The internet is rife with bots and bad actors trying to compromise your servers. To counteract these threats it is necessary to diligently harden your systems to improve server security. Unfortunately, the hardening process can be complex or confusing. In this week’s episode 18 year old Orhun Parmaksiz shares the story of how he and his friends created the GrapheneX framework to simplify the process of securing and maintaining your servers using the power and flexibility of Python. If you run your own software then this is definitely worth a listen.
Do you want to try out some of the tools and applications that you heard about on Podcast.__init__? Do you have a side project that you want to share with the world? Check out Linode at linode.com/podcastinit or use the code podcastinit2020 and get a $20 credit to try out their fast and reliable Linux virtual servers. They’ve got lightning fast networking and SSD servers with plenty of power and storage to run whatever you want to experiment on.
What happens when your expanding log & event data threatens to topple your Elasticsearch strategy? Whether you’re running your own ELK Stack or leveraging an Elasticsearch-based service, unexpected costs and data retention limits quickly mount. Now try CHAOSSEARCH. Run your entire logging infrastructure on your AWS S3. Never move your data. Fully managed service. Half the cost of Elasticsearch. Check out this short video overview of CHAOSSEARCH today! Forget Elasticsearch! Try CHAOSSEARCH – search analytics on your AWS S3.
- Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
- When you’re ready to launch your next app or want to try a project you hear about on the show, you’ll need somewhere to deploy it, so take a look at our friends over at Linode. With 200 Gbit/s private networking, scalable shared block storage, node balancers, and a 40 Gbit/s public network, all controlled by a brand new API you’ve got everything you need to scale up. And for your tasks that need fast computation, such as training machine learning models, they just launched dedicated CPU instances. Go to pythonpodcast.com/linode to get a $20 credit and launch a new server in under a minute. And don’t forget to thank them for their continued support of this show!
- Having all of your logs and event data in one place makes your life easier when something breaks, unless that something is your Elastic Search cluster because it’s storing too much data. CHAOSSEARCH frees you from having to worry about data retention, unexpected failures, and expanding operating costs. They give you a fully managed service to search and analyze all of your logs in S3, entirely under your control, all for half the cost of running your own Elastic Search cluster or using a hosted platform. Try it out for yourself at pythonpodcast.com/chaossearch and don’t forget to thank them for supporting the show!
- You listen to this show to learn and stay up to date with the ways that Python is being used, including the latest in machine learning and data analysis. For even more opportunities to meet, listen, and learn from your peers you don’t want to miss out on this year’s conference season. We have partnered with organizations such as O’Reilly Media, Dataversity, Corinium Global Intelligence, Alluxio, and Data Council. Upcoming events include the combined events of the Data Architecture Summit and Graphorum, the Data Orchestration Summit, and Data Council in NYC. Go to pythonpodcast.com/conferences to learn more about these and other events, and take advantage of our partner discounts to save money when you register today.
- Your host as usual is Tobias Macey and today I’m interviewing Orhun Parmaksiz about GrapheneX, a framework for simplifying the process of hardening your servers
- How did you get introduced to Python?
- Can you start by explaining what we mean when we talk about hardening of servers?
- What are the common ways of hardening a system, which techniques can we use for this purpose?
- What are some of the high level categories of threats that operators should be considering?
- What is GrapheneX and what was your motivation for creating it?
- How does GrapheneX aid users in the process of increasing the security of their infrastructure?
- Is any extra operating system knowledge required for using GrapheneX?
- Can you talk through the workflow for someone using GrapheneX to harden their systems?
- What options does it support for managing deployment across a fleet of servers?
- Some security controls can actually prevent proper operation of the applications and services that are deployed on a server. How do you approach preventing those scenarios or educating the users in determining which controls are appropriate?
- Why did you choose Python for a project like GrapheneX?
- How is GrapheneX implemented?
- How has the design evolved since you first began working on it?
- If you were to start the project over today, what would you do differently?
- Do you accept contributions to the framework? If so, what kind of contributions are needed for improving GrapheneX?
- For someone who is interested in adding a new module to the framework, what is involved?
- What have you found to be the most interesting or challenging aspects of your work on GrapheneX?
- What, if any, aspects of server security have you consciously avoided implementing in GrapheneX?
- What are your future plans about the GrapheneX?
Keep In Touch
- Thank you for listening! Don’t forget to check out our other show, the Data Engineering Podcast for the latest on modern data management.
- Visit the site to subscribe to the show, sign up for the mailing list, and read the show notes.
- If you’ve learned something or tried out a project from the show then tell us about it! Email [email protected]) with your story.
- To help other people find the show please leave a review on iTunes and tell your friends and co-workers
- Join the community in the new Zulip chat workspace at pythonpodcast.com/chat
- New Modules for GNU/Linux & Windows (Issue)
- The Windows Server Hardening Checklist
- PCI-DSS 2.2 requirement- server hardening standards
- CIS Benchmarks