Tuesday, March 24, 2020

My best practices for 2FA and FIDO2 security keys

Some of my FIDO2 security keys
Since starting my journey (and blogs) with FIDO2 security keys, I got questions about how I use the keys and how I set up my various accounts for 2nd factor authentication. In this blog post, I am trying to address those questions and briefly discuss different types of FIDO2 keys. So let's get started...

Monday, March 23, 2020

Obtaining device metadata for FIDO / FIDO2 security devices

Zoo of FIDO2 security keys
Last year, I started my journey to passwordless logins. I bought my first FIDO2 USB security key. Then, I added the key as an alternative to time-based one-time passwords (TOTP) to my online accounts where possible. Over time, I got more FIDO devices and also enabled an IBM Cloud tutorial on end-to-end security for passwordless support. What I learned through the process is that sometimes device metadata is important. So today I am going to write about what it is and where / how to obtain it.

Wednesday, March 18, 2020

My best practices for home office - Corona edition

Take some rest
If you follow my blog, you may already know that I work from home since more than 12 years. Except for some business travel, I tend to do the "things" considered work from a dedicated room in my house in Germany. Over the past years, I tried to find the balance between being productive (team, customers, employer, ...), take care of my family, socialize where possible and staying sane and healthy. Here are some of my best practices. They may or may not work for you, but at least give you some inspiration.

Thursday, March 12, 2020

How to: Slack or email notifications for IBM Cloud security issues

Architecture for security notifications
In my past blogs I introduced you to IBM Cloud Security Advisor and how to integrate your own security scans. You can view all security findings in the security advisor dashboard. Another option is to get alerted for your choice of new security issues. For this you need to set up notification channels and messaging. In today's blog I am going to explain details and share my code.

Tuesday, March 3, 2020

Use Cloud Functions for security scans (IBM Cloud Security Advisor)

Result of a serverless security scan
After the introduction to custom metrics in IBM Cloud Security Advisor and an overview of how to manage custom findings on the command line, I am going to discuss how you can perform your own security scans and add the results to the security advisor. My code is written in Python, but any other language is fine, too. I utilize IBM Cloud Functions to run in the scans in a serverless fashion. The code and instructions are available on GitHub.

Monday, March 2, 2020

Manage your Security Advisor custom findings from the command line

List Security Advisor notes via CLI
In my recent post, I introduced you to the IBM Cloud Security Advisor and how it can be extended with your own metrics (custom findings). I also pointed to the API and Python and Node.js SDKs that allow to interface with the security advisor. Now, I am going to share details on how you can easily manage your findings objects. For that, I am utilizing the Python SDK. I wrote a small command line tool for the security advisor with the code available on GitHub.

Extend IBM Cloud Security Advisor with your own security metrics

Custom findings in Security Advisor
The IBM Cloud Security Advisor allows for centralized security management. It offers a unified dashboard that alerts security administrators for an IBM Cloud account of issues and helps them in resolving the issues. The advisor supports the integration of third-party vendors as well as custom findings. Using a REST API or programming language SDKs, it is possible to manage your own security metrics - from creating incident types and events to displaying them on the unified dashboard. In this and a follow-up post, I am going to give you a quick introduction to the Security Advisor and then discuss the code I made available on GitHub in the repo security-advisor-findings. It simplifies to management of custom objects and provides functions for some of my security scans.