Forem: Abishek Haththakage

Terraform Isn’t What I Expected: Hidden Things You Should Know

Abishek Haththakage — Fri, 27 Mar 2026 07:52:16 +0000

Terraform is an Infrastructure as Code (IaC) tool made by HashiCorp. Instead of clicking around in the AWS or Azure console to create servers, databases, and networks, you write code that describes the infrastructure you want, and Terraform makes it happen. Automatically. Repeatably. Safely.

When I started learning Terraform, I came across a lot of interesting and unexpected things that aren’t usually explained in most tutorials.

Most guides focus on the basics, how to create resources, run plan, and apply changes. But as I went deeper, I found concepts and behaviors that really changed how I understand and use Terraform.

So in this post, I’m sharing those less obvious but important things I learned along the way, the kind of knowledge that actually makes you more confident using Terraform in real-world scenarios.

Let's dive in.

1. Implicit vs Explicit Dependencies

When Terraform creates infrastructure, it needs to know the right order to create things. You can't create a subnet before the VPC it belongs to, for example. Terraform handles this through dependencies.

Implicit Dependencies (The Automatic Way)

When one resource references an attribute of another, Terraform automatically figures out the order. You don't need to write anything extra.

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "subnet1" {
  vpc_id     = aws_vpc.main.id   # This reference tells Terraform: VPC first!
  cidr_block = "10.0.1.0/24"
}

Terraform sees that subnet1 needs aws_vpc.main.id, so it automatically creates the VPC before the subnet. Clean, simple, and the preferred approach.

Explicit Dependencies (The Manual Way)

Sometimes there's no direct attribute reference between resources, but you still need one to be created before the other. In that case, use depends_on.

resource "aws_instance" "app" {
  ami           = "ami-123456"
  instance_type = "t2.micro"

  depends_on = [aws_security_group.sg]
}

resource "aws_security_group" "sg" {
  name = "app-sg"
}

Even though the instance doesn't reference the security group directly, depends_on forces Terraform to create the security group first.

	Implicit	Explicit
Setup	Automatic	Manual (`depends_on`)
When to use	Most of the time	Hidden or indirect dependency
Recommended	Yes	Only when needed

Simple Rule: If Terraform can detect the relationship → use implicit. If it can't → use depends_on.

2. Managing State with terraform state

Terraform keeps a state file that tracks all the infrastructure it manages. The terraform state command lets you inspect and manipulate this file.

Here are the subcommands you'll use most often:

# See everything Terraform is currently managing
terraform state list

# Inspect detailed attributes of one resource
terraform state show aws_instance.my_ec2

# Rename a resource without recreating it (useful when refactoring code)
terraform state mv aws_instance.old aws_instance.new

# Stop Terraform from managing a resource (the real resource still exists!)
terraform state rm aws_instance.my_ec2

# Download the raw state file (useful for backups)
terraform state pull

# Upload a state file (use with extreme caution)
terraform state push terraform.tfstate

# Change provider references inside state
terraform state replace-provider \
  registry.terraform.io/hashicorp/aws \
  registry.terraform.io/custom/aws

Command	What It Does
`list`	Show all tracked resources
`show`	Inspect one resource in detail
`mv`	Rename/move without recreating
`rm`	Remove from state (cloud resource stays!)
`pull`	Download state JSON
`push`	Upload state (risky — overwrites!)
`replace-provider`	Swap provider namespace

⚠️ Always back up your state file before making manual changes. A corrupted state file is one of the worst things that can happen to a Terraform project.

3. Heredoc Syntax

Sometimes you need to pass a multi-line string into a resource — like a shell script for an EC2 instance's startup commands, or a JSON config block. That's where heredoc syntax comes in.

Basic Heredoc

resource "aws_instance" "example" {
  user_data = <<EOF
#!/bin/bash
echo "Hello, World"
apt update
apt install -y nginx
EOF
}

Everything between <<EOF and EOF is treated as a single string.

Indented Heredoc (Recommended)

Using <<-EOF (note the dash) lets you indent the content for cleaner, more readable code:

resource "aws_instance" "example" {
  user_data = <<-EOF
    #!/bin/bash
    echo "Cleaner indentation"
    apt update
  EOF
}

With Variable Interpolation

You can use Terraform variables inside a heredoc:

variable "app_name" {
  default = "MyApp"
}

output "welcome_message" {
  value = <<-EOF
    Hello from ${var.app_name}
    Terraform is managing this infrastructure.
  EOF
}

💡 Tips: The closing delimiter must be on its own line with no trailing spaces. Use <<-EOF whenever you can — it keeps your code visually clean.

4. Provisioners

Provisioners let you run scripts or commands on a resource after it's created (or before it's destroyed). Think of them as a way to do last-mile setup that Terraform's declarative model doesn't cover.

⚠️ Important: Terraform itself recommends treating provisioners as a last resort. Prefer native options like user_data, cloud-init, or configuration management tools like Ansible whenever possible.

local-exec — Runs on Your Machine

resource "aws_instance" "example" {
  ami           = "ami-123456"
  instance_type = "t2.micro"

  provisioner "local-exec" {
    command = "echo 'Instance created at ${self.public_ip}'"
  }
}

Use this to trigger local scripts, send notifications, or log events.

remote-exec — Runs Inside the Resource

resource "aws_instance" "example" {
  ami           = "ami-123456"
  instance_type = "t2.micro"

  connection {
    type        = "ssh"
    user        = "ubuntu"
    private_key = file("key.pem")
    host        = self.public_ip
  }

  provisioner "remote-exec" {
    inline = [
      "sudo apt update",
      "sudo apt install -y nginx"
    ]
  }
}

file — Copies Files to the Resource

provisioner "file" {
  source      = "app.conf"
  destination = "/tmp/app.conf"
}

Destroy-Time Provisioner

provisioner "local-exec" {
  when    = destroy
  command = "echo 'Cleaning up before destroy'"
}

Provisioner	Runs Where	Common Use
`local-exec`	Your local machine	Notifications, logging, local scripts
`remote-exec`	Inside the created resource	Package installs, service config
`file`	Local → Remote	Upload config files or scripts

5. Provisioner Behavior

Understanding when and how provisioners run is important — especially because they can behave in surprising ways.

They only run on creation (or recreation), not every apply.

If you change a tag on an EC2 instance, Terraform updates the tag — but it does not re-run any provisioners. Provisioners only re-run if the resource is destroyed and recreated.

They run in order.

If you define multiple provisioners on one resource, they execute sequentially from top to bottom.

Failure stops everything by default.

provisioner "remote-exec" {
  inline     = ["exit 1"]
  on_failure = continue   # use "continue" to ignore errors, "fail" to stop (default)
}

They are NOT tracked in state.

Terraform records that a resource exists, but it has no idea what your provisioner actually changed inside that resource. This makes provisioners hard to reason about over time.

Key insight: Provisioners break Terraform's clean declarative model. The more you rely on them, the harder your infrastructure becomes to maintain and reproduce.

6. Taint and Replace

Sometimes a resource ends up in a bad state — a provisioner failed midway through, someone manually changed it, or it's just broken. You need to force Terraform to destroy and recreate it.

The Old Way: terraform taint (Deprecated)

terraform taint aws_instance.my_ec2   # Mark as "needs replacement"
terraform apply                       # Destroys + recreates on next apply

terraform untaint aws_instance.my_ec2 # Change your mind? Undo it.

The Modern Way: -replace Flag (Recommended)

terraform apply -replace="aws_instance.my_ec2"

This does the same thing — destroys and recreates — but in a single step, with no intermediate state change. It's cleaner and less error-prone.

	`taint` (legacy)	`-replace` (modern)
Steps	2 (taint + apply)	1
Recommended	No	Yes

⚠️ Recreating a resource causes downtime. Always run terraform plan first to understand the full impact before applying.

7. Debugging Terraform

When things go wrong (and they will), here's how to figure out what's happening.

Enable Detailed Logs

export TF_LOG=DEBUG
export TF_LOG_PATH=terraform.log
terraform apply

Log levels from least to most verbose: ERROR → WARN → INFO → DEBUG → TRACE

Use DEBUG for most issues. Only reach for TRACE when you're really stuck — it's extremely noisy.

Your Standard Debug Toolkit

terraform validate          # Check for syntax errors
terraform fmt               # Auto-fix formatting (easier to spot mistakes)
terraform plan              # See what Terraform wants to do
terraform state list        # What is Terraform managing?
terraform state show <resource>  # What are the actual values?

The Interactive Console

terraform console

This opens a REPL where you can test expressions interactively:

> var.environment
"production"
> length(var.subnet_ids)
3
> aws_instance.web.public_ip
"54.23.11.100"

It's incredibly useful for debugging variables, expressions, and outputs without running a full apply.

Quick Debug Reference

Problem	Where to Look
Resource not created	`terraform plan` + check dependencies
Wrong values	`terraform console` + check variable definitions
Provisioner fails	`TF_LOG=DEBUG` + check SSH connection
Unexpected changes	`terraform state show` vs real infra
Provider errors	Check authentication and permissions

💡 Never commit your debug log files — they may contain API keys and other secrets.

8. Importing Existing Infrastructure

You've probably inherited some infrastructure that was created manually — either by clicking around in the AWS console or by a script. terraform import lets you bring that existing infrastructure under Terraform's management.

Important: Import only adds the resource to Terraform's state. It does NOT generate .tf code for you, and it doesn't touch the real infrastructure.

The Classic Import Workflow

# Step 1: Write the resource config in your .tf file
resource "aws_instance" "my_ec2" {
  ami           = "ami-xxxx"
  instance_type = "t2.micro"
}

# Step 2: Import the real resource into state
terraform import aws_instance.my_ec2 i-1234567890abcdef0

# Step 3: Run plan — you'll probably see differences
terraform plan
# Update your .tf config to match until plan shows no changes

The Modern Way: Import Blocks (Terraform 1.5+)

import {
  to = aws_instance.my_ec2
  id = "i-1234567890abcdef0"
}

Then just run terraform apply. This approach is declarative, version-controlled, and much cleaner.

Feature	Classic Import	Import Block (1.5+)
Declarative	No	Yes
Version controlled	No	Yes
Recommended	For older setups	Preferred

9. Modules

As your infrastructure grows, putting everything in one giant main.tf file becomes unmanageable. Modules are Terraform's solution — they let you organize, reuse, and share infrastructure code.

Think of a module like a function: it takes inputs (variables), does some work (creates resources), and returns outputs.

Module Directory Structure

modules/
└── webserver/
    ├── main.tf        # The actual resources
    ├── variables.tf   # Input variables
    └── outputs.tf     # Values exposed to the caller

Defining a Module

# modules/webserver/variables.tf
variable "instance_type" {
  type    = string
  default = "t2.micro"
}

variable "ami" {
  type = string
}

# modules/webserver/main.tf
resource "aws_instance" "web" {
  instance_type = var.instance_type
  ami           = var.ami
}

# modules/webserver/outputs.tf
output "public_ip" {
  value = aws_instance.web.public_ip
}

Calling a Module

# root main.tf
module "web" {
  source        = "./modules/webserver"
  instance_type = "t2.micro"
  ami           = "ami-123456"
}

# Use the module's output
output "server_ip" {
  value = module.web.public_ip
}

Module Sources

Modules can come from anywhere:

# Local folder
source = "./modules/webserver"

# Git repository
source = "git::https://github.com/your-org/tf-modules.git//webserver"

# Terraform Registry (public or private)
source = "hashicorp/consul/aws"

Best Practice: Keep modules small and focused on a single concern. Use variables for flexibility and outputs to expose only what callers need.

10. plan --refresh=false

By default, when you run terraform plan, Terraform does two things:

Refresh — queries your cloud provider (AWS, Azure, etc.) to get the current real state of all resources
Compare — checks that against your code and state file, then shows what needs to change

The --refresh=false flag skips step 1. Terraform works only from its cached state file, without making any API calls to check live infrastructure.

terraform plan                  # Default: queries live infra
terraform plan --refresh=false  # Faster: uses cached state only

When is this useful?

In CI/CD pipelines where speed matters and you're confident the state matches reality
When cloud API calls are slow or rate-limited
When you're iterating quickly on code changes and don't need drift detection

When is it risky?

If someone has made manual changes outside Terraform, you won't detect them
The apply could produce unexpected results if the cached state is stale

💡 For day-to-day manual runs, always keep refresh enabled. Use --refresh=false only in controlled environments.

11. The file() Function

The file() function reads a local file and returns its contents as a string. It's one of the most commonly used functions in real Terraform projects.

# Pass a shell script to an EC2 instance's startup commands
resource "aws_instance" "web" {
  ami           = "ami-123456"
  instance_type = "t2.micro"
  user_data     = file("scripts/setup.sh")
}

# Upload a config file to S3
resource "aws_s3_object" "config" {
  bucket  = aws_s3_bucket.my_bucket.id
  key     = "app.conf"
  content = file("config/app.conf")
}

If you need dynamic content — where parts of the file change based on variables — use templatefile() instead:

user_data = templatefile("scripts/setup.sh.tpl", {
  app_name = var.app_name
  port     = var.port
})

Function	Input	Use When
`file()`	Static file	Content never changes
`templatefile()`	File + variables map	Content has dynamic parts

12. Built-in Functions

Terraform includes a rich set of built-in functions for manipulating values. Here's a practical overview of each category.

Numeric Functions

abs(-5)        # → 5     (absolute value)
ceil(2.3)      # → 3     (round up)
floor(2.7)     # → 2     (round down)
max(4, 7, 2)   # → 7
min(4, 7, 2)   # → 2
pow(2, 3)      # → 8     (2 to the power of 3)

String Functions

upper("hello")              # → "HELLO"
lower("WORLD")              # → "world"
trim("  hello  ")           # → "hello"
replace("a-b-c", "-", "_") # → "a_b_c"
substr("Terraform", 0, 5)  # → "Terra"
join("-", ["a", "b", "c"]) # → "a-b-c"
split("-", "a-b-c")        # → ["a", "b", "c"]
length("hello")             # → 5

Collection Functions

concat([1, 2], [3, 4])       # → [1, 2, 3, 4]
length([1, 2, 3])            # → 3
element(["a", "b", "c"], 1)  # → "b"
contains([1, 2, 3], 2)       # → true
distinct([1, 2, 2, 3])       # → [1, 2, 3]
flatten([[1, 2], [3, 4]])    # → [1, 2, 3, 4]

Map Functions

merge({a = 1}, {b = 2})        # → {a = 1, b = 2}
lookup({a = 1}, "b", 0)        # → 0 (returns default if key missing)
keys({a = 1, b = 2})           # → ["a", "b"]
values({a = 1, b = 2})         # → [1, 2]
zipmap(["a", "b"], [1, 2])     # → {a = 1, b = 2}

Type Conversion Functions

tostring(10)      # → "10"
tonumber("5")     # → 5
tolist([1, 2])    # → [1, 2]
tomap({a = 1})    # → {a = 1}

Real-World Example Combining Functions

variable "names" {
  default = ["alice", "bob", "alice", "carol"]
}

output "unique_upper_names" {
  value = [for n in distinct(var.names) : upper(n)]
}
# Result: ["ALICE", "BOB", "CAROL"]

13. Operators and Conditional Expressions

Arithmetic Operators

5 + 3   # → 8
5 - 3   # → 2
5 * 3   # → 15
10 / 2  # → 5
10 % 3  # → 1  (remainder)
2 ** 3  # → 8  (exponent)

Comparison Operators

5 == 5   # → true
5 != 3   # → true
5 > 3    # → true
3 < 5    # → true
5 >= 5   # → true
3 <= 5   # → true

Logical Operators

true && false   # → false  (AND)
true || false   # → true   (OR)
!true           # → false  (NOT)

The Ternary (Conditional) Expression

Terraform uses the same ternary pattern as many programming languages:

condition ? value_if_true : value_if_false

variable "environment" {
  default = "prod"
}

output "instance_type" {
  value = var.environment == "prod" ? "t2.large" : "t2.micro"
}
# prod → "t2.large", anything else → "t2.micro"

Cleaner Pattern: Map Lookup

For more than two options, nested ternaries get messy fast. A map lookup is far more readable:

locals {
  instance_sizes = {
    prod  = "t2.large"
    stage = "t2.medium"
    dev   = "t2.micro"
  }
}

output "instance_type" {
  value = local.instance_sizes[var.environment]
}

💡 Prefer map lookups over nested ternaries. They are easier to read, test, and extend when you add new environments.

14. Workspaces

Workspaces let you use a single Terraform configuration to manage multiple separate environments — each with its own isolated state file.

Every Terraform project starts with one workspace called default. You can create more as needed.

terraform workspace list              # * default (the * shows current)
terraform workspace new dev           # Create and switch to "dev"
terraform workspace select staging    # Switch to "staging"
terraform workspace show              # Print current workspace name
terraform workspace delete dev        # Delete (can't delete current)

Using Workspace Name in Resources

resource "aws_s3_bucket" "app" {
  bucket = "myapp-${terraform.workspace}-data"
}

When the workspace is dev, this creates myapp-dev-data. When it's prod, it creates myapp-prod-data. Same code — separate, isolated infrastructure.

When to Use Workspaces (and When Not To)

Good fit: Simple dev/staging/prod splits where all environments use almost the same config.

Not a good fit: Large, complex environments with significantly different configurations or many dependencies. For those, use separate directories with separate state backends.

15. Mutable vs Immutable Infrastructure

This is one of the most important conceptual distinctions in modern DevOps.

Mutable Infrastructure

You create a server once, and then change it in place over time — installing updates, patching software, modifying configs.

# Change instance_type → Terraform updates the existing instance
resource "aws_instance" "web" {
  instance_type = "t2.small"  # was t2.micro
}

Pros: Faster individual updates, less resource churn.

Cons: Over time, each server accumulates a unique history of changes. This is called configuration drift, and it makes environments hard to reproduce and debug.

Immutable Infrastructure

Instead of changing a server, you replace it entirely with a new one built from a fresh image.

# Change AMI → Terraform destroys old instance, creates new one
resource "aws_instance" "web" {
  ami = "ami-new-version-456"  # was ami-old-version-123
}

Pros: Environments are consistent and reproducible. Rollbacks are easy — just deploy the previous version. No drift.

Cons: Requires automation maturity (image baking with Packer, CI/CD pipelines).

Simple way to remember:
Mutable → "Fix the server"
Immutable → "Replace the server"

Modern DevOps strongly favors immutable infrastructure. Terraform makes this natural when combined with tools like Packer and Auto Scaling Groups.

16. Configuration Drift

Configuration drift is the gap between what your Terraform code says your infrastructure should look like, and what it actually looks like in the cloud.

It happens when changes are made outside of Terraform:

Someone SSHes into a server and changes a config file
A developer resizes an instance through the AWS console
An automated script modifies a resource directly
A hotfix is applied directly to production

Why it's a problem:

Drift means your infrastructure is no longer reproducible. If you need to rebuild, you'll get something different from what's running. It also means bugs that only exist in drifted environments, which are notoriously hard to track down.

How Terraform detects it:

terraform plan

Terraform compares your code (desired state) against live infrastructure (actual state) and shows you the differences. Run this regularly — it's your drift detector.

How to prevent it:

Use immutable infrastructure (replace, don't patch)
Route all changes through Terraform and CI/CD — no manual console edits
Run terraform plan on a schedule to catch drift early
Limit direct SSH access to servers

17. Lifecycle Rules

The lifecycle block gives you control over how Terraform handles a resource's creation, update, and deletion.

resource "aws_instance" "web" {
  ami           = "ami-123"
  instance_type = "t2.micro"

  lifecycle {
    create_before_destroy = true
    prevent_destroy       = true
    ignore_changes        = [tags]
    replace_triggered_by  = [aws_ami.new_image]
  }
}

create_before_destroy

By default, when Terraform needs to replace a resource, it destroys the old one first, then creates the new one. This causes downtime.

lifecycle {
  create_before_destroy = true
}

With this flag, Terraform creates the new resource first, then destroys the old one. Much better for production.

prevent_destroy

Protect critical resources from accidental deletion:

lifecycle {
  prevent_destroy = true
}

If anyone runs terraform destroy targeting this resource, Terraform throws an error instead of deleting it. Essential for databases and storage.

ignore_changes

Tell Terraform to ignore changes to specific attributes:

lifecycle {
  ignore_changes = [tags, instance_type]
}

Useful when an external system modifies a resource (like an auto-scaler changing instance counts), and you don't want Terraform to fight it.

⚠️ Use ignore_changes carefully. It can hide real configuration problems by instructing Terraform to look away.

replace_triggered_by

Force a resource to be recreated when something else changes:

lifecycle {
  replace_triggered_by = [aws_ami.new_image]
}

When the AMI changes, this instance will be rebuilt — even if the instance's own config didn't change.

Rule	What It Does	Best Used For
`create_before_destroy`	New before old is deleted	Zero-downtime updates
`prevent_destroy`	Blocks accidental deletion	Databases, critical storage
`ignore_changes`	Ignores drift on listed attributes	Externally managed attributes
`replace_triggered_by`	Forces rebuild on dependency change	Immutable infra patterns

18. Meta-Arguments

Meta-arguments are special Terraform arguments that control how Terraform manages a resource — not what the resource itself looks like. They work on any resource type.

count — Create Multiple Copies

resource "aws_instance" "web" {
  count         = 3
  instance_type = "t2.micro"
  ami           = "ami-123456"
}
# Creates: web[0], web[1], web[2]

for_each — Create Named Resources from a Map

resource "aws_instance" "web" {
  for_each = {
    frontend = "t2.micro"
    backend  = "t2.small"
    worker   = "t2.medium"
  }

  instance_type = each.value
  ami           = "ami-123456"
}
# Creates: web["frontend"], web["backend"], web["worker"]

depends_on — Force Explicit Ordering

resource "aws_instance" "app" {
  ami           = "ami-123456"
  instance_type = "t2.micro"
  depends_on    = [aws_security_group.app_sg]
}

lifecycle — Customize Resource Behavior

(Covered in detail in the previous section.)

provider — Use a Specific Provider Configuration

resource "aws_instance" "eu_server" {
  provider      = aws.eu_west
  ami           = "ami-eu-123"
  instance_type = "t2.micro"
}

Useful for multi-region setups where you have multiple provider aliases configured.

Meta-Argument	Purpose
`count`	Create N copies (index-based)
`for_each`	Create named resources from map/set
`depends_on`	Force dependency order
`lifecycle`	Customize create/update/delete behavior
`provider`	Choose provider alias/configuration

19. for_each vs count

Both count and for_each create multiple resources, but they behave very differently when you make changes — and the difference matters a lot in production.

The Problem with count

variable "servers" {
  default = ["web", "api", "worker"]
}

resource "aws_instance" "servers" {
  count         = length(var.servers)
  instance_type = "t2.micro"
  ami           = "ami-123456"
}
# Creates: servers[0] (web), servers[1] (api), servers[2] (worker)

Now imagine you need to remove "api" from the middle:

default = ["web", "worker"]  # removed "api"

Terraform sees that servers[1] now should be "worker" (which used to be servers[2]). The result: it destroys and recreates both servers[1] and servers[2]. You wanted to delete one server, but you accidentally triggered a replacement of two.

The Solution: for_each

resource "aws_instance" "servers" {
  for_each = {
    web    = "t2.micro"
    api    = "t2.small"
    worker = "t2.medium"
  }

  instance_type = each.value
  ami           = "ami-123456"
}
# Creates: servers["web"], servers["api"], servers["worker"]

Remove api:

for_each = {
  web    = "t2.micro"
  worker = "t2.medium"
}

Terraform deletes only servers["api"]. The others are untouched.

	`count`	`for_each`
Identifier	Index (0, 1, 2)	Key ("web", "api")
Remove middle item	Can shift and recreate others	Only that item deleted
Best for	Identical, interchangeable resources	Named, distinct resources
Production use	Use with caution	Strongly preferred

🔥 Rule of thumb: Default to for_each. Use count only for truly identical resources where order doesn't matter.

20. Version Constraints

Terraform configurations can specify which versions of Terraform itself and its providers are allowed. This is crucial for keeping deployments stable and preventing breaking changes from sneaking in during upgrades.

terraform {
  required_version = ">= 1.3.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

Constraint Operators Explained

version = "= 5.0.0"    # Exactly this version — nothing else
version = "!= 5.0.0"   # Anything except this version
version = ">= 5.0.0"   # This version or newer (⚠️ can reach 6.x — risky!)
version = "< 6.0.0"    # Must be below this version
version = "~> 5.0"     # >= 5.0.0 and < 6.0.0 (safe minor upgrades)
version = "~> 5.2.1"   # >= 5.2.1 and < 5.3.0 (safe patch upgrades only)

The ~> operator (called the pessimistic constraint operator) is the industry standard. It allows safe incremental upgrades while blocking potentially breaking major version changes.

Why This Matters

Without version constraints, a terraform init today and another six months from now might pull completely different provider versions. Your infrastructure code could start behaving differently without you changing a single line.

With proper constraints, everyone on the team — and every CI/CD run — uses compatible versions.

💡 Best Practice: Use ~> x.y for providers (allows patch and minor updates, blocks major). Pin your Terraform version with >= x.y.z, < (next major) for similar safety.

Wrapping Up

You've just covered the full breadth of core Terraform concepts — from how it tracks infrastructure with state, to how it handles dependencies, functions, modules, and deployments.

Here's a quick summary of the most important ideas to internalize:

Use implicit dependencies whenever possible; reach for depends_on only when needed
Treat state as sacred — back it up, don't edit it manually without care
Provisioners are a last resort — prefer user_data and proper config management tools
Modules are how you scale — small, reusable, single-purpose
Prefer for_each over count in almost every production situation
Immutable infrastructure + lifecycle rules = stable, reproducible deployments
Version constraints protect you from surprise breaking changes

Terraform rewards consistent habits. The teams that get the most out of it are the ones that commit to: all changes through code, no manual console edits, modules for reuse, and regular terraform plan runs to catch drift early.

Happy building! 🚀

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Protect Your Software Supply Chain with SBOMs – Security and Compliance

Abishek Haththakage — Sat, 04 Oct 2025 12:29:42 +0000

In today’s software-driven world, applications are no longer built entirely in-house. Instead, they are assembled from hundreds of open-source libraries, third-party dependencies, container images, and vendor components. While this accelerates development, it also creates hidden risks: security vulnerabilities, legal licensing issues, and a lack of visibility into what actually makes up a piece of software.

This is where a Software Bill of Materials (SBOM) comes in.

What is an SBOM?

An SBOM is a structured inventory or “ingredient list” of everything included in a software product.

It typically contains:

Component name (log4j-core)
Version (2.14.1)
Supplier (e.g., Apache Software Foundation)
License type (MIT, Apache, GPL, etc.)
Hash or checksum (for integrity verification)
Relationships (e.g., Component A depends on Component B)

Just like a food label helps consumers understand what they are eating, an SBOM helps organizations, regulators, and customers understand what’s inside their software.

Why SBOMs Matter

1. Security

When a new vulnerability (like Log4Shell in Log4j or critical OpenSSL flaws) is announced, organizations with SBOMs can instantly check whether their systems are affected.

Log4Shell (Log4j) = a hidden logging library bug that let hackers run code on servers.
OpenSSL flaws = cryptography library bugs that threatened secure communications.

2. Compliance

Many open-source components come with licenses. Some licenses (MIT, Apache) are permissive, while others (GPL, AGPL) impose strict requirements. SBOMs allow legal teams to confirm that distributed software complies with license policies.

I will explain Licenses in the next section.

3. Regulation & Trust

Governments and industries are making SBOMs mandatory:

US Executive Order 14028 → SBOMs required for federal software vendors
FDA → SBOMs required for medical devices
EU NIS2 Directive → mandates supply chain transparency for critical sectors

Most IT companies aim to align with the following standards:

ISO/IEC 27001 & ISO/IEC 27034 (Information Security / Application Security Standards)
Scope:

ISO/IEC 27001 → International standard for information security management systems (ISMS).
ISO/IEC 27034 → Focuses on application security and secure software development practices.

SBOM Relevance:

Requires organizations to maintain a comprehensive inventory of software components and assets.
SBOMs serve as documented evidence for audits, risk assessments, and demonstrating compliance with security controls.

Even outside regulation, many enterprises now ask vendors to provide an SBOM before purchasing software.

4. Transparency & Risk Management

SBOMs provide full visibility into dependencies, helping organizations:

Respond quickly to security incidents
Track version history of components
Understand risks in third-party or outsourced software

Understanding Open-Source Licenses and SBOMs

When using open-source software, it’s important to know the license that comes with each component. Licenses define how you can use, modify, and distribute the software. They generally fall into three categories: permissive, copyleft (restrictive), and specialized licenses.

1. Permissive Licenses

Permissive licenses are very flexible. They let you use, modify, and redistribute software with minimal restrictions. You can even include it in proprietary software without having to release your own code.

MIT: Very simple; allows use, copy, modify, merge, publish, and distribute; requires attribution.
Apache 2.0: Allows commercial use; requires notice, provides patent grants, and protects contributors.
BSD 2-Clause / 3-Clause: Similar to MIT; requires attribution; 3-Clause adds “no endorsement” clause.
ISC: Very short and permissive, similar to MIT.

Use case: Perfect for companies that want to include open-source code in their proprietary software without sharing their own source code.

2. Copyleft Licenses (Restrictive)

Copyleft licenses are stricter. If you distribute a modified version of the software, you must release your changes under the same license. This is often called a “viral” license because it applies to your code as well.

GPL (General Public License): Strong copyleft; any derivative work must also be GPL.
LGPL (Lesser GPL): Allows linking to proprietary software; only modifications to the library itself must be open-sourced.
AGPL (Affero GPL): Extends GPL; if the software is run over a network (SaaS), the source code must be provided to users.

Use case: Good for software that wants improvements to remain open source. Not suitable if you want to keep your code private.

3. Other Specialized Licenses

Some licenses have specific rules for certain situations:

MPL (Mozilla Public License) → Only modified files must be open-sourced; the rest of the project can remain proprietary.
EPL (Eclipse Public License) → Similar to MPL; modifications to EPL-covered code must be released.
Creative Commons (CC0, CC BY, etc.) → Often used for content or data rather than code; some require attribution.

SBOM Standards

A Software Bill of Materials (SBOM) is only useful if it follows a standard format that tools and organizations can read and process. Two main standards are widely used today:

1. CycloneDX

Origin: OWASP project (Open Web Application Security Project).
Focus: Security and DevSecOps.
Purpose: Helps identify vulnerabilities, component versions, and security risks in software.
Format: Machine-readable (JSON, XML), so it can be integrated with automated tools like Trivy, Syft, or Dependency-Track.

Example Use:

Automatically scan a software build to see if it contains vulnerable libraries.
Track which components need security patches.

SPDX (Software Package Data Exchange)

Origin: Linux Foundation.
Focus: License compliance and legal requirements.
Purpose: Tracks software licenses, copyright notices, and compliance information.
Format: Machine-readable (JSON, RDF, tag-value), allowing automated compliance checks.

Example Use:

Ensure no GPL or other restricted-license components are used in a commercial product.
Generate reports for legal audits or regulatory complianc

How SBOMs Are Created

SBOMs can be generated automatically using tools:

1.Syft (Anchore)

Syft is an open-source tool from Anchore that generates Software Bill of Materials (SBOMs). An SBOM is a detailed inventory of all software components, libraries, and dependencies inside an application, container image, or filesystem.

Supports multiple SBOM formats:
CycloneDX JSON
SPDX JSON
Table / Text / JSON outputs

Scan a Docker Image

syft python:3.11

Generate SBOM in JSON

syft python:3.11 -o json > sbom.json

Generate CycloneDX SBOM

syft python:3.11 -o cyclonedx-json > sbom-cyclonedx.json

Scan a Directory

syft /path/to/project -o json

Trivy (Aqua Security)

Trivy (by Aqua Security) is an open-source security and compliance scanner.

It can scan:

Container images
File systems / source code
Git repositories
Kubernetes clusters
SBOMs (Software Bill of Materials)

Scan a Docker Image

trivy image --format cyclonedx --output sbom.json myapp:latest

Scan a Directory

trivy fs --format cyclonedx --output sbom.json .

Enterprise Tools

Tools like Snyk, Mend, Aqua, or Dependency-Track can automatically:
Generate SBOMs for multiple projects or containers
Scan for vulnerabilities
Track license compliance

How to Read an SBOM

An SBOM (Software Bill of Materials) provides detailed information about all the software components in a project. When reading an SBOM, focus on these key elements:

Components / Packages: Lists all the software packages, libraries, and modules used in the project.
**Version: **Shows the exact version of each component, which is important for tracking vulnerabilities.
License: Specifies the license type for each component (e.g., MIT, GPL, Apache), helping ensure compliance with organizational or legal requirements.
Dependencies: Indicates which components rely on others, including both direct and transitive dependencies.
Supplier / Author: Names the organization or individual who created or maintains the component.
Vulnerabilities (optional): Some SBOMs include CVE IDs or risk information for components with known security issues.

Tip: For small projects, you can read SBOMs manually. For larger projects, use tools like Trivy, Syft, CycloneDX CLI, or Dependency-Track. These tools can visualize dependencies, highlight vulnerabilities, and flag license issues, making SBOMs much easier to interpret.

We can use the following commands to analyze and visualize SBOM reports:

Using Trivy:

trivy sbom sbom.json

Using Grype:

grype sbom:sbom.json

What these commands do:

Read the SBOM (sbom.json) instead of scanning the image or filesystem again.
Check all listed components against known vulnerabilities (CVEs).
Provide a report showing vulnerable packages, severity levels, and available fixes.

Where SBOMs Are Used

Security teams → Vulnerability detection and monitoring
Legal/compliance teams → License validation and audits
Operations teams→ Tracking dependencies across environments
Customers and regulators → Ensuring transparency before software adoption

SBOMs can be stored in:

Artefact repositories (Nexus, Artifactory, GitHub Packages)
Container registries (ECR, GCR, ACR — which support SBOM attachments)
Customer deliverables (JSON/XML files shipped alongside releases)

SBOM best practices

Automate generation – use tools, don’t create manually.
Generate at build time – include all direct and transitive dependencies.
Store centrally – versioned in artifact or repository.
Integrate with security tools – scan for vulnerabilities and license issues.
Choose the right standard – CycloneDX (security) or SPDX (license).
Update continuously – keep SBOMs current with changes.
Attach to releases – provide SBOMs with software or containers.
Use for incident response – quickly identify affected components.

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

DNS Basics: How Domain Name System Connects Websites

Abishek Haththakage — Sat, 21 Sep 2024 12:38:49 +0000

What is DNS?

DNS stands for Domain Name System. It’s like the phonebook of the internet. Instead of remembering long strings of numbers (IP addresses), DNS lets us use easy-to-remember names (like google.com) to visit websites.

Every device on the internet has an IP address, but DNS allows you to type a simple web address (domain name) and connect to the website without knowing the IP address.

How Does DNS Work?

DNS converts (or resolves) a domain name into its IP address so your computer can find and connect to it. Here’s how it works step-by-step:

Your browser asks for the IP address of the website you want to visit (like google.com).
The DNS Resolver (usually provided by your internet service) looks for the IP address.
If it doesn’t have the IP address stored, it contacts a Root Nameserver, which tells the resolver where to find more info.
The resolver then asks a TLD Server (Top-Level Domain, like .com, .org, etc.) for the right Authoritative Nameserver.
The Authoritative Nameserver finally gives the correct IP address to the resolver.
The browser then uses this IP address to connect you to the website.

Types of DNS Records

DNS uses different records to store important information about websites. Here are the most common ones:

A Record: It maps a domain name to an IPv4 address (like 192.168.1.1).
AAAA Record: Similar to A Record, but for IPv6 addresses (a newer, longer IP address format).
CNAME Record: Points one domain name to another (used when websites have multiple names).
MX Record: Directs emails to the correct mail server for a domain.
NS Record: Lists the nameservers that handle the DNS requests for a domain.
SOA Record: Contains info about the domain, like when it was last updated.
SRV Record: Specifies servers for specific services (like email or voice calls).
PTR Record: Maps an IP address back to a domain name (reverse lookup).
TXT Record: Can store any text, often used for security (like verifying domain ownership).

Why is DNS Important?

DNS is crucial because it makes the internet easy to use by allowing us to remember names instead of numbers. It also ensures that when you type in a web address, you are sent to the right place. Without DNS, the internet would be much harder to navigate.

DNS Challenges

Sometimes, DNS can have problems, like:

Outages: If DNS servers fail, websites can become unreachable.
Security Threats: DNS is a target for hackers who may launch attacks like DDoS or cache poisoning, which can take down large portions of the internet.
Misconfigurations: Small mistakes in DNS setup can lead to websites being down.

Monitoring DNS

To prevent problems, businesses often use DNS monitoring tools to keep track of DNS performance and security. These tools can:

Check if DNS servers are working well.
Spot errors or delays in resolving domains.
Detect security threats like attacks on DNS servers.

DNS is the backbone of the internet, allowing us to use simple domain names instead of complex IP addresses. While it’s a powerful system, it can face challenges, so it’s important to monitor and secure DNS to ensure websites and services run smoothly.

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Essential Networking Know-How: Insights for DevOps Engineers

Abishek Haththakage — Thu, 09 May 2024 00:21:55 +0000

Networking is like the wiring that connects all the devices in a house. Just like how electricity flows through wires to power different appliances, data flows through networks to connect computers, smartphones, and other devices.

For a DevOps engineer, understanding networking is crucial because it's what allows different parts of a system to communicate with each other smoothly. Imagine if the wires in a house were all tangled up or broken - the lights wouldn't turn on, and the appliances wouldn't work. Similarly, if the network isn't set up correctly or has issues, the software and services that DevOps engineers work with might not function properly.

By knowing about networking, DevOps engineers can ensure that the systems they manage run efficiently and securely. They can set up the right pathways for data to travel, troubleshoot any problems that arise, and keep everything running smoothly, just like an electrician ensures the wiring in a house is in good shape. So, networking is like the backbone of DevOps engineering, making sure everything stays connected and works as it should.

Understanding the OSI Model:

Picture your computer as a bustling city, teeming with activity and interconnected pathways. The OSI model serves as our map, dividing this complex system into seven layers, akin to the various strata of a thriving metropolis. Each layer, from the Physical to the Application, plays a distinct role in facilitating the flow of data, much like how different city infrastructures enable daily life.

OSI Model Explained | OSI Animation

TCP/IP Protocol Suite:

Think of TCP/IP as the language spoken by devices on the internet. It's what allows your computer to communicate with servers halfway around the world. Transmission Control Protocol (TCP) ensures that data arrives in the correct order and without errors, while Internet Protocol (IP) is responsible for routing data packets to their destinations. Together, they form the backbone of Internet communication.

TCP IP Model Explained | TCP IP Model Animation

Switching and Routing:

Think of switching as having a savvy teacher who effortlessly directs messages to their intended recipients in a crowded classroom. Meanwhile, routing is akin to plotting the optimal path for a letter to reach a friend in another city, with routers acting as the gatekeepers guiding data through networks.

- Switching Techniques in Computer Networks

IP Link, IP Addressing, and Subnetting:

Every device on a network, be it your trusty smartphone or reliable computer, is assigned a unique identifier – the IP address. It's akin to having a personal phone number in the digital realm. Utilizing commands like ip link and ip addr add, you can explore your device's connection and even add additional IP addresses as needed.

IP addressing and Subnetting

Gateway and Default Gateway:

Just as you rely on GPS navigation to reach unfamiliar destinations, your computer relies on gateways to access external networks. Commands like route and ip route add help configure routing tables, while ping tests connectivity, ensuring smooth communication with other networks.

- Default Gateway Explained

DNS Server:

Ever wondered how your computer effortlessly translates web addresses like "google.com" into numerical IP addresses? Enter DNS servers, the unsung heroes of internet navigation. Commands like nslookup and dig offer glimpses into the inner workings of this crucial translation process.

How a DNS Server (Domain Name System) works.

Network Security:

Much like locking your doors to thwart intruders, network security safeguards data from unauthorized access. Firewalls, VPNs, and encryption protocols serve as digital guardians, ensuring the integrity and confidentiality of your online interactions.

Network Security Model

Load Balancing:

Imagine a bustling restaurant efficiently serving scores of hungry patrons. Load balancing distributes network traffic across multiple servers, ensuring smooth and reliable access to websites and applications, even during peak usage periods.

What is a Load Balancer?

Network Monitoring and Troubleshooting:

Just as a skilled mechanic diagnoses and repairs car troubles, network engineers employ tools and techniques to monitor and troubleshoot network issues. From identifying bottlenecks to swiftly resolving connectivity hiccups, their expertise ensures seamless digital experiences for users.

How to troubleshoot network issues

So, there you have it, aspiring tech wizards! Armed with newfound knowledge and handy commands, you're well-equipped to navigate the intricate web of computer networking. Whether you're exploring the depths of the OSI model or delving into the nuances of DNS translation, each concept brings you one step closer to mastering the art of networking. So go ahead, dive in, and unravel the mysteries of networking – the digital realm awaits your exploration!

Useful Things!

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Unlocking Linux: A Beginner's Guide to Essential Commands and Functions

Abishek Haththakage — Wed, 08 May 2024 09:12:13 +0000

Linux is like the engine that powers a lot of the internet. It's everywhere, from websites to smartphones to supercomputers. As a DevOps engineer, you work with software and systems to make sure everything runs smoothly. Linux is crucial for this because it's stable, secure, and flexible. It's also free, which is great for businesses. Learning Linux helps you understand how to manage servers, automate tasks, and deploy applications. So, if you want to be a DevOps engineer, learning Linux is like learning the language of the internet!

Linux, the operating system powering much of today's digital world, might seem like a complex maze to navigate, but fear not! In this beginner-friendly guide, we'll embark on a journey through the world of Linux, starting from its basic concepts to essential commands and functionalities. By the end of this article, you'll have a solid understanding of Linux, empowering you to navigate its ecosystem with confidence.

Understanding Linux Shell Types

Think of the Linux shell as your gateway to interacting with the operating system. There are different types of shells, each with its unique features. Let's explore a few:

Bourne Shell (sh shell): This is one of the oldest and simplest shells. It's efficient for running scripts and executing commands.

Bash in 100 Seconds

C Shell (csh or tcsh): Known for its C-like syntax, this shell offers powerful scripting capabilities.
Z Shell (zsh): Zsh is highly customizable and comes with advanced features like improved tab completion and spelling correction.
Bourne Again Shell (bash): Perhaps the most widely used shell, bash combines the features of the older shells with additional enhancements, making it user-friendly and versatile.

Basic Linux Commands

Now, let's dive into some basic Linux commands that you'll use frequently:

Echo: Used to print messages to the terminal. For example, echo "Hello, Linux!" will display "Hello, Linux!" on the screen.
ls: Short for "list," this command displays the contents of a directory. For instance, ls /home will show the files and folders in the "/home" directory.
cd: Stands for "change directory," allowing you to navigate between directories. Example: cd /var/www moves you to the "/var/www" directory.
pwd: Displays the present working directory. Typing pwd will show you the directory you're currently in.
mkdir: Short for "make directory," used to create new directories. For example, mkdir documents creates a new directory named "documents."
Basic Linux Commands

Command Files

Understanding how to manipulate files is fundamental in Linux. Here are some essential commands:

touch: Creates an empty file. For instance, touch myfile.txt creates a file named "myfile.txt."
cat: Concatenates and displays the content of files. Typing cat myfile.txt will show the contents of "myfile.txt" on the screen.
cp: Copies files or directories. Example: cp file1.txt /backup copies "file1.txt" to the "/backup" directory.
mv: Moves files or directories. For instance, mv file1.txt /new_location moves "file1.txt" to "/new_location."

Introduction to VI Editor

VI is a powerful text editor commonly used in Linux. It has two modes: command mode and insert mode. Here are some basic commands:

i: Switches to insert mode, allowing you to insert text.
x or dd: Deletes characters (x) or entire lines (dd).
yy or p: Copies (yy) and pastes (p) text.
ctrl + u /d: Scrolls up/down.
:w: Saves changes.
:q: Quits VI.
:wq: Saves changes and quits.

Basics of VI editor in under 8 minutes

Managing User Accounts

Linux allows you to manage user accounts efficiently. Here are some commands:

whoami: Displays the current username.
id: Shows information about the current user.
su: Switches user. For example, su username switches to the user "username."
ls /root: Lists the contents of the root directory.
sudo ls /root: Lists the root directory with superuser privileges.

Downloading Files

Downloading files is a common task in Linux. Here are two methods:

curl: Downloads files from a URL. Example: curl http://example.com/file.txt -o file.txt downloads "file.txt" from "http://example.com" and saves it locally.
wget: Similar to curl, wget also downloads files from URLs. Example: wget http://example.com/file.txt downloads "file.txt" from "http://example.com."

Package Managers

Package managers simplify the installation and management of software packages. Let's explore two popular package managers:

RPM (Red Hat Package Manager): Used primarily in Red Hat-based distributions like CentOS. Commands include rpm -i for installation, rpm -e for removal, and rpm -q for querying package information.
Yum: A high-level package management tool built on top of RPM. Common commands include yum install for installation, yum remove for removal, and yum repolist for listing repositories.

Managing Services in Linux

Linux services are background processes that run continuously. Here's how to manage them:

Service: Command-line tool for managing system services.
Systemctl: Controls the systemd system and service manager. Commands include start, stop, status, enable, and disable.
How To Manage Linux Services with systemctl and journalctl | Sysadmin Basics

Conclusion

Congratulations! You've taken your first steps into the fascinating world of Linux. Armed with this knowledge, you're ready to explore further and unlock the endless possibilities that Linux offers. Keep practicing, experimenting, and embracing the open-source spirit. Happy learning!

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Docker for the Absolute Beginner

Abishek Haththakage — Wed, 27 Dec 2023 07:39:48 +0000

Docker is a tool that allows developers to package their applications and all their dependencies into a single container. This container can then be easily transported and run on any machine that has Docker installed, without worrying about differences in the environment. It's like a standardized way of packaging and running software.

What is the container?

container is like a little package that has everything a program needs to run, making it easy to move around and run on different computers without causing any trouble.

The cool part is that this mini-computer (container) is like a superhero with a cape. It can run on any computer, no matter how different they are, because it brings its own special environment with it. It's a neat and tidy way to keep software organized and make sure it works the same way no matter where it goes.

Why do we need Docker?

Consistency: Docker makes sure that the software works the same way on your computer, your friend's computer, or any computer. It keeps things consistent.
Portability: You can package up your software and its friends into a Docker container, and it can travel anywhere. It's like putting your game and all its rules in a suitcase and playing it at a friend's house.
Isolation: Docker containers are like little bubbles. What happens inside the bubble stays inside the bubble. This means one program in a container won't mess with another program outside its container.
Efficiency: Docker helps save computer resources. Instead of having a whole computer just for one program, you can have many containers running on the same computer without them getting in each other's way.
Speed: Docker makes it quick and easy to start, stop, and share software. It's like turning on and off a game console – fast and simple.

what is Docker Image?

Docker image is a snapshot of a program and all the things it needs to run. It's a packed-up version that includes the code, tools, and settings, just like a snapshot of your cookie recipe with all the ingredients.

The image is the recipe, and the container is what you get when you follow that recipe to actually make and run the program.

Some Basic Docker Commands.

docker run nginx
- This command tells Docker to run a container using the "nginx" image. It's like telling Docker to start a new instance of a pre-made program (nginx, which is a web server).
docker ps
- Shows you a list of running containers. It's like checking to see which programs are currently running.
docker ps -a
- Shows you a list of all containers, including the ones that have stopped. It's like checking a history of all the programs you've run.
docker stop silly_sammet
- Stops a running container named "silly_sammet." It's like turning off a program that's currently running.
docker rm silly_sammet
- Removes a stopped container named "silly_sammet." It's like throwing away the instructions for a program you don't need anymore.
docker images
- Lists all the Docker images you have. It's like looking at a menu of all the different programs you can run.
docker rmi nginx
- Removes the "nginx" image. It's like erasing the recipe for a program you don't want to use anymore.
docker pull nginx
- Downloads the "nginx" image from the internet. It's like getting a new recipe from a cookbook.
docker run ubuntu sleep 5
- Runs a container using the "ubuntu" image and makes it sleep for 5 seconds. It's like starting a program that just waits for a little bit and then stops.
docker exec distracted_mcclintock cat /etc/hosts
- Executes a command inside a running container named "distracted_mcclintock." It's like peeking inside the recipe book to see a specific page.
docker run -d kodekloud/simple-webapp
- Runs a container in detached mode from the "kodekloud/simple-webapp" image. It's like starting a program and letting it run in the background.
docker attach a043d
- Attaches your terminal to a running container with the ID "a043d." It's like jumping into a running program to see what's happening.

Some Docker concepts:

Run with a Tag:
- Tags are like versions of a program. It's specifying which version you want to run.
- Example Code: docker run nginx:latest
- This runs the latest version of the Nginx program.
Run with STDIN:
- STDIN is like typing on your keyboard. Some programs want input from you.
- Example Code: docker run -i -t ubuntu
- This runs an interactive terminal inside a Ubuntu container, allowing you to type commands.
Run with Port Mapping:
- Ports are like doors. Programs use them to communicate with the outside world.
- Example Code: docker run -p 8080:80 nginx
- This runs Nginx, and it opens the door on your computer's port 8080, connecting it to the container's port 80.
Run with Volume Mapping:
- Volumes are like shared folders. They let you store things outside the container.
- Example Code: docker run -v /your/local/folder:/container/folder nginx
- This runs Nginx and connects a folder on your computer to a folder inside the container.
Inspect Container:
- Inspecting is like taking a closer look at a running program.
- Example Code: docker inspect container_name
- This gives you detailed information about a running or stopped container.
Container Logs:
- Logs are like a diary. They record what a program has been doing.
- Example Code: docker logs container_name
- This shows you the logs or activities of a specific container.

Environment variables

environment variables are like handy notes that programs use to find important information, kind of like secret messages for the program to understand and work better!

Environment Variables in a Python Script (app.py):
- Imagine you have a program (app.py) written in Python. You might want to customize it without changing the code. You can use environment variables.
- Example Code (app.py):
```
 import os

 app_color = os.getenv("APP_COLOR", "default_color")
 print(f"The app color is {app_color}")
```

Running the script normally: python app.py
Running with a specific color: export APP_COLOR=blue; python app.py

Using ENV Variables in Docker:
- Docker containers can also use environment variables. It's like giving instructions to the program inside the container.
- Example Code:
  - docker run -e APP_COLOR=green simple-webapp-color
  - This runs a Docker container (simple-webapp-color) and sets the environment variable APP_COLOR to "green".
Inspecting Environment Variables:
- Sometimes, you want to check what environment variables a running container is using.
- Example Code: docker inspect blissful_hopper
- This command provides detailed information about the container named "blissful_hopper," including its environment variables.

In simple terms, environment variables are like little notes that a program (or a Docker container) can read to know how to behave. You can set these notes before running the program, and the program will use them to customize itself. The export command in the second example is like writing a note before running a program, telling it how to behave. The docker inspect command is like peeking inside a container to see what notes it has.

Docker Images

Dockerfile:

A Dockerfile is like a set of instructions for Docker to create an image. It's like a recipe for baking a cake.

# Use the Ubuntu base image
FROM Ubuntu

# Update apt repository
RUN apt-get update

# Install dependencies using apt
RUN apt-get install -y python

# Install Python dependencies using pip
RUN pip install flask
RUN pip install flask-mysql

# Copy source code to /opt folder
COPY . /opt/source-code

# Set the working directory
WORKDIR /opt/source-code

# Specify entry point to run the web server
ENTRYPOINT ["flask", "run"]

Steps to Create Your Own Image:

Create a file named Dockerfile with the above content.
Save it in the same directory as your source code.

Building the Docker Image:
Run the following command in the terminal:

docker build -t your-image-name .

This command tells Docker to build an image using the Dockerfile in the current directory (.), and tag it with a name of your choice (-t your-image-name).

Layered Architecture:

Think of the Docker image as a layered cake. Each instruction in the Dockerfile adds a layer to the image.
Layers are reusable. If you change something in your code, Docker only rebuilds the layer affected, making it efficient.

Docker Build Output:

When you build an image, Docker shows each step in the process. If there's a failure, it'll give you an error message.

What Can You Containerize?

Almost anything! Applications, services, databases, websites, basically any software can be containerized.
It's like putting your software in a box so it can run anywhere without causing trouble.

What is Docker CMD vs ENTRYPOINT

CMD in Docker:

Think of CMD as the default thing your program does when you start the container.
It's like saying, "Hey, when you run this container, do this by default."
Example: CMD ["flask", "run"] means when the container starts, it automatically runs the Flask web server.

CMD Example:

FROM alpine
CMD ["sleep", "5"]

In this example, when you run a container using this image, it automatically sleeps for 5 seconds.

ENTRYPOINT in Docker:

Think of ENTRYPOINT as the main thing your container does. It's like the boss command.
It sets a default application to run when the container starts, but you can still override it if you want.
Example: ENTRYPOINT ["flask", "run"] means the container is primarily meant to run the Flask web server, but you can still add more commands if needed.

ENTRYPOINT Example:

FROM alpine
ENTRYPOINT ["sleep"]
CMD ["5"]

Here, the primary purpose is to sleep, and you can still override the sleep duration if you want.

In both cases, the container will just sleep for a few seconds when started. The key difference is in how you provide parameters and whether or not they can be easily overridden.

CMD is like saying, "Here's a default thing to do," and ENTRYPOINT is like saying, "This is the main thing to do, but you can tweak it a bit if you want." They both help define what your container does when it starts.

Networking in Docker:

Docker networking helps containers (programs) talk to each other, making sure they can work together smoothly.

Default Networks:

Docker creates default networks for containers to communicate.
Example Code: docker run ubuntu --network=host
- This runs a Ubuntu container using the host network, meaning it shares the network namespace with the host.

User-Defined Networks:

You can create your own networks for better organization and control.
Example Code:

  docker network create --driver=bridge --subnet=182.18.0.0/16 custom-isolated-network

This creates a user-defined bridge network named custom-isolated-network with a specific subnet.

Listing Networks:

You can see all the networks you have.
Example Code: docker network ls

Inspecting a Network:

You can inspect the details of a specific network.
Example Code: docker network inspect blissful_hopper
- This shows detailed information about the network named "blissful_hopper."

Embedded DNS:

Docker has a built-in DNS system for containers to find each other by name.
Example Code: mysql.connect(mysql)
- This could be a line in your code where a service named "mysql" connects to another service named "mysql" using Docker's DNS.

Docker Storage:

Docker storage is like deciding where to keep your data when using containers. You can keep them inside the container, share them between containers using volumes, or store them outside the container for safekeeping.

File System in Docker:

Docker uses a layered architecture to build images. Each instruction in the Dockerfile adds a new layer to the filesystem.

# Dockerfile
FROM Ubuntu
RUN apt-get update && apt-get install -y python
RUN pip install flask flask-mysql
COPY . /opt/source-code
WORKDIR /opt/source-code
ENTRYPOINT ["flask", "run"]

The layers in the Dockerfile:
- Layer 1: Base Ubuntu layer
- Layer 2: Changes in apt packages
- Layer 3: Changes in pip packages
- Layer 4: Source code
- Layer 5: Update Entrypoint with "flask" command
- Layer 6: Container Layer

Image Layers:

When you build a Docker image, it consists of read-only layers. Each layer represents a change or addition to the image.
- Layer 1: Base Ubuntu layer
- Layer 2: Changes in apt packages
- Layer 3: Changes in pip packages
- Layer 4: Source code
- Layer 5: Update Entrypoint with "flask" command

# Build the Docker image
docker build -t mmumshad/my-custom-app .

Container Layer:

When you run a Docker container, a read-write layer is added on top of the read-only image layers. This layer is specific to the running container.
- Layer 6. Container Layer

# Run the Docker container
docker run mmumshad/my-custom-app

Volumes:

Volumes are a way to persist data outside the container. They are like external storage.

# Create a Docker volume
docker volume create data_volume

# Use the volume in a container
docker run -v data_volume:/var/mysql mysql

You can also mount specific directories from the host to the container using -v:

# Mount a host directory to a container directory
docker run -v /path/on/host:/var/mysql/mysql -d mysql

The docker run --mount command is used to mount a specific directory or file from the host machine into a running Docker container.

docker run --mount type=bind,source=/mysql,target=/var/mysql mysql

Storage Drivers:

Docker uses storage drivers to manage how data is stored and accessed. Some common storage drivers include AUFS, ZFS, BTRFS, Device Mapper, Overlay, and Overlay2.

Manage data in Docker
About storage drivers
Volumes

Docker Compose

Docker Compose is a handy tool that helps you easily run and connect different software services as if they were all part of the same event.

Docker Compose Basics:

Running Individual Containers:

Normally, you might run separate Docker containers like this:

 docker run mmumshad/simple-webapp
 docker run mongodb
 docker run redis:alpine
 docker run ansible

Docker Compose File (docker-compose.yml):

Docker Compose allows you to define all these services in a simple file:

 # docker-compose.yml
 version: '3'

 services:
   web:
     image: 'mmumshad/simple-webapp'
   database:
     image: 'mongodb'
   messaging:
     image: 'redis:alpine'
   orchestration:
     image: 'ansible'

This file describes the services you want to run (web, database, messaging, orchestration), their respective images, and any additional configurations.

Running with Docker Compose:
- To start all these services together:
```
 docker-compose up
```

Docker Compose takes care of starting all the containers defined in your docker-compose.yml file.

Building with Docker Compose:
- You can also build images using Docker Compose:
```
 docker-compose build
```

This command builds the images specified in the docker-compose.yml file.

Running Linked Containers:

If you were to run individual containers with linking:

 docker run -d --name redis redis
 docker run --name voting-app -p 5000:80 --link redis:redis voting-app
 docker run --name result-app -p 5001:80 --link db:db result-app
 docker run -d --name worker --link db:db --link redis:redis worker

In Docker Compose:

 # docker-compose.yml
 version: '3'

 services:
   vote:
     image: 'voting-app'
     ports:
       - '5000:80'
     links:
       - 'redis:redis'
   result:
     image: 'result-app'
     ports:
       - '5001:80'
     links:
       - 'db:db'
   worker:
     image: 'worker'
     links:
       - 'db:db'
       - 'redis:redis'
   db:
     image: 'db'
   redis:
     image: 'redis'

Docker Compose lets you describe your entire application stack in a single file, making it easy to manage, run, and connect different services. It's like writing down all the tasks for your event in one plan, and then Docker Compose handles the setup for you.

Docker Compose overview
Docker compose Doc

Docker Registry

a Docker Registry is a place where people store and share their Docker images, making it easy for others to use and run their software. It's like a big online library for programs that can be easily downloaded and used on different computers.

Docker Registry Basics:

Public Registry:
- Docker images can be stored and shared on public registries like Docker Hub.
- Example:
```
 docker pull nginx
```
Private Registry:
- Sometimes, you might want to keep your images in your own private registry.
- Example:
  - Log in to a private registry:

bash
       docker login private-registry.io

 - Run a container from an image in the private registry:

   ```bash
   docker run private-registry.io/apps/internal-app
   ```

Deploying Your Own Private Registry:
- You can deploy your own private registry for your team or company.
- Example:
  - Run a private registry on your machine:

       docker run -d -p 5000:5000 --name registry registry:2
       ```
{% endraw %}

     - Tag your image for the private registry:
{% raw %}

bash
docker image tag my-image localhost:5000/my-image




     - Push the image to your private registry:

bash
docker push localhost:5000/my-image
```

 - Pull the image from your private registry:

  bash
       docker pull localhost:5000/my-image

Pulling from a Remote Private Registry:
- You can also pull images from a remote private registry using its IP address or domain.
- Example:
```
 docker pull 192.168.56.100:5000/my-image
```

a Docker Registry is like a storage space where people keep and share their Docker images. You can use public registries for widely-used images or set up your own private registry for your specific needs. It's like a special library for sharing and storing software blueprints (images).

Docker Engine

Imagine you have a magic box (Docker Engine) that can run and manage all kinds of programs (containers) for you. Docker Engine is like the brain of this magic box.

Docker Daemon:
- The Daemon is like the caretaker of the magic box. It's always there, ready to take instructions and make sure everything runs smoothly.
REST API:
- Think of REST API as a set of rules that allow you to talk to the magic box. It's like a language that you and the Daemon use to communicate. You tell the Daemon what to do, and it understands because you're speaking the same language.
Docker CLI (Command Line Interface):
- The Docker CLI is like a magical wand you use to command the Daemon. You type in commands, and the Daemon follows your instructions. It's like saying "Abracadabra" to make things happen.

Connecting to a Remote Docker Engine:
connecting to a remote Docker engine allows you to control containers on another machine, and setting constraints ensures that containers use only specified resources.

Docker Host IP:
- You can connect to a Docker engine on a different machine using its IP address and port.
- Example:
```
 docker -H=remote-docker-engine:2375 run nginx
```

This tells your local Docker CLI to communicate with a remote Docker engine.

Running Container with Constraints:
- Docker allows you to set resource constraints for containers, like CPU and memory limits.
- Example:
```
 docker run --cpus=0.5 ubuntu
 docker run --memory=100m ubuntu
```

These commands limit the container to use only half a CPU core and 100 megabytes of memory.

Sure, let's simplify the concept of PID namespace:

Namespace PID:

PID namespace allows you to create a separate area for processes (like programs or tasks) in a container, so they have their own set of "ticket numbers" (Process IDs) that don't clash with processes outside the container.

Example Code:

Running a Container with Host PID Namespace:
- This means the container shares the same "ticket numbers" as the host.

   docker run --pid=host ubuntu

Running a Container with Isolated PID Namespace:
- This means the container has its own set of "ticket numbers" separate from the host.

   docker run --pid=container ubuntu

In the first example, the container interacts with processes as if it's in the same space as the host. In the second example, the container has its own isolated space for processes. It's like having a private area in a big event where your group has its own set of ticket numbers, allowing you to do things independently of the rest of the event.

Containerization Concepts:

Process ID Namespace:
- Containers have their own isolated process ID (PID) space, so processes inside a container are separate from those outside.
- Example:
```
 docker run --pid=host ubuntu
```

 - This command runs a container with the host's PID namespace, so it shares the same processes.

Network Namespace:
- Containers also have their own isolated network namespace, meaning they can have their own network configurations.
- Example:
```
 docker run --net=host nginx
```

 - This command runs a container with the host's network namespace.

Unix Time Sharing Namespace:
- This namespace allows containers to have their own view of time, separate from the host and other containers.
- Example:
```
 docker run --uts=host ubuntu
```

 - This command runs a container with the host's Unix time sharing namespace.

InterProcess Mount Namespace:
- Mount namespace isolates the file system, allowing containers to have their own file system view.
- Example:
```
 docker run --mount=type=bind,source=/host/folder,target=/container/folder ubuntu
```

 - This command mounts a folder from the host into the container.

Certainly! Let's simplify the concept of cgroups:

Cgroups:

cgroups (short for control groups) help manage and distribute system resources, such as CPU and memory, among different processes or containers. They ensure that no single process or container uses up all the available resources, keeping everything balanced.

Example Code:

Setting CPU Limit with Cgroups:
- This is like saying each guest at the party can only eat a certain amount of food.

   docker run --cpus=0.5 ubuntu

This limits the container to use only half of a CPU core.

Setting Memory Limit with Cgroups:
- This is like saying each guest can only take up a certain amount of space on the dance floor.

   docker run --memory=100m ubuntu

This limits the container to use only 100 megabytes of memory.

Docker Engine overview
Develop with Docker Engine API
Runtime metrics

The concept of Linux Containers and Windows Containers:

Linux Containers (Default):

Linux containers are a way to package and run software along with everything it needs, and they are most comfortable on computers that run Linux.

Windows Containers:

Windows containers are a way to package and run software, just like Linux containers, but they are designed to work on computers that run Windows.

Windows Containers Basics:

Container Types:
- Windows Containers come in two main types: Windows Server Core and Nano Server.
  - Windows Server Core: Think of it as a more fully-featured container, suitable for a variety of applications.
  - Nano Server: Think of it as a lightweight container, designed for specific, minimalistic use cases.
Base Images:
- Base images are like the blank canvas you start with when creating a container.
  - Example:
```
   docker pull mcr.microsoft.com/windows/servercore:ltsc2019
```

   - This command pulls the Windows Server Core base image.

 - Example:

   ```bash
   docker pull mcr.microsoft.com/windows/nanoserver:ltsc2019
   ```

   - This command pulls the Nano Server base image.

Supported Environments:
- Windows Containers can run on specific versions of the Windows operating system.
  - Example:
  - You can run Windows containers on Windows Server 2016.

 - Example:
   - You can run Windows containers on Windows 10 Professional and Enterprise, with Hyper-V Isolated Containers for additional isolation.

Container orchestration

container orchestration is a way to manage and coordinate multiple containers, making sure they work together seamlessly to run applications, just like a super-smart manager making sure all the robots work together to build a perfect tower.

Why orchestration?

Many Tasks, One Manager:
- Imagine you have many robots (containers) doing different jobs. Orchestration is like having one super-smart manager (orchestrator) who tells each robot what to do and ensures everything happens smoothly.
Consistency:
- Orchestration makes sure all tasks are done the same way every time. It's like having a set of instructions for your robots to follow, ensuring consistency in their actions.
Efficiency:
- Orchestration helps optimize tasks, making sure resources (like time and materials) are used efficiently. It's like a manager making sure all robots work together without wasting energy.
Scaling:
- When you need more work done, orchestration can easily create additional robots (containers). It's like magically summoning more robots to help when there's a lot to accomplish.
Reliability:
- Orchestration ensures that tasks are completed reliably, even if a robot (container) fails. It's like having a backup plan to make sure the job gets done no matter what.
Coordination:
- Orchestration coordinates tasks, making sure robots work together seamlessly. It's like the manager making sure each robot knows its role and collaborates to achieve the overall goal.

Container Orchestration Code:

# Create a Docker service with 100 replicas (instances) of a Node.js application
docker service create --replicas 100 --name my-nodejs-app nodejs

In this example:

docker service create: This command tells Docker to create a service, which is a group of running containers.
--replicas 100: This flag specifies that you want 100 instances (replicas) of your service.
--name my-nodejs-app: This flag gives a name to your service, in this case, "my-nodejs-app."
nodejs: This is the image or recipe for your Node.js application. It's like the blueprint for baking cupcakes.

So, this simple code is like telling your magical chef's assistant (Docker Swarm) to create 100 replicas of your Node.js application, ensuring that you have a lot of containers running and ready to serve.

Docker Swarm

Docker Swarm is a tool that helps coordinate and manage a group of computers (nodes) to work together as a team of robots, allowing them to deploy and run multiple containers in a coordinated manner. It's like having a chief robot manager making sure all the individual robots build something big and amazing together.

Setting up Docker Swarm:

Swarm Manager:
- Imagine you have a chief robot (Swarm Manager) that leads the team. The chief robot decides what needs to be done and directs the other robots (nodes) on how to work together.

   # Initiate Docker Swarm on the Swarm Manager
   docker swarm init

Node Worker:
- Now, you have worker robots (Node Workers) ready to join the team. The Swarm Manager shares a special code (token) to invite them to work together.

   # Join a Node Worker to the Docker Swarm
   docker swarm join --token <token> <Swarm Manager IP>

Docker Swarm Service:

Now that you have a coordinated team, you want to create a service, like building towers with your robot team:

# Create a Docker service (a group of containers) with 3 replicas (instances)
docker service create --replicas 3 --network frontend --name my-web-server my-web-image

--replicas 3: This flag tells Docker to create three instances (replicas) of your service.
--network frontend: This flag specifies that your service belongs to a network called "frontend."
--name my-web-server: This gives a name to your service, in this case, "my-web-server."
my-web-image: This is the image or blueprint for your web server. It's like the recipe for building the towers.

You set up your robot team with a chief (Swarm Manager) and worker robots (Node Workers). Then, you instruct them to build a service (group of containers) that runs your web server application. The chief robot ensures that three replicas of your web server are created and connected to the "frontend" network. It's like having a chief robot manager overseeing the construction of multiple towers (containers) with the help of the worker robots.

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Decoding the Cyber Threat Landscape: Exploring Different Types of Cyber Attacks

Abishek Haththakage — Wed, 13 Dec 2023 03:36:53 +0000

INTRODUCTION

Technology has led to an interconnected world everywhere but has also created cyber threats that pose significant risks. This report examines various cyber-attacks, their methods, and impacts. By understanding these attacks, users can develop strategies to strengthen cyber defenses.

" There are only two types of organizations: Those that have been hacked and those that don’t know it yet! "
John T. Chambers Former CEO of Cisco Systems

COMMON CYBERATTACKS

A. Ransomware Attacks

Ransomware attacks have emerged as a formidable threat. These malicious attacks often use cunning methods to infiltrate systems through deceptive emails, websites, or vulnerable software.
Once inside, ransomware quickly encrypts essential files, usually holding them hostage until a ransom is paid in cryptocurrency. It causes business disruptions, data loss, and financial setbacks. Compromising or resisting the attackers' demands is challenging. Robust backup strategies, regular updates, and proactive cybersecurity measures are critical to mitigating the effects of ransomware.

Ransomware attacks, explained [Video]
What is a Ransomware Attack? [Article]

B. Phishing Attacks

Phishing is a cunning cyber strategy—attempts to steal sensitive data by masquerading as trusted companies. Attackers trick victims into revealing crucial information. Mainly, they use tactics like email or instant messaging, advanced fee scams, account deactivation cons, and fake websites.
Two specific forms stand out in phishing: spear phishing and clone phishing. Spear phishing targets specific individuals or companies, using phishing messages with personalized details, changing emails, links, or files to look legitimate, and redirecting victims to malicious sites or content. For attacks on high-level executives, using deceptive emails to obtain critical actions or funding is central. Vigilance is the primary method to strengthen against this digital menace.

What is Phishing [Video]
Phishing attacks [Article]

C. Virus

Computer viruses pose as stealthy intrusions designed to disrupt. These malicious codes use various methods to infect your device, often running innocent-looking files, downloads, or even emails. Once inside, they replicate and spread like a virtual contagion, damaging the integrity of your system.
Viruses can manifest in many forms, from the infamous ransomware that demands a ransom for your files to rogue Trojan horses that hide inside seemingly harmless programs. Their effects are far-reaching, including system slowdowns, data corruption, and, in extreme cases, turning off your device.
Protecting yourself from these digital bandits requires a vigilant approach. Regular software updates, vital anti-virus programs, and a healthy dose of unexpected emails or downloads act as your virtual armor.

What are Computer Viruses [video]
Virus [Article]

D. SpyWare

Spyware are silent intruders. These stealthy programs, often undetected, sneak into your device with a singular mission – to surreptitiously track your every digital move.
Spyware uses sneaky methods, running on seemingly harmless downloads or masquerading as freeware. Once embedded, it secretly collects – from passwords – browsing history and sensitive information and sends it to a remote server.
Spyware's effects are as insidious as its methods. It can lead to compromised privacy, identity theft, and financial loss. Identifying and combating these digital spies requires a vigilant approach with regular system scans, robust cybersecurity software, and careful browsing habits.

What is Spyware? [Video]
All about spyware [Article]

ADVANCED PERSISTENT THREATS (APTS)

A. Definition and Characteristics

Advanced Persistent Threats (APTs) represent a complex category of cyberattacks orchestrated by well-funded and organized entities. These attacks are notable for their persistence, stealth, and advanced nature. Unlike most common cyber threats, APTs are not opportunistic; they are meticulously planned and implemented over a long period. APT actors often have significant resources, including financial backing, advanced technical capabilities, and a deep understanding of their targets.
The characteristics of APTs make them particularly challenging for traditional cybersecurity measures to detect and mitigate. Their persistence allows them to remain undetected for long periods, continuously adapting to security measures. Stealth is key, as APTs are designed to avoid alerts and operate silently in the target environment. The advanced nature of these attacks involves using sophisticated techniques, which are highly effective and difficult to counter.
As defenders, understanding the nuances of APTs is critical to developing effective defense strategies. Recognizing that these attacks go beyond the scope of general cyber threats enables organizations to tailor their cyber security measures to meet the specific challenges posed by APTs.

B. Tactics, Techniques and Procedures (TTPs)

APTs use a variety of Tactics, Techniques, and Procedures (TTPs) to achieve their goals—these range from exploiting zero-day vulnerabilities to using sophisticated social engineering tactics. A zero-day vulnerability is a previously unknown software bug that attackers exploit before the software vendor becomes aware and patches. Social engineering involves manipulating people into revealing sensitive information or taking actions that could compromise security.
Understanding APT TTPs is essential for organizations to develop effective defenses against these sophisticated attacks. Some common APT tactics include:

Zero-day exploits: APTs often use undisclosed vulnerabilities in software to gain unauthorized access.
Social Engineering: APT actors manipulate individuals through deceptive tactics to gather information or gain access.
Custom-made malware: APTs create specialized malware tailored to the target environment, making it difficult to detect.
Insider Threats: AAPTs can use insiders within an organization to facilitate their attacks.

By understanding the specific tactics used by APTs, organizations can improve their threat detection capabilities and implement countermeasures tailored to the unique challenges posed by these advanced attacks. This understanding allows for a more proactive and adaptive cyber security posture, critical to mitigating the risks associated with APTs.

Advanced Persistent Threat [Video]
What is an advanced persistent threat (APT)? [Article]

INSIDER THREATS

Insider threats represent a significant risk to organizations as individuals with privileged access can intentionally or unintentionally destroy sensitive information. These insiders may include employees, contractors, or business partners with access to critical systems or data. Insider threats are diverse and can manifest in many ways, including:

Espionage: Insiders may intentionally collect and share sensitive information with outside entities.
Data Theft: Insiders can steal valuable data for personal gain or sell it on the black market.
Malicious Activities: Disgruntled employees may engage in activities that harm the organization, such as deleting critical data or disrupting operations.

Mitigating insider threats requires a multifaceted approach that combines technical solutions with corporate policies and a cybersecurity-aware culture. Robust access controls play a key role in limiting people's access to only the information necessary for their roles, reducing the potential impact of insider threats.
Creating a cybersecurity-aware culture within an organization involves educating employees about the risks associated with insider threats and promoting a sense of responsibility for protecting sensitive information. Regular training programs help employees identify and report suspicious activity, creating a collaborative effort to maintain a safe environment.
Implementing user activity monitoring tools can help identify unusual or malicious behavior by insiders. Organizations can identify anomalies that may indicate a threat by analyzing access patterns and data usage. Additionally, establishing clear incident response plans ensures that organizations can respond quickly and effectively in the event of an insider threat incident.
Ultimately, maintaining a secure and resilient cybersecurity posture requires identifying potential risks posed by insider threats and implementing proactive measures to mitigate these risks.

Defining Insider Threats [Article]
What Is an Insider Threat [Article]
The Insider Threat | Security Detail [Video]

DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

Distributed Denial of Service (DDoS) attacks aim to overwhelm a target's online services by flooding them with heavy traffic. These attacks disrupt the regular operation of the targeted system or network, making it inaccessible to legitimate users. DDoS attacks can have dire consequences for businesses, from financial loss to affecting the availability of critical online services.

A. Mitigation Strategies:

Network Monitoring: Regular monitoring of network traffic patterns can help detect early signs of a DDoS attack. Anomalies, such as a sudden increase in incoming traffic, can trigger alerts for immediate investigation.
Traffic Filtering: Implementing traffic filtering mechanisms helps distinguish legitimate traffic from malicious traffic. This includes blocking or limiting the impact of malicious requests while allowing legitimate users to access the Services.
Dedicated DDoS Mitigation Tools: Dedicated DDoS mitigation tools and services can provide advanced capabilities to detect and mitigate DDoS attacks. These tools often use a combination of traffic analysis, behavioral analytics, and machine learning to distinguish between legitimate and malicious traffic.
Content Delivery Networks (CDNs): CDNs can distribute a load of incoming traffic across multiple servers, making it harder for attackers to bypass a single target. CDNs can absorb a significant portion of DDoS traffic, ensuring that targeted services remain accessible.
Scalable Infrastructure: Ensuring that the infrastructure supporting online services is scalable allows it to absorb more traffic during a DDoS attack. Scalability enables the organization to maintain service availability even under heavy load.
Response Planning: Developing and regularly testing incident response plans specific to DDoS attacks ensures that organizations can respond quickly and effectively. This may include coordination with DDoS mitigation service providers and law enforcement, depending on the severity of the attack.

Organizations must combine these mitigation strategies to improve their resilience against DDoS attacks. As DDoS attack methods continue to evolve, staying aware of emerging threats and updating mitigation strategies accordingly is critical to maintaining effective cybersecurity defenses.

Distributed Denial of Service (DDoS) [Article]
What is a DDoS attack? [Article]
Distributed denial of service attacks [Research]
Denial of Service Attacks Explained [Video]

EMERGING THREATS

As technology evolves, new threats are emerging, requiring a proactive approach and continuous research to stay ahead of previous risks. Some emerging threats that organizations need to be vigilant about include:

Artificial Intelligence (AI) and Machine Learning (ML) Attacks: Adversaries can use AI and ML to improve the sophistication of their attacks, making them more adaptive and evasive. Defenders must use advanced AI and ML techniques to identify and mitigate threats.
5G Security Challenges: The rollout of 5G technology introduces new security challenges, including increased attack surfaces and the potential for more sophisticated attacks. Organizations must adapt their cybersecurity measures to address the unique risks associated with 5G networks.
Internet of Things (IoT) Vulnerabilities: : The proliferation of IoT devices creates additional entry points for cyber-attacks. Securing IoT devices and networks is critical to preventing unauthorized access and potential exploitation.
Quantum Computing Threats: Advances in quantum computing may threaten traditional encryption methods. Organizations need to explore and adopt quantum-resistant cryptographic algorithms to ensure the continued security of their data.
Cyber-Physical Attacks: The convergence of digital and physical systems introduces the risk of cyber-physical attacks, where adversaries can manipulate digital and physical components. Defenders must implement measures to secure cyber-physical systems effectively.

CONCLUSION

This detailed analysis underscores the complex nature of contemporary cyber security practices and the variety of cyber threats organizations face. Given the dynamic and evolving tactics malicious actors use, they require multiple cybersecurity approaches.
Collaboration among stakeholders, including government agencies, private enterprises, and the cybersecurity community, is essential to strengthening defenses against cyber threats' pervasive and ever-changing nature. As the digital world continues to evolve, a proactive stance, continuous research, and adaptive security measures are critical to staying ahead of emerging threats and ensuring a resilient cybersecurity posture. Organizations must remain vigilant, invest in cybersecurity education and training, and embrace innovative technologies to protect their digital assets and infrastructure from the evolving threat landscape.

Okay, that’s it for this article.
This is my university Information Assurance subject assignment article. I am Aloka Abishek Haththakage, Department of Information and Communication Technology, Uva Wellassa University.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Hacktoberfest 2023: Celebrating the Last Days- My Rewards and Your Opportunity to Shine

Abishek Haththakage — Sun, 29 Oct 2023 17:44:07 +0000

As we approach the final week of Hacktoberfest 2023, the open-source community is buzzing with excitement. This past month has seen incredible contributions, collaborations, and a shared commitment to sustainability. In this article, I'm thrilled to share my own success story, hoping to inspire you to embark on your Hacktoberfest journey if you haven't already. Remember, the rewards and impact extend far beyond the code you contribute.

GitHub

Intro

Hello, I'm Abishek Haththakage, a DevOps enthusiastic undergraduate student with a strong passion for computer science. My tech journey began in my childhood and has been an exhilarating ride ever since. In this blog, I'll take you through my experiences, challenges, and growth during my participation in Hacktoberfest, an event that profoundly impacted me.

Hacktoberfest: My First Taste of Open Source

In the midst of my programming adventures, I stumbled upon Hacktoberfest, an annual event that celebrates open-source contributions. I decided to take the plunge and participate. Little did I know that this would be a turning point in my journey.

Highs and Lows: My Hacktoberfest Experience

Participating in Hacktoberfest was an exhilarating experience. I embarked on my open-source journey, ready to make a meaningful contribution to the tech community. However, it wasn't all smooth sailing. I encountered several challenges, such as:

Getting Started with New Projects: The process of getting started with new open-source projects can be overwhelming. Navigating through the codebase, understanding the project's goals, and identifying issues to work on was initially daunting.

Working Processes: Each open-source project has its own set of working processes and guidelines. Adapting to these processes and ensuring that my contributions adhered to their standards required time and effort.

Overcoming Challenges: A Steep Learning Curve

Despite the initial hurdles, I was determined to overcome these challenges. With perseverance and a proactive approach, I started making progress. I sought guidance from experienced contributors and tapped into the collective wisdom of the open-source community. It was heartening to see the supportive and collaborative nature of this community.

By the end of Hacktoberfest, I had successfully made Eight contributions. These contributions ranged from bug fixes to new feature implementations, and each one was a valuable learning experience. I had come a long way from where I started, and the journey was far from over.

My Tree-Planting Reward: A Symbol of Environmental Responsibility
This year, Hacktoberfest made a bold move toward sustainability by replacing the beloved t-shirt rewards with digital reward kits. But it didn't end there. In the spirit of environmental responsibility, Hacktoberfest initiated a tree-planting program. Each time I completed my first pull/merge request, a tree was planted as part of the Usambara Biodiversity Conservation project in Tanzania. It's a tangible way for the tech community to give back to the environment and contribute to reforesting our planet.

Growth and Future Endeavors

Participating in Hacktoberfest opened my eyes to the incredible world of open source. I gained a profound understanding of how GitHub works, the importance of version control, and the significance of collaboration in building innovative solutions. I also developed skills in effective communication, problem-solving, and project management.

My experiences during Hacktoberfest have inspired me to continue contributing to open-source projects. I'm excited to dive deeper into the open-source world, explore new technologies, and collaborate with fellow tech enthusiasts.

Repos Beginners can contribute :

Hacktoberfest
Hacktoberfest2021
HacktoberFest
Hacktoberfest

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Hacktoberfest 2023: A Digital Swag Revolution for Open-Source Enthusiasts

Abishek Haththakage — Sun, 29 Oct 2023 14:29:06 +0000

Hacktoberfest is an annual event that encourages people to contribute to open-source projects on platforms like GitHub. It usually takes place throughout the month of October. Participants are required to make a certain number of pull requests (code contributions) to open-source repositories to earn a limited-edition Hacktoberfest t-shirt or other rewards. It's a fun way for people to get involved in the open-source community, learn and improve their coding skills, and give back to the software development community.

Why Is Hacktoberfest So Popular?

Hacktoberfest is super popular because it makes open-source coding easy and fun. People of all coding levels can join in, from beginners to pros. You help out on cool projects, and in return, you get rewards like a special t-shirt. It's a big yearly event that connects coders from all around the world. You can learn and make friends, and it's really simple to get started - just have an internet connection, a GitHub account, and a desire to learn and help. This mix of inclusivity, learning, and free stuff makes Hacktoberfest a favourite among coders.

Hacktoberfest 2023: A Digital Swag Revolution

Hacktoberfest swags, or goodies, are a key attraction for many participants in the annual event. These swags are incentives offered to individuals who complete the Hacktoberfest challenge, which typically involves making a specific number of contributions to open-source repositories on platforms like GitHub during the month of October. The swag items vary from year to year but often include a limited-edition Hacktoberfest t-shirt, stickers, and sometimes other exclusive merchandise like hoodies, laptop decals, or even small gadgets. These items are not only cool to have but also serve as badges of honour and reminders of one's contributions to the open-source community. They help create a sense of belonging and reward contributors for their efforts, further motivating people to participate in Hacktoberfest and support open source.

In its tenth year, Hacktoberfest is changing things up for the future. Instead of giving out t-shirts, they're now offering digital rewards. T-shirt production and shipping had gotten really hard, and it was costly. People in some countries even had to pay a lot for customs taxes. But Hacktoberfest is still all about supporting open-source projects. Now, they're working with Holopin to offer a digital reward kit. It has cool customizable badges that show your journey in open source. You can also win special badges and gifts. And if you succeed, you can share your badge on the Holopin Hacktoberfest Badge Board of Fame. Plus, they're planting a tree for the first 50,000 people who complete their first pull/merge request this year, instead of giving out t-shirts.

Exciting Rewards for Hacktoberfest 2023

Hacktoberfest 2023 Reward Kit offers various rewards to participants who complete the event.

Rewards include:

Amplication: Free Amplication Pro Plan for two months and other gifts.
Appwrite: $50 in Appwrite Cloud Credits, valid for 90 days.
DagsHub: A 1-month free trial of the Team tier, including up to 1TB of storage, data and notebook versioning CI/CD/CT integration, and up to 5 Annotation projects.
DEV: Earn dev.to badges for contributions, gain community recognition, and receive discounts for the Form Shop.
DigitalOcean: $200 in Credits, valid for 60 days.
GitHub: GitHub's Student Developer Pack offers verified students thousands of dollars worth of tools for free.
Hacktoberfest: Participants can get featured in the 2023 Hall of Fame.
Holopin: One month free of the Holopin Starter Plan to create and issue 1 badge for up to 100 recipients.
Hugging Face: An exclusive Hugging Face badge and access to an organization that provides early access to new features.
ILLA: Redeem two months of free access to ILLA Cloud Premium, or 80% off for 6 months.
MLH: Claim a special Holopin digital badge to celebrate Open Source and MLH Global Hack Week, with some additional special perks.
OpenSauced: 12 months of free access to all OpenSauced's paid features, and the chance to connect with other contributors and maintainers.

From my experience at Hacktoberfest.Hacktoberfest is a fantastic event with benefits. It lets you learn and grow your coding skills by contributing to open-source projects. You can make new friends and professional connections in the tech world. Plus, you're giving back to the community by improving open-source software. And don't forget the cool swag you can earn! So, it's a win-win for everyone involved.

Official Hacktoberfest Website
GitHub's Blog
DigitalOcean's Blog

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Streamlining the User Experience: Enhancing the Admin Panel for Seamless Management

Abishek Haththakage — Wed, 19 Jul 2023 17:06:19 +0000

What I built

I built a Refine Admin Panel that serves as a comprehensive tool for managing and organizing data. It provides various features and functionality to streamline the data management process and increase productivity.

Category Submission:

Project built using Supabase as the main data provider for the refine app and Project built using Material UI.

App Link

The app is hosted via Netlify. LINK

Screenshots

Description

Refine Admin Panel is a user-friendly web application that provides an intuitive interface for managing and refining data. It is designed to simplify complex data management tasks and increase efficiency. Key features of the Refine Admin Panel include:

Data Import/Export: Easily import and export data in various formats like CSV, Excel, JSON.

Data Visualization: Generate visual representations of data using charts, graphs and other visualization techniques to facilitate understanding and decision making.

Data Filtering and Sorting: Filter and sort data based on specific criteria to locate and analyze information more effectively.

Bulk Operations: Perform bulk operations on data, such as editing multiple records at once, deleting selected data, or applying changes to a subset of data.

User Management: Manage user accounts, access levels and permissions to ensure secure and controlled access to the admin panel.

Customization: Customize the look and layout of the admin panel to suit your preferences and branding needs.

Automation and Integration: Integrate the refined admin panel with other systems or workflows using APIs or webhooks to automate data processing tasks and streamline operations.

Link to Source Code

The app's source code is accessible on GitHub: https://github.com/abhixsh/Blog-logging-panel-refine

Permissive License

The MIT license, a liberal free software license, governs the use of the application. This indicates that there are no restrictions on how the software may be used, updated, or distributed, including for commercial reasons.

Background (What made you decide to build this particular app? What inspired you?)

The decision to build this particular application was primarily driven by the desire to learn and gain hands-on experience in performing CRUD (Create, Read, Update, Delete) operations in web development. CRUD operations are the core functionalities that are widely used in various applications and are the backbone of many software systems.

How I built it (How did you utilize refine? Did you learn something new along the way? Pick up a new skill?)

Learned a lot about Refine. Refine, also known as OpenRefine, is a powerful open-source tool for data cleaning, transformation, and exploration. It provides a user-friendly interface and a range of features that help users improve the quality and consistency of their data.

Additional Resources/Info

refine tutorial for building a complete CRUD app.
refine official documentation

A Comprehensive Beginner's Guide to NPM: Simplifying Package Management

Abishek Haththakage — Fri, 14 Jul 2023 02:00:46 +0000

In the vast landscape of web development, efficiently managing project dependencies is crucial for seamless development workflows. Enter NPM (Node Package Manager), a robust package manager designed for JavaScript projects, primarily used in conjunction with Node.js. This fully beginner-friendly guide will take you through the fundamentals of NPM, providing you with a solid foundation for simplifying package management and streamlining your development process.

NPM is a command-line tool that facilitates the installation, management, and sharing of reusable JavaScript code modules, known as packages, within your projects. As the default package manager for Node.js, NPM comes bundled with the Node.js installation, making it readily available.

Installing NPM:

Before diving into NPM, you'll need to have Node.js installed on your system. Simply head over to the official Node.js website (nodejs.org) and download the appropriate version for your operating system. Once Node.js is successfully installed, NPM will be at your fingertips through your command prompt or terminal.

And also, npm includes a CLI (Command Line Client) that can be used to download and install the software:

Windows Example
C:\>npm install <package>

Mac OS Example
>npm install <package>

Here are some beginner-level NPM commands:

npm init
This command initializes a new NPM package within your project directory. It creates a package.json file, where you can define project metadata, dependencies, and other configurations.
npm install <package-name>
This command installs a specific NPM package and its dependencies into your project. Replace <package-name> with the name of the package you want to install. The package and its dependencies will be downloaded and saved in the node_modules folder.
npm install
Running npm install without specifying a package name will install all the dependencies listed in the package.json file. It ensures that all required packages for your project are installed and up to date.
npm uninstall <package-name>
This command removes a specific NPM package from your project. Replace <package-name> with the name of the package you want to uninstall. The package and its associated files will be removed from the node_modules folder.
npm update
Running npm update updates all the packages listed in the package.json file to their latest versions. It checks for new versions of packages and updates them accordingly. It's important to test your code after running this command to ensure compatibility with the updated packages.
npm outdated
The npm outdated command displays a list of installed packages that have newer versions available. It helps you identify which packages are outdated and need to be updated to their latest versions.
npm run <script-name>
NPM allows you to define custom scripts in the scripts section of your package.json file. The npm run <script-name> command executes a specific script defined in the package.json file. Replace <script-name> with the name of the script you want to run.
npm publish
If you have developed a package and want to make it available to others, the npm publish command helps you publish your package to the NPM registry. It allows other developers to install and use your package in their projects.

You can See a simple NPM Basics Cheat Sheet through this link

Free Courses :

NPM Full Course For Beginners - Learn NPM fundamentals and basics
Node.js Essential Training: Web Servers, Tests, and Deployment

There are some additional points.

Managing Dependencies:
NPM simplifies dependency management by allowing you to specify desired package versions and ranges directly within the package.json file. With this approach, NPM ensures that all required packages are installed correctly, thereby avoiding version conflicts and ensuring the stability of your project. To update or remove packages, NPM provides dedicated commands like npm update or npm uninstall, further streamlining the management process.

Unleashing the Power of NPM Scripts:
NPM Scripts are a powerful feature that empowers developers to define custom scripts within the package.json file. These scripts can be easily executed via the command line, using the npm run syntax. By harnessing NPM Scripts, you can automate a wide range of tasks, such as running tests, building your project, or deploying to a server, greatly enhancing your development workflow.

Publishing Your Packages:
NPM goes beyond consuming packages and enables developers to publish their packages to the NPM registry, thereby contributing to the vibrant JavaScript ecosystem. By creating an account on the NPM website and following a few straightforward steps, you can share your code with the community, receive feedback, and make your mark within the development community.

Introducing the Package.json File:

At the core of every NPM project lies the essential "package.json" file. This file acts as the project's manifesto, housing crucial metadata such as the project name, version, dependencies, and other essential configurations. You can manually create a package.json file or generate one effortlessly by executing the npm init command within your project directory.

NPM serves as a robust and indispensable tool for simplifying package management within JavaScript projects. By familiarizing yourself with NPM's fundamentals, you gain the ability to effortlessly install, manage, and share packages, ultimately improving your development workflow. Armed with this knowledge, you can harness the benefits of NPM to create efficient and maintainable projects, all while enhancing your web development skill set.

Additional resources

NPM website: https://www.npmjs.com/
NPM documentation: https://docs.npmjs.com/
Node.js website: https://nodejs.org/en/
JavaScript tutorial: https://www.w3schools.com/js/

Okay, that’s it for this article.
Also, if you have any questions about this or anything else, please feel free to let me know in a comment below or on Instagram , Facebook or Twitter.

Thank you for reading this article, and see you soon in the next one! ❤️

Motivational Quote Generator: An App to Help You Stay Inspired

Abishek Haththakage — Sun, 14 May 2023 11:34:56 +0000

Success depends heavily on motivation, yet maintaining that motivation is not always simple. We occasionally require that extra push to keep moving forward. The Motivational Quote Generator can help with that. This software was developed to offer users daily doses of motivational inspiration.

JavaScript, HTML, and CSS were used to create the app. It has a straightforward user interface and shows an inspirational saying and an emoticon to assist establish the mood for the day. By selecting the "Generate Quote" button, users can create a fresh quote. From a list of 34 quotes, the software chooses one at random and displays it on the screen.

What I built

A API called Motivational Quote Generator offers users a selection of inspirational quotes at random. Users can obtain a fresh quote to inspire and motivate them with just one click on the "Generate Quote" button. The quote is shown on the page by the app.

Category Submission:

The app has been categorized as "Wacky Wildcards" in the submission.

App Link

The app is hosted via github pages. LINK

Screenshots

Description

JavaScript, CSS, and simple HTML were used to create this project. The list of quotes that are displayed on the website is contained in the quotes array in the JavaScript file. A random quotation is chosen from the quotes array and displayed on the webpage when the user clicks the "Generate Quote" button.

The webpage's basic structure is contained in the HTML file. The inspirational quotation and emoji are shown in the div element with the id "quote-container". The "generate-btn" id, which is used to pick the button element in JavaScript, is associated with the "Generate Quote" button.

The website's styles are contained in the CSS file. The background color of the body element is #1c1c1e, and its sans-serif font is from the "Helvetica Neue" family. The maximum width and margin of the webpage are set using the container class. The text-align property of the h1 element is set to center, and the font size is 2.5 rem.

The deployment of a website to GitHub Pages is automated by the YAML code in this GitHub Actions workflow. This is my sample.


name: Deploy to GitHub Pages

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Build and Deploy
        uses: JamesIves/github-pages-deploy-action@4.1.0
        with:
          branch: gh-pages
          folder: .

Link to Source Code

The app's source code is accessible on GitHub:https://github.com/abhixsh/motivate-me

Permissive License

Background (What made you decide to build this particular app? What inspired you?)

The "Generate Quote" button on this app's APK generates a random inspirational quote each time it is pressed. The website employs HTML, CSS, and JavaScript to produce a simple, aesthetically pleasing, and user-friendly experience. The goal of creating this app was to give users a quick and simple way to receive inspiration and support whenever they need it. The motivational quotes included in the app come from a wide spectrum of well-known people, including politicians, authors, scientists, and artists. They address a variety of issues relating to achievement, perseverance, and personal development. Anyone who needs a little incentive to get through the day can use the app because it is made to be user-friendly for a broad audience.

How I built it (How did you utilize GitHub Actions or GitHub Codespaces? Did you learn something new along the way? Pick up a new skill?)

This project is set up for CI/CD using GitHub Actions. The GitHub Actions procedure gets activated whenever there is a fresh push to the main branch. The procedure tests the JavaScript file to ensure that it is functioning properly. The workflow launches the project to GitHub Pages if the testing is successful. By doing this, the project is always current and functioning properly. Here I learned about GitHub actions very well to do this project. It added something new to my skill set.

Additional Resources/Info

Features: GitHub Actions
GitHub Actions Documentation
GitHub Pages