Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

d.</p><p id="0068">And because of their relative homogeneity, ego-Networks can easily become echo-chambers.</p><p id="7e3e">If the hub of an ego-network goes away the network falls apart. In an ego-network, the person is the purpose, and without that person, the connections are gone. My marriage (wonderful as it is), ended a lovely phase of networked connectedness in my life, because the purpose of our interactions (my need for help with child-raising) ended and the network drifted apart.</p><h2 id="1732">Eco-Networks Fit Between Socio-networks and Open Networks</h2><p id="8853">An Eco-Network is a relative newcomer to the network-science labelling game. I don’t even know where I got the term from. It’s not in the book I pulled the others from, which is what I’d expected. I know I’ve come across it in a few places over the course of my network reading but haven’t been able to re-find them — so if anyone reading this can find them, please share with us!</p><p id="77ca">In any case, an eco-network sits somewhere between a socio-network and an open-network. A socio-network (the ‘network in a box’) generally has a centrally defined, narrow purpose (think ‘mission statement’ or ‘avoiding organizational bankruptcy’); a clear and precise definition of inclusion (think ‘everyone on our payroll’ or ‘the roll-call list’); a relatively centralized and hierarchical command system; and officially-sanctioned and controlled information and resource flows (balanced by secret, un-sanctioned information flows). Whereas an open network is unbounded, random, directionless and incoherent (think Twitter, Facebook, Instagram).</p><p id="0b65">So we could think of an eco-network as skirting the boundary between rigid pseudo-control and a free-for-all. In my mind, an eco-network is the social equivalent of that strange attractor within a system that generates ordered patterns out of chaos. To me, an eco-network has the potential to generate a collective path from our current world — a world presently oscillating between destructive authoritarian rigidity and chaotic collapse — to a new world, built on an evolved understanding of order/structure, connection, and thriving.</p><h2 id="9d53">What IS an Eco-Network?</h2><p id="56e0">But what does all that MEAN, practically speaking?</p><p id="a65c">Well, it helps to think about ecosystems. For one thing, both eco-networks and ecosystems only thrive with ample diversity.</p><p id="05c0">For another — in both cases, flows of resources (whether money, information, skills, trust and shared inspiration or nutrients, shared environmental context, water and sunshine) are complexly reciprocal, as opposed to transactional. In a forest ecosystem, no-one barters with the squirrel to get it to poop out worm and fungi food. And in exchange for the squirrel poop, worms and fungi don’t break the elements down fine enough so that plant roots can absorb them because the trees or the pooping animals pay them to — they do it because that’s what they do, it’s part of their organic process. The trees and other plants only grow if there are adequate nutrients and water — and when they do, they create food some of the animals need to survive (and poop out), some of which become food for other animals, and it all requires water, water retention, healthy soil — and so on. There is an organically-driven flow of value, based on adequate diversity, that is not directly transactional.</p><p id="3124">There is no need for direct transactions because each community member’s survival depends on the in-flows (food, etc.) and out-flows (poop, etc.) of all the members. Transactions are too small a dynamic to support the complexity and adaptivity of an ecosystem.</p><p id="c510">The ecosystem forms an interdependent network of a huge variety of life forms, moving a broad range of nutrients freely through a complex system of flows that sustains the whole thing. Pull out too many parts, or just block up too many of the flows from one component to another and the whole thing collapses. And when I say ‘flows’ here, I mean ‘connection’/’relationship’. You could have all the pieces of the system/network, but if they weren’t able to interact, you wouldn’t have a network, let alone a living system.</p><p id="6f03">In an ecosystem, there is also no ‘boss’, no centralized command and control. The whole thing works because of how the community fits together, not because someone designed it that way. A social eco-network is similar. There may be players with larger impacts and greater input into direction, but that doesn’t mean they master-mind and control the whole thing.</p><p id="248a">Another thing a social eco-network and a ecosystem have in common is boundaries. They may be fuzzy, but they are real and discernable. For instance, there is diversity, but the diversity isn’t infinite (like it could be in an open network) and it certainly isn’t random. Whales don’t occupy forests, butterflies don’t do arctics, polar bears don’t co-exist well within rainforests.</p><p id="c77f">With ecosystems the boundary is environmental, the community members all thrive within a similar environment. With an eco-network, the boundary is purpose. And the boundary is what holds the community together.</p><h2 id="66e9">The Point of an Eco-Network</h2><p id="04f0">So — ultimately — the main distinction between an ego-network and an eco-network is this — the eco-network exists to support a purpose, not a person or an organization. It supports a broad purpose that is greater than any of the individuals involved, but which benefits all the individuals involved. It’s also a purpose which can’t be served nearly as effectively by individuals (or individual organizations) acting on their own, without the diverse and reciprocal flows of support and information that characterizes an ecosystem.</p><p id="4069">The glue, then, is not ONLY strong personal bonds (as in an ego-network) — though it won’t ever work without a lot of them — it is ALSO an intention that is larger than the personal bonds. It is an intention to be one part of a larger, purposeful, whole. An intention to help develop that whole and the individuals within it in ways that are generative for oneself as well as for the larger purpose.</p><p id="984c">An eco-network, then, has: a purpose; diverse membership; complex reciprocity; multiple ‘centers’ with multiple roles; and a robust and free flow of information, resources, capacity and care to where they are needed most. A flow that both includes and transcends the bonds of personal connection, and that emerge from the interactions.</p><p id="453e">Far from being a popularity contest, an eco-network is a puzzle we can do together. It’s a fun but serious game of learning about fits and flows — about

Options

how to amplify the impact of what each member has to offer. It’s a dance between the individual and the collective, an ever-shifting experiment with order emerging from chaos.</p><h2 id="da50">But So What?</h2><p id="4717">Why do I think any of this matters?</p><p id="41bb">I believe it matters because our imaginations matter. All of our actions and behaviors are driven by and reflect our deepest beliefs and values — and these are all gestated in the womb of our imaginations. What we can’t imagine, we can’t create. And the only way we ever create something new, for which there is no current model, is if we imagine it first. I believe it matters that we pull our imaginations a step past what we already know, do and envision — into a higher level of generative capacity — in a way that affirms and includes everyone, not just the social butterflies.</p><p id="8817">And I believe that if we tease out a clearer understanding of the values and intent of network weaving, if we tempt our imaginations into this fresh, promising new territory, we go further to affirm and generate the kind of world we want to live in together. We affirm that weaving an impactful and resilient change network:</p><ul><li>Is not a contest — it’s more about discerning the right network for ourselves (so we don’t end up like a polar bear in a rainforest), finding our natural place, supporting the flow of nutrients where they need to go, expressing our unique contribution and helping others do all of that as well.</li><li>Means supporting others, whether they’re able to support us or not, serves the overall purpose we’re all trying to promote.</li><li>Requires a lot of different roles, as well as understanding and appreciating the roles that are different from our own.</li><li>Means going beyond developing our own personal relationships, and helping others develop relationships that enhance maximum flow of value throughout the network.</li><li>Requires recognizing and acting on the recognition that there is a limit to how much can be accomplished in a transactional context, and that system change is built on an abundance of relationships across differences.</li></ul><p id="ebb9">Stimulating this kind of understanding and imagination requires many tools and approaches — <a href="https://help.sum-app.net/portal/en/kb/articles/what-is-social-system-mapping">Mapping</a> is the tool Tim and I personally contribute to the puzzle. Powerful, adaptive eco-networks are the shift we’re trying to support.</p><p id="8454">What contributions are you interested in making and to which greater purpose?</p><p id="1780">By <a href="undefined">Christine Capra</a>, March 2018 <i>Originally published at <a href="http://greaterthanthesum.com/not-networking/">greaterthanthesum.com</a></i>.</p><blockquote id="ae3b"><p>In case you liked what you just read and you’re getting value out it, I encourage you to <b>click the 👏 button </b>and <b>hold down to 20–50 claps </b>as this will help concepts and ideas above get more exposure.</p></blockquote><p id="f809"><b>Related:</b></p><div id="5ad0" class="link-block"> <a href="https://readmedium.com/types-of-trust-in-networks-6fd7de879d28"> <div> <div> <h2>Types of trust in high-trust Networks (of Community of Practice kind)</h2> <div><h3>If trust is the glue of a network we can’t have too many honest and authentic discussions about it — by Christine Capra…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*aguSzTEUAI2rFqltiShAgg.jpeg)"></div> </div> </div> </a> </div><div id="2094" class="link-block"> <a href="https://stories.platformdesigntoolkit.com/7-key-platform-design-principles-d84cc78b9218"> <div> <div> <h2>The 7 Key Principles of Platform Design</h2> <div><h3>To design Strategies that mobilize, in the XXIst Century</h3></div> <div><p>stories.platformdesigntoolkit.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*KBo_EgHlsm5LObwH_20egQ.jpeg)"></div> </div> </div> </a> </div><div id="4106" class="link-block"> <a href="https://readmedium.com/networks-are-not-communities-1df2ac5ac6c4"> <div> <div> <h2>Networks are not Communities</h2> <div><h3>by Henry Mintzberg</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*eeRI3JaIW05lwVvM3DCYnA.jpeg)"></div> </div> </div> </a> </div><div id="04e6" class="link-block"> <a href="https://readmedium.com/exploring-the-ecosystem-d03b07448b83"> <div> <div> <h2>Exploring the ecosystem</h2> <div><h3>Reflections from the Network Convergence retreat</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*uskvlPFCIMzpSHOxzsPabg.jpeg)"></div> </div> </div> </a> </div><div id="683e" class="link-block"> <a href="http://workfutures.org/post/178981762658/evolution-of-the-platform-organization"> <div> <div> <h2>Evolution of the Platform Organization</h2> <div><h3>I was recently honored to present a keynote in Qingdao China at the 2nd International Renhanheyi Model Forum, held on…</h3></div> <div><p>workfutures.org</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*8IQVkfRVoJWIJRip)"></div> </div> </div> </a> </div><div id="4ea5" class="link-block"> <a href="https://newnetworkleader.org/"> <div> <div> <h2>The New Network Leader</h2> <div><h3>Four Network Leadership Principles</h3></div> <div><p>newnetworkleader.org</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*pV3j7vJQJd1GcDGd)"></div> </div> </div> </a> </div></article></body>

Automated Deployment of an EC2 Instance with the Latest AWS Linux AMI

ACM.88 Automatically look up latest AWS Linux AMI and use it to Deploy an instance in a VPC with CloudFormation

Part of my series on Automating Cybersecurity Metrics. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In the last post, I wrote about strategies to ensure your resources deploy properly in production by properly testing all affected code paths.

Ensuring Your CloudFormation Scripts Deploy Properly in Production

ACM.87 How one change can affect other working code, leading to unexpected disaster recovery and deployment failures

medium.com

Now we’re going to write some code to obtain the most up-to-date Linux AMI and use it to deploy an EC2 instance with CloudFormation.

An SSH Key for our EC2 instance

We already spent a few posts considering ways to authenticate and log into an EC2 instance and for now, we will use an SSH key. You can follow along with how that key got created and stored in a Secrets Manager secret accessible to one user only starting here (there are multiple posts on the topic):

Automated Creation of an SSH Key for an AWS User

ACM.78 Automated creation of an AWS EC2 SSH key stored in AWS

medium.com

CloudFormation for an EC2 instance

I’m going to give you a script that we can use that I provided to students in class, with a few modifications.

Outputs referenced:

VPC, Subnet, and the SSH Security Group ids from from the corresponding stack outputs. We created this networking in the posts that started here:

Automate Creation of a VPC

ACM.60 Creating an AWS VPC with a CloudFormation template

medium.com

Parameters:

Linux AMI ID: An Amazon Machine Image (AMI) is a VM configuration that you can use to create new VMs. It includes the Operating System, install software, data, and settings.

Username: A username to tag the instance and stack.

Key Name: We are going to create an SSH key for this user and the key name will also be the username. The key name will be reference in the CloudFormation template.

Code: This could be anything like a team, department, or project. It is added to the name of the instance. For example, if every AMI related to a particular project started with the same code or prefix it would be easy to query those instances by name in the AWS console. I’m going to use the code ACM (Automating Cybersecurity Metrics or the name of this blog series).

Instance Type: The AWS instance type which is t4g.small by default but can be overridden.

Note that we are not adding encryption to this AMI here yet — an AWS best practice. Follow along to the next post for that.

About Instance Types and Sizes

Note that at the time of this writing the default instance size used by the template (which you can override) is a T4g small instance.

You can review the different types of virtual machines available on AWS here. As you may recall, for Linux you can choose from Arm or x86. Arm may be cheaper but sometimes when you’re trying to run software that is compiled for x86 you’re going to have challenges. You’ll need to recompile the software or switch to x86.

You can check information in the description that describes the processor to determine if it is arm or x86, but AWS could make this a bit clearer by just spelling our arm or x86 in a consistent way.

Amazon EC2 Instance Types - Amazon Web Services

Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise…

aws.amazon.com

Permissions for the AppDeploy Role

For this framework I’m going to have the AppDeploy role deploy EC2 instances. You can name these roles whatever you want if you don’t like my names, but I’m using AppDeploy to deploy compute resources in the account. Through trial and error I figured out I need these permissions to run our template. Note that we are not going to allow this user to assign a role to an EC2 instance just yet. We don’t even have any roles that can be used with EC2 instances at this time.

VM Functions

I created two functions in my VM functions script.

get_lastest_ami: This function gets the latest AMI. In order to get the latest AMI we need the architecture for the type of AMI we want to retrieve. In my case I default to arm64 if not architecture is set. This will be for Linux type instances and will pull the latest arm64 AMI (until AWS changes their naming conventions).

deploy_vm: In this function, we get the necessary parameters and call the deploy_stack function.

Deploy Script

The deploy script is pretty simple. Get the latest AMI using our get_latest_ami function. Then call deploy_vm with the appropriate parameters.

CloudFormation Template

We’re starting to get a lot of resources in our account. This is where our naming convention comes in handy. We can search on Network-VPC to find the VPCs we created. We want to use the Developer VPC. Click on that stack.

We’re going to get the VPC ID from the outputs as we have been doing all along with our common function in this series.

Using those outputs our template to deploy an EC2 instance ends up looking like this:

For now I’m just naming the instance with the name of the user “Developer” and the AMI ID, the instance type, and AMI ID.

For the outputs I had to leave out InstanceType since it has invalid characters.

If we go check out the EC2 dashboard you can see I had a few failed attempt to deploy my EC2 instance while trying to determine the necessary permissions, but once I figured those out I got my instance running with the correct name.

Next Steps…

In your own organization you will likely create your own AMI that is aligned with your security standards. Out of the gate, AWS EC2 instances are not CIS Benchmarks compliant. If you want to use an EC2 instance that is you can find some in the AWS Marketplace. Make sure you get them from the correct source (The Center for Internet Security) because back in the day I remember that bad actors would try to create images that looked like they were coming from Amazon but they were not.

Center for Internet Security

Starting from $0.02/hr or from $130.00/yr (26% savings) for software + AWS usage fees The CIS AMI for Red Hat…

aws.amazon.com

You can even modify the query above to get the latest CIS benchmarks AMI but I’m not going to do that here — I’ll leave that as an exercise for the reader. :)

In addition we want to encrypt our AMI with our own developer KMS key. That way only our developers that have permission to use that key can access our EC2 instance.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab