Improved Control with Policy Variables and Overrides

Policies are an important part of how UpGuard works, but in large implementations, policy bloat can make managing different groups of devices unwieldy. To combat this, UpGuard has implemented policy variables and variable override options in version 2.29 to allow people to better use a single policy across multiple groups. Out-of-the-box policies don’t always offer the necessary flexibility to adjust to real environments, but with UpGuard’s policy variables and overrides, administrators can adjust their expected configurations to apply to multiple systems or environments, taking into account their differences, and allowing them to focus on maintaining the configurations they care about.

Read More

UpGuard: An Adaptable NERC Compliance Solution

The North American Electric Reliability Corporation (NERC) creates regulations for businesses involved in critical power infrastructure under the guidance and approval of the Federal Energy Regulatory Commission (FERC). A few of these, the Critical Infrastructure Protection (CIP) standards, protect the most important links in the chain and are enforced under penalty of heavy fines for non-compliance. Many of the CIP standards cover cybersecurity, as much of the nation’s infrastructure is now digital. To prove compliance with CIP standards, companies must have a system of record that can be shown to auditors to prove they have enacted the required security measures to protect their cyber assets.

Read More

It's Like Updating OpenSSL All Over Again

A new high severity vulnerability in the OpenSSL protocol was announced today that could allow an attacker to cause memory corruption in devices handling SSL certificates. The vulnerability was caused by a combination of bugs, one a mishandling of negative zero integers, and the other a mishandling of large universal tags. When both bugs are present, an attacker can trigger corruption by causing an out-of-bounds memory write.

Read More

The Email Security Checklist

You’ve hardened your servers, locked down your website and are ready to take on the internet. But all your hard work was in vain, because someone fell for a phishing email and wired money to a scammer, while another user inadvertently downloaded and installed malware from an email link that opened a backdoor into the network. Email is as important as the website when it comes to security. As a channel for social engineering, malware delivery and resource exploitation, a combination of best practices and user education should be enacted to reduce the risk of an email-related compromise. By following this 13 step checklist, you can make your email configuration resilient to the most common attacks and make sure it stays that way.

Read More

Five IIS Settings You Need to Check Today

If you’re working with IIS then you know that preventing configuration drift is as important as it is time consuming. In the best case scenario you’re monitoring configs daily to keep development, testing, and deployment running smoothly. In the worst case—well, all-nighters make good war stories but aren’t much fun. A proactive approach is much better. UpGuard automates configuration testing at scale, to find out if your IIS servers are hardened and as expected. We'll look at how UpGuard can help with these five major problems as an example of what we do.  Here are the top five critical configuration problems we see on IIS servers and how we fix them.

Read More

Configuration Management in the Real World – One Company’s Story

Trying to translate the concept of Configuration Management for those who do not understand its efficacy is like explaining surfing to an Inuit. It is simply not an inherent part of their culture. Without question, the benefits of Configuration Management can be challenging to grasp to the uninformed. One of the best ways to understand the benefits and use cases is to learn from other enterprise's experiences.

Read More

UpGuard Your ASP.NET Applications

ASP.NET Applications get many configuration settings from their web.config or app.config file. Being able to run the same application across multiple environments used to mean keeping control of different copies of the config file to deploy or even worse manually editing the settings after deploying to each new environment. In recent years it has become possible to do transformations of the web.config files at deploy time using Visual Studio. No matter which method you use, deploying to a new environment and detecting drifting config settings has always been a problem. UpGuard helps to quickly and easily detect these sorts of problemsand make configuration management a breeze.

Read More

Configuration Testing in the Enterprise

Many enterprise network workers are now adopting automation technology as a means of completing operational tasks, and of creating a more efficient environment within an IT enterprise. One of the advantages of adopting IT automation is that it helps to deliver optimal IT management, without the need for any significant capital investment.

Read More

Why Configurations Must be Tested

Configuration testing should not only be an essential step in the overall development process, but also important in the process of installation of new apps for use on web and application servers. Without proper testing, apps can often fail or be open to vulnerabilities. Exposure to attack by hackers or viruses can lead to needless expenses and excessive time correcting these problems. It is not unusual for app developers to overlook the need for configuration testing. This is because they believe that using automated methods, like Chef and Puppet (or other systems that test the deployment of their products), will work just fine. They feel that by using these fully automated processes they can test consistency, reproduce outputs adequately, and determine if things are working as predicted or not. This kind of thinking can delay a timely product delivery, produce unnecessary costs, and create additional workloads to address vulnerabilities that can occur later in production.

Read More

Automated Configuration Testing, the Agile Infrastructure Enabler

OK, so I probably just closed out 100 games of Bulls**t Bingo in the title of this blog post but I'll stand by it. You want actual agility in what you do? You need a safety net. That safety net is automated testing.

Read More

March Product Update

We've made some additions to the platform that we're pretty excited about and would like to share. An even easier way to add tests, service/daemon support for the application and job scheduling for those of you that like to know that your configuration is gold even when you're not watching.

Read More

Configuration & Security Management for DevOps

Configuration testing should not only be an essential step in the overall development process, but also important in the process of installation of new apps for use on web and application servers. Without proper testing, apps can often fail or be open to vulnerabilities. Exposure to attack by hackers or viruses can lead to needless expenses and excessive time spent correcting these problems. It is not unusual for app developers to overlook the need for configuration testing, because they think that using automated methods like Chef, Puppet, or other systems to test the deployment of their products, will work just fine. They feel that by using these fully automated processes, they can test consistency, reproduce outputs adequately and determine if things are working as predicted or not. This kind of thinking can delay a timely product delivery, produce unnecessary costs and create additional workloads to address vulnerabilitiesthat can occur later in production.

Read More

IT Automation and It's Relationship With Configuration Testing

Why IT Automation Needs Configuration Testing

Read More

Configuration Tests as Automation Requirements

While there are many benefits to cloud computing, one of the major difficulties is migrating from the in-house servers to a cloud computing platform. Configuration issues can develop when a company does not have the right tools, and when it lacks clear communication.

Read More

Application Configuration Testing

Application Configuration Acceptance Testing - Huh?

Read More

Welcome Our Robot Overlords

Configuration Testing on a Fleet of Unmanned Ground Vehicles

Read More

Configuration Testing 101

Before delivery to the intended party, a system should be tested to figure out whether the requirements set forth in the contract have been met. Configuration acceptance testing is the fundamental means to assuage all doubts that the system will fall short of its intended purposes. It is an essential part of the testing phase of the Software Development Life-Cycle (SDLC), and perhaps the most vital in its category. The way in which the components of the system interact is the sure fire means of determining the susceptibility of the system to frequent errors and ultimately the strength of resistance to its implementation. Configuration acceptance testing is pivotal to the SDLC, and as such will be an integral part of the Application Life-cycle Management (ALM) policy of any firm. It reveals any available bugs and inadequacies in the system, enhancing the process of error correction and formulation of a suitable plan of action in the event undiscovered errors manifest and affect the system after it has been implemented.

Read More

Top 5 Configuration Errors in the Cloud for 2012

Misconfigurations are a major cause of problems in all areas of IT, from Development through to Operations. They can be responsible for data loss, security breaches, even total service outages.

Read More

We Are (On) the Robots

We've been focussed quite heavily on Enterprise sales to date so it was pretty refreshing when the chance came up for UpGuard to be applied in the academic sphere. Even more so when the specific application was in robotics.

Read More

Infrastructure as Code! You've Got Tests, Right?

You've used Chef/Puppet to automate your infrastructure, you can provision your virtual environment from scratch and deploy all your applications in minute. It’s magical. You've achieved Configuration Management Nirvana. What you've built is repeatable, saves time, increases efficiency and removes human error.

Read More

What is Cyber Resilience?

Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.

Read More