week 02, 2022

SSH Bastion Host Best Practices

SSH bastion hosts are an indispensable security enforcement stack for secure infrastructure access. Every security compliance standard that deals with remote infrastructure access (e.g., FedRAMP AC-17 - Remote Access, HIPAA §164.312(a)(1) - Access control, SOC2 CC6.1 - Manage Points of Access) mandates preventing direct network access to the servers and APIs. Although it is relatively easy to deploy a bastion host in your infrastructure, it should be noted that securing a bastion host requires careful consideration from design to deployment. After all, bastion hosts are the first target for attackers looking to compromise access to infrastructure.

Source: SSH Bastion host best practices: How to Build and Deploy a Security-Hardened SSH Bastion Host, an article by Sakshyam Shah.

How I build a feature

I’m maintaining a lot of different projects at the moment. I thought it would be useful to describe the process I use for adding a new feature to one of them, using the new sqlite-utils create-database command as an example.

I like each feature to be represented by what I consider to be the perfect commit—one that bundles together the implementation, the tests, the documentation and a link to an external issue thread.

Source: How I build a feature, an article by Simon Willison.

How to find a domain's authoritative nameservers

Here’s a very quick “how to” post on how to find your domain’s authoritative nameserver.

I’m writing this because if you made a DNS update and it didn’t work, there are 2 options:

  1. Your authoritative nameserver doesn’t have the correct record
  2. Your authoritative nameserver does have the correct record, but an old record is cached and you need to wait for the cache to expire

To be able to tell which one is happening (do you need to make a change, or do you just need to wait?), you need to be able to find your domain’s authoritative nameserver and query it to see what records it has.

Source: How to find a domain's authoritative nameservers, an article by Julia Evans.

The Dark Hours

There’s chaos in Hollywood at the end of the New Year’s Eve countdown. Working her graveyard shift, LAPD detective Renée Ballard waits out the traditional rain of lead as hundreds of revelers shoot their guns into the air. Only minutes after midnight, Ballard is called to a scene where a hardworking auto shop owner has been fatally hit by a bullet in the middle of a crowded street party.

Ballard quickly concludes that the deadly bullet could not have fallen from the sky and that it is linked to another unsolved murder—a case at one time worked by Detective Harry Bosch. At the same time, Ballard hunts a fiendish pair of serial rapists, the Midnight Men, who have been terrorizing women and leaving no trace.

Determined to solve both cases, Ballard feels like she is constantly running uphill in a police department indelibly changed by the pandemic and recent social unrest. It is a department so hampered by inertia and low morale that Ballard must go outside to the one detective she can count on: Harry Bosch. But as the two inexorable detectives work together to find out where old and new cases intersect, they must constantly look over their shoulders. The brutal predators they are tracking are ready to kill to keep their secrets hidden.

In the evening I started in The Dark Hours by Michael Connelly.