Seite wählen

NETWAYS Blog

NWS-ID for your Managed Kubernetes!

First Cloud, now Kubernetes – the integration of NWS-ID with our portfolio continues! As a next step, we will merge your Managed Kubernetes clusters with NWS-ID. Credit goes to Justin for extending our cluster stack with OpenID-Connect (OIDC), the base for NWS-ID!

How can you use your Kubernetes Cluster with NWS-ID?

All you need is kubelogin, a plugin for kubectl, and a customized kubeconfig, which can be downloaded in the NWS Customer Interface. But: this applies to newly started clusters only. Older installations need some action from you! Let’s go and see, what other scenarios there are!

If you have a cluster running with a Kubernetes v1.23 or greater, just enable NWS-ID in the Customer Interface. This will restart the kube-apiserver with some new parameters which will authenticate your requests against NWS-ID using OpenID-Connect.

For clusters in version v1.22 or less you need to update your cluster at least to v1.23 and enable NWS-ID in the Customer Interface. After your cluster is ready for NWS-ID you need to pimp your kubectl for OpenID-Connect.

kubectl and kubelogin

kubelogin is a plugin for kubectl, which enables authentication via OIDC. It is easily installed with brew, krew, choco or Github Releases as described in the official documentation. After the installation, just download your kubeconfig for NWS-ID from the Customer Interface and start using kubectl as usual!

If you have multiple Managed Kubernetes clusters it is easy to switch the context with kubectl config use-context MyCluster.

Permissions and Roles

If you’re not an admin in your organization, they must authorize your NWS-ID. This happens as usual in the user group management in the Customer Interface. As admin you can grant two different roles to your colleagues. Choose between admin and reader which will be mapped the to corresponding Kubernetes cluster role.

If you need some more detailed help, just have a look into our docs for User and Groups and Permissons.

What are the advantages of integrating our Managed Kubernetes with NWS-ID?

Combining these two services makes your daily work easier, because now you can:

  1. use a single login for the NWS Customer Interface, the Cloud Interface and your Kubernetes clusters
  2. effortless switch between your Managed Kubernetes clusters with a single kubeconfig
  3. use two-factor authentication for your Kubernetes clusters
  4. authorise your colleagues to access your clusters in the NWS-ID group management

What happens to the existing certificate authentication?

The authentication with the X509 client certificate is still available for everybody with the appropriate permissions in your organization.

 

Thanks again to Justin for expanding our Kubernetes stack! If you have any questions along the way, please feel free to contact us – we’re always there to help answer any open questions.

Achim Ledermüller
Achim Ledermüller
Senior Manager Cloud

Der Exil Regensburger kam 2012 zu NETWAYS, nachdem er dort sein Wirtschaftsinformatik Studium beendet hatte. In der Managed Services Abteilung ist er für den Betrieb und die Weiterentwicklung unserer Cloud-Plattform verantwortlich.

New at NWS: Managed OpenSearch

We’re happy to announce our brand new product Managed OpenSearch, which we are offering due to our new partnership with Eliatra Suite. Eliatra is your go-to company for OpenSearch, the Elastic Stack and Big Data Solutions based on specialised IT security knowledge.

 

About OpenSearch

OpenSearch is a scalable, flexible, and extensible open source software suite for search, analytics, and observability applications, licensed under Apache 2.0. Powered by Apache Lucene and driven by the OpenSearch Project community, OpenSearch provides a vendor-neutral toolset for building secure, performant, and cost-effective applications. Use OpenSearch as an end-to-end solution or connect it to your favorite open source tools or partner projects.

 

What’s Special for You?

Since we have an exclusive partnership with Eliatra, there’s also something special in for you! In case you’ll set up your Managed OpenSearch with NETWAYS Web Services you will receive a SearchGuard or Eliatra license on top at no cost for you! Sounds great, right?

 

Start Your OpenSearch Now!

If we have aroused your interest just get in touch with our sales team. They will create the perfect environment for your requirements.

We make sure that your OpenSearch experience is like it should be: Simple, Fast, and Secure.

Katja Kotschenreuther
Katja Kotschenreuther
Manager Marketing

Katja ist seit Oktober 2020 Teil des Marketing Teams. Als Manager Marketing kümmert sie sich um das Marketing für die Konferenzen stackconf und OSMC, die DevOpsDays Berlin, Open Source Camps, sowie unsere Trainings. In ihrer Freizeit reist sie gerne, bastelt, backt und im Sommer kümmert sie sich außerdem um ihren viel zu großen Gemüseanbau.

How I met your C2 : Basic Operational Security for Defense and Offense

Throughout this blogpost I want to share some awareness on search engines and current trends of fingerprinting. Some parts have tags for defense and offense. In the following Black Hats are considered evil and destructive, whereas Red Teams simulate Black Hats, allowing organizations to test their effective defenses by Blue Teams.

Warning: Make sure to follow your countries jurisdiction on using Shodan and Censys. In most countries querying keywords is not an issue for public available data, as it is public and has been harvested and tagged by the search engine itself already. This is just like google dorking something like Grafana intitle:Grafana – Home inurl:/orgid, private Keys: site:pastebin.com intext:”—–BEGIN RSA PRIVATE KEY—–” , or AWS Buckets: site:http://s3.amazonaws.com intitle:index.of.bucket .

Browser fingerprinting & custom malware

Sites like amiunique directly show how WebGL and other metadata tracks us. This is why TOR disables Javascript entirely and warns you about going fullscreen.

Offense:

Beef  and Evilgophish would be two OSS frameworks for fishing and victim browser exploitation, which have profiling included.

Defense:

You could use:
1) User Agent Spoofer for changing your Operating System
2) Squid in Paranoid Mode, to shred as many OS & hardware details as possible
3) Proxychains with Proxybroker to collect and rotate IPs. KASM allowing containerized throw away workspaces would also throw many attackers off conveniently.

Infrastructure tracking

Shodan has a list of filters to set, depending on your payment plan. Often advanced payment planes are not necessary (but you are limited to a number of queries/day), more so the correct hashes and keywords.

Recently Michal Koczwara a Threat Hunter, shared some great posts on targeting Black Hat infrastrastructure.

JARM TLS Fingerprinting

Firstly, what is a C2? It is a Command & Controll server that has Remote Code Execution over all the malware agents. Cobalt Strike is one of the top two C2 for Red Teamers and Black Hats. An analogy to monitoring would be an Icinga Master, which has visibility, alerting & code execution over multiple monitoring agents.

Defense:

Salesforce JARM is an amazing way to fingerprint the TLS handshaking method. This is because a TLS handshake is very unique, in addition to bundled TLS ciphers used. A basic Shodan query for this would be: ssl.jarm:”$ID-JARM”. Of course C2 developers could update their frameworks (but most don’t).

Below you see a query of Cobalt Strike JARM C2s and the top countries it is deployed in. Of course servers are individually visible too, but at this point I try to not leak the IPs.

.

This also works for Deimos C2, or any other C2.

You can find various lists of JARM hashes, and all you need to do is run JARM against an IP and port, to create your own lists. This could scale greatly tcpdump, Elastic or my little detector collecting IPs, and alert on the very first TCP connection (basically on the first stager phase of the malware, before any modules are pulled off the C2).

Offense:

Put your C2 behind a proxy, make sure to select a good C2 for operational security, and add randomization for the JARM.

Http.Favicon Hashes

For Favicons: Use Hash Calculators like this one here. This is quite common in bounty hunting to avoid Web Application Firewalls if the server has internet access without a full WAF tunnel. A basic Shodan query would be look this: http.favicon.hash:-$ID.

Http.html Hashes

There are even more OSINT indicators like those ones by BusidoUK which show http.html hashes impact on Metasploit http.html:”msf4″ or Miners http.html:”XMRig”. Some Black Hats or Red Teamers don’t even bother to put any authentication on their C2s at all?

 

Http.hml Hashes are brutal! You even find literally anything online, even defensive products like Nessus http.html:”nessus”

or Kibana http.html:”kibana”.

Fingerprinting Honeypots

Interestingly the chinese Version of Shodan, Zoomeye, is also offering fingerprinting honeypot detection in the VIP and Enterprise models. Some honeypots should really work on their Opsec, but of course this is an expensive cat and mouse game, and pull requests are always welcome right.

As of now I am diving more into honeypots with Elastic backends, and even complete Active Directory Honeypots, to help you as our customers more in the future.

In case you’re interested in consultancy services about Icinga 2, Elastic or another of our supported applications feel free to contact us at any time!

 

Cloud Services and NWS-ID – It’s a match!

We’re starting the new year with a new integration for you! As announced last year, the integration of further products with NWS-ID will continue in 2023! From now on the NWS Cloud Services are integrated with NWS-ID.

What are the advantages of integrating our Cloud Services with NWS-ID?

Combining these two services makes your daily work easier, because now you can:

  1. use a single login for both interfaces (Customer Interface and Cloud Interface)
  2. effortless switch between OpenStack projects, in the Customer Interface, in the Cloud Interface (Horizon) and on the OpenStack CLI
  3. use two-factor authentication for your Cloud Services
  4. authorise your colleagues to access your OpenStack projects in the NWS-ID group management

How can you use the Cloud Interface with NWS-ID?

Select NWS-ID at cloud.netways.de, log in and you’re done – simple as that! If you’re not an admin in your organization, they must authorize your NWS-ID. This happens as usual in the user group management in the customer interface.

How do I use the OpenStack-CLI with NWS ID?

As usual, you need an OpenStack Environment File. You can find a version adapted for NWS-ID under Get Started in your OpenStack project in the Customer Interface or in our NWS Docs.
If you’re a member of several OpenStack projects, you can easily switch between them. Simply source the OpenStack Environment File again to get a selection.
Don’t have the official OpenStack CLI client yet? No problem – you can get help in the NWS Docs!

What happens to the existing login?

The existing login can still be used, e.g. in your scripts or tools like Terraform. The password can be changed as usual on cloud.netways.de or via the OpenStack CLI.

What’s coming next?

For a more effortless access, we will gradually integrate our portfolio with NWS-ID. We are already playing with kubelogin and we are looking for a simple Vault SSH integration to extend the reach of your NWS-ID to your OpenStack Cloud Servers.
The same procedure as last year still applies. Please give us a little time to implement the integrations and we will of course come back to you as soon as possible! If you have any questions along the way, please feel free to contact us – we’re always there to help answer any open questions.

Achim Ledermüller
Achim Ledermüller
Senior Manager Cloud

Der Exil Regensburger kam 2012 zu NETWAYS, nachdem er dort sein Wirtschaftsinformatik Studium beendet hatte. In der Managed Services Abteilung ist er für den Betrieb und die Weiterentwicklung unserer Cloud-Plattform verantwortlich.

Was NWS Docs ist und wozu es dient

Vor zwei Wochen haben wir unser neues NWS ID realeasd und vorgestellt – heute möchten wir Dir noch etwas neues vorstellen: das NWS Docs. Es soll Dir dabei helfen, bei Fragen rund um Dein Costumer Interface oder sämtlichen Anwendungen, den richtigen Lösungsweg und Deine Antworten zu finden! Es gilt natürlich trotzdem immer noch: Falls Du nicht weiterkommst, helfen wir Dir auch gerne 😊

 

Wie finde ich das NWS Docs?

Erreichen kannst Du es über docs.nws.netways.de. Du brauchst hier keinerlei Log-In Credentials. Egal ob, NWS-Account oder nicht – Du kannst immer darauf zugreifen.

 

Wie ist es aufgebaut?

Wir haben zu jedem Überpunkt, ein sogenanntes Buch erstellt. Tatsächlich ist es auch genauso aufgebaut: in einem Buch sind mehrere Seiten, mit verschiedenen Themen und Produkten. Zum Beispiel findest Du in dem Buch “Contracts” jegliche Themen, die Verträge betreffen, z.B. Zahlungsmethoden, Vertragsbedingungen, Kündigungsfristen etc. In dem “Kuberntes” Buch z.B., wollen wir Dir unseren Tech-Stack weitergeben, um Dir den Umgang mit K8s zu erleichtern. Wenn Du also Fragen zu Kubernetes & Co hast, findest Du sie in den jeweiligen Büchern.

Unter “Suche” kannst Du auch einfach Schlagwörter eingeben, wenn Du Dich nicht durch die Bücher wühlen möchtest und schneller zu einem Ergebnis kommen willst.

Auf der linken Seite der Startseite, werden Dir auch die letzten Änderungen angezeigt. Wenn wir zum Beispiel eine neue Seite hinzugefügt, eine Seite aktualisiert haben oder sogar ein neues Buch erstellt haben. So erhältst Du einen Überblick der letzten Updates, ohne Dich durch die Bücher durchklicken zu müssen.

 

Natürlich wird unser Docs dauerhaft geupdatet und neue Informationen werden hinzukommen. Stand jetzt ist es zwar noch nicht vollständig – wir werden es aber im Laufe der Zeit befüllen. Trotz der Unvollständigkeit, wollten wir es Dir nicht vorenthalten und unsere ersten Anleitungen und Informationen schon jetzt mit Dir teilen. Wir hoffen es gefällt Dir und macht Dir den Umgang mit Deinem Account oder Deiner Anwendung leichter!

Bei Fragen kannst Du Dich immer gerne an uns wenden. Du erreichst uns entweder unter sales@netways.de, unserem LiveChat oder Du rufst einfach unter der +49 911 92885-0 während unserer Geschäftszeiten an. Wir freuen uns auf Dich!

Leonie Pehle
Leonie Pehle
Account Manager

Leonie ist seit September 2019 bei NETWAYS und hat dort eine Ausbildung zur Kauffrau für Büromanagement erfolgreich abgeschlossen. Seit Juli 2022 unterstützt sie uns als Account Manager im Bereich Sales für NETWAYS Web Services. In ihrer Freizeit ist sie aktive Hobbyfotografin, immer auf der Suche nach dem perfekten Schnappschuss. Darüber hinaus ist sie immer im Stadion zu finden,  wenn der 1.FC Nürnberg spielt.