These controls are the foundation of any cyber resilience platform and at the center of UpGuard's capabilities.

Filed under: configuration, configuration management, upguard, cyber risk, vulnerabilities

The Windows Server Hardening Checklist

Whether you’re deploying hundreds of Windows servers into the cloud through code, or handbuilding physical servers for a small business, having a proper method to ensure a secure, reliable environment is crucial to success. Everyone knows that an out-of-the-box Windows server may not have all the necessary security measures in place to go right into production, although Microsoft has been improving the default configuration in every server version. UpGuard presents this ten step checklist to ensure that your Windows servers have been sufficiently hardened against most attacks.

Filed under: configuration, Windows, vulnerabilities, IT operations

10 Essential Steps for Configuring a New Server

That’s a nice new Linux server you got there… it would be a shame if something were to happen to it. It might run okay out of the box, but before you put it in production, there are 10 steps you need to take to make sure it’s configured securely. The details of these steps may vary from distribution to distribution, but conceptually they apply to any flavor of Linux. By checking these steps off on new servers, you can ensure that they have at least basic protection against the most common attacks.

Filed under: configuration, linux, server management, IT operations

Apple's $20M Configuration Problem

This week, Apple’s App Store and iTunes Store suffered a downtime of about 10 hours. For the better part of the day, customers were unable to access the stores, purchase music or apps, or make payments using the Apple Pay payment system. The problem has been attributed to “a configuration blunder” of its DNS setup.

Filed under: configuration, upguard

6 DevOps Myths to Avoid

We are very excited about the growth of DevOps. But as adoption rises, there will be varying perceptions about DevOps. Seeing it already happening, it’s important that we clear out any myths about DevOps before they become reality.

Filed under: IT automation, configuration, devops, enterprise

Misconfigurations: The Hidden IT Project Killer

There's a hidden killer lurking below the surface of every Enterprise IT project. No, it's not Kevin, that sysadmin who spends a disturbing amount of time in the bathroom each day. It's not even that 400 page requirements document, although from a conservationist's point of view the PM's insistence on reprinting it every few days can't be doing the world too much good. So what is it? Well, let me give you a clue:

Filed under: configuration, devops, misconfiguration

Configuration Automation - a Maturity Model

It's been really interesting to watch the dramatic uptick in activity around the automation space the last year or two. I don't need to go into too much detail on the benefits that automation offers here; consistency and scalability are two of the more prominent that come to mind. What has struck me, though, is that it feels like the way that companies are going about it is missing a key step.

Filed under: chef, configuration, puppet, automated testing, automation

It's Audit Time so Panic and Freak Out.

OK, you know it's coming. You've known it's been coming for a while now. You've done little preparation though. You've been too busy keeping the lights on and sneaking in the occasional new feature. It's audit time!

Filed under: configuration