Onyx Point is located at

7050 Hi Tech Dr, Suite 102
Hanover, MD 21076

410.541.ONYX (6699)
info@onyxpoint.com

OnyxPoint

Onyx Point Privacy Policy

Your privacy is very important to us. Our Privacy Policy describes how we use our website to collect, use, communicate and make use of personal information.

Onyx Point uses Google Analytics to assess website health and functionality. Google Analytics utilizes a standard technology called “cookies,” to collect information and report on how our website is being used. When accessing www.onyxpoint.com, we will be collecting non-personally identifiable information that may include the date and time of your site visit, the number of pages visited during your session, and/or your session duration. We will also collect information pertaining to the browser or device used, the operating system used, the domain name of your internet service provider and your IP address. Google Inc. may transfer the information it collects on to third parties when required to do so by law or where such third parties process the information on Google’s behalf. By using this website you have granted your consent to the processing of data about you by Google in the manners outlined above.

We will not collect personally identifiable information about you such as your name, address, telephone number or email address, unless you choose submit it via the “Contact Us” form, or a Newsletter Subscription form found on numerous pages throughout our site.

Cookies
Cookies are unique text files that are placed on your computer to help our website identify how users interact with it. Information gathered from these cookies about your interactions with our website, including your IP address, is transmitted and stored by Google in the United States. Google uses this information to evaluate and report on the interaction you have on our website. This practice helps us provide you with a positive website experience.

Email Information
Onyx Point will collect and store your email information only if you willingly fill out a “Contact Us” form. You have the right to remove your email address from any of our mailing lists.

Collection of Information by Third-Party Sites and Sponsors
Our site contains links to other parties’ sites whose privacy policies may differ from ours. We advertise events and publications with links to their website for content review and event registration. If you are concerned with how these sites treat your privacy, please review the policies on the applicable websites.

Policy Changes
We reserve the right to change or update this Privacy Policy at any time without prior notice. We are committed to conducting business in accordance with these guiding principles in order to ensure the confidentiality of your personal information is protected and maintained.

Contact
If you have any questions regarding this policy or your interactions with our website, please contact us by email at: info@onyxpoint.com or by mail:

Onyx Point Inc.
7050 Hi Tech Dr, Suit3 102
Hanover, MD 21076

We Engineer Excellence

At Onyx Point, we design the mission critical IT solutions you need to lead in Cloud Infrastructure, Systems Automation, and Applied Security Engineering.

We're Recruiting

We're always looking for the most innovative and driven developers and engineers. Think you cut it? Read up about us and apply now!

Systems Engineering

We feel that solid Systems Engineering, built around industry best practices, is key to successful systems. Let us leverage our Engineering expertise to help you build your next mission critical system.

Learn more.

Policy Compliance

Our focus on foundational compliance ensures that our work aligns with the needs of our customers. Whether Defense, Medical, or Industry, we are adept at translating requirements into practical application.

Learn more.

Applied Security

In the complex field of security, we've worn a lot of hats - black, white, and grey. We are experts at decomposing security requirements into actionable specifications from both internal and external stakeholders.

Learn more.

Infrastructure Automation

At Onyx Point, our infrastructure automation services allow you to automatically provision systems with fewer staff and greater efficiencies - without compromising your standards.

Learn more.

Automation Consulting

Onyx Point can help you deploy, configure, and maintain your system infrastructure across the globe. Let us help you navigate the cultural and technological challenges that come with a more responsive, and secure, infrastructure.

Learn more.

Government Solutions

Our experience in automating large-scale systems for multiple Government customers, while conforming to NIST, SCAP, DoD, and PII standards, makes us uniquely qualified to deliver systems acceptable to Certification and Accreditation Authorities.

Learn more.

Self-Maintaining System

All information systems should be able to seamlessly recover to a functional steady state regardless of external threats. Let us help you effect an operational environment offering uncompromising high fidelity along with a competitive edge and greater savings.

Learn more.

Latest Blog Post

01 14 2016

SIMP – Let in the Light

Configuration Management and Server Management have always gone hand-in-hand for me. In the beginning of my career, I was fortunate to learn Puppet and Linux at the same time which engaged me with both development and operational disciplines. This was my introduction to DevOps.

 

My first pure Linux DevOps job required me to use SIMP in production prior to it’s official Open Source release. With a SIMP framework in place, it was easy to take security and compliance for granted because it was all done for me. Not everything about using the SIMP framework was easy. I was often irritated when my newly developed application wasn’t running as I thought it should. I was tormented, troubleshooting the same few issues at first. “Why can’t I connect on this port? Why does my service keep dying? Why can’t my system user access things?” Usually, I could resolve these particular issues within an hour and successfully launch my application in the development environment. What I took for granted was that I rarely, if ever, experienced deviation in my applications from development to production. Two years passed, and I grew accustomed to a method and style of development built on a compliance framework.

 

Now, I have a much wider customer base and work with all types of organizations to integrate necessary components into their existing systems. I’m currently working with a customer to automate security hardening of servers already living in production. I know that integration can come with quick successes or it can bring extended challenges that take ongoing effort to work through.

 

Many of these organizations are transitioning to DevOps by writing Puppet code and deploying applications automatically. With all the foundational prerequisites in place, the application is deployed and configured almost like magic. The application just seems to self-deploy to the development and test environments. The organization often claims they’ve reached continuous integration.

 

Then the application deploys from test to production. The DevOps team didn’t bother to make the security and compliance baseline exact mirrors between development and production. The team is supporting a deployment to production and discovers, “our firewall doesn’t allow that,” and “our antivirus thinks the application is a threat.” The myriad of problems going from a vanilla CentOS 7 install to a fully secure network and OS in production can be astounding. Many organizations are guilty of treating development environments as wild-west commodities, ready to be created and destroyed at a moment’s notice while the production servers are regarded as holy relics, where thou shalt not change nor understand security and compliance configuration.

 

I didn’t understand that we were working in Rugged DevOps until I started working around DevOps that ignored security and compliance. If you thought your application was pristine in the development environment, but the security stance in the production environment destroyed your successful deployment, you’re not really doing Continuous Integration. You may have the Dev and Ops teams together, but you somehow forgot the Security team that also supports the product. You’ve completely forgotten to configure an integral part of your system as part of your infrastructure in the beginning, rather than the end. Now you’re back to meetings and stovepipes trying to make sure team A is supporting team B properly. And so I discover that the SIMP problem of “Why can’t I connect on this port?” is a far easier problem to tackle than “How do I get 93 different firewall settings on 1,400 different systems?

 

SIMP by default provisions dark, lifeless boxes. The kind of server that sees nothing but DNS and SSH, with no entry granted because root login is disabled and every other user isn’t allowed a login thanks to PAM. Each and every server is hardened to a point of almost utter despair. Nothing runs, and every 30 minutes, it returns to that state of lifelessness. This is what a completely hardened system looks like. It is a system attempting to block out everything it does not recognize, and by default it recognizes nothing.

 

So, I learned to soften instead of harden. If I want a user login, I create a user (or even better, use the included SIMP LDAP). Then I just add a single PAM entry allowing my user group access. Now, I have a door in my dark, lifeless system. I then add my application, and I add it in the default Puppet way: user, package, service, file. My lifeless box has sprung forth with life. The only thing missing is light. I install Apache (pre-configured with SSL) and add an iptables rule to allow port 443. Now I’ve got a functioning https web application. I’ve just systematically configured the doors, a living application and a window into my server, turning this void into a breathing ecosystem. Deploying from Development to Production from here is easy, because I create life from the same lifeless black boxes in development that I do in production. I don’t have any compliance or security deviation between environments, because it all starts locked down frmo the beginning.

 

Learn to give a dark place life, rather than creating life and hoping it can live in a dark place.

 

Here is a very simplified example of what giving my application life might look like:

class ‘simp-life’ {

###########

#Door – a login

###########

user {‘simp-life’: ensure => present}

pam::groupaccess::modify { ‘simp-life’: ensure => present}

###############

#Life – an application

###############

package{‘simp-life’: ensure => present}

file {‘/opt/simp-life/config.xml’:

ensure  => present,

source  => ‘Puppet:///modules/simp-life/config.xml’

require => Package[‘simp-life’]

}

service {‘simp-life:

ensure => present,

require => File[‘/opt/simp-life/config.xml’],

}

########################

#Window – Allowing the outside in

########################

include ‘apache:ssl’

apache::ssl::setup {‘default’:}

iptables::add_tcp_stateful_listen {‘allow_life’:

dports => ‘443’,

}

}

 

Upcoming Events

Check back soon for upcoming events.


View all upcoming events