Wednesday, October 28, 2020

Finding the .NET version on windows

 In Java, you can execute a simple command "java -version", but unfortunately it is not so straightforward in .NET.

The below stackoverflow thread shows some commands that can be leveraged to find out the .NET version - https://stackoverflow.com/questions/1565434/how-do-i-find-the-net-version

The commands which worked for me on Win10 are as follows:

Command Prompt (cmd):

dir /b /ad /o-n %systemroot%\Microsoft.NET\Framework\v?.*

The above command will list down all versions of .NET except v4.5 and above. 

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version

The above command will work for .NET versions v4.5 and above. 

PowerShell:

gci 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -recurse | gp -name Version,Release -EA 0 | where { $_.PSChildName -match '^(?!S)\p{L}'} | select PSChildName, Version, Release

The above powershell command is the most versatile and will list down all versions. 

Saturday, October 24, 2020

Ruminating on Ontology

Ontology is nothing but the structure of knowledge (a language to represent knowledge). The primary objective of an Ontology is to describe the knowledge about a domain (concepts and relationships). 

In data science, ontologies can be used to create a semantic layer on top of existing data to make existing organizational data FAIR (Findable, Accessible, Interoperable and Reusable). 

Protege (https://protege.stanford.edu/) is an excellent free opensource tool to create ontologies. A fun example of a pizza ontology can be found here

The Web Ontology Language (OWL) is a suite of knowledge representation languages for authoring ontologies. For UML lovers, there is also a OWL profile for UML. A good example of using the OWL profile for UML is here - https://www.researchgate.net/figure/A-first-sample-ontology-depicted-using-the-UML-profile-for-OWL-ontologies_fig4_228867697

Friday, October 02, 2020

Ruminating on Automation (RPA) Security Risks

 Intelligent automation & RPA can drive operational efficiencies at organizations and help boost the productivity of enterprise resources. But there is also a risk of cyber-attacks as bots introduce a new attack surface for hackers. 

Without proper measures, enterprises may face increased risk exposure due to bots. The following recommendations would enable organizations to mitigate the risk of such security attacks.

  1. Secure Vault: All credentials required by the bot to execute tasks on applications should be securely stored in a Vault (e.g. CyberArk or HashiCorp Vault). This ensures that the target application credentials are not stored by the bot and only accessed at runtime by the bot from the vault. 

  2. Least Privilege Access: bots should not be given a blanket access to perform all operations, but should be given only appropriate access as required for the automation usecases - e.g. many automation usecases would entail 'read-only' access to databases/applications. 

  3. Selecting appropriate Automation use-cases: While down-selecting automation usecases, it would be good to have 'Security Risk' as an parameter for assessment. If a bot needs admin access across multiple applications to perform critical business functions, then the organization can decide to NOT automate this usecase and handover the case to a knowledge worker. The bot can enable this smooth transition to humans (via a workflow or case management tool).

  4. Change Bot passwords/secure keys: As a security best practice, change the passwords and secure keys for the bots (and machines where bots run) regularly (e.g. once a month). 

  5. Security Testing of Bots: Ultimately bots are also software components and we need to make sure that the bots undergo both static code security analysis and runtime security testing. 

  6. Audit Trail & Proactive Monitoring: The automation framework should provide a detailed audit log of all bot activities. Each and every step executed by the bot should be available for forensic audit if required. Proactive monitoring of this audit log can also be automated to quickly alert users of any anomaly pattern or security breach. 

  7. Governance Framework - Last but not the least, it is important to setup a proper governance framework for bot lifecycle management. The governance framework should clearly define the roles and responsibilities and the proper process to be followed for the entire bot lifecycle.