Archive for the ‘security’ Category
Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document [pdf] containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead theDocker Security […]
Filed under: Docker, InfoQ news, security | Leave a Comment
Tags: benchmark, CIS, Docker, Linux, security
At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. […]
Filed under: cloud, InfoQ news, security | 2 Comments
Tags: amazon, aws, cloud, encryption, HSM, KMS, security
Netflix have announced the release of the Message Security Layer protocol (MSL), which they describe as ‘A Modern Take on Securing Communication’. The project is available on github under the Apache 2.0 license, with implementations in Java and JavaScript. The high level goals of the protocol are to improve performance, be cross language, flexible and extensible, […]
Filed under: InfoQ news, security | Leave a Comment
Tags: MSL, Netflix, open source, PKI, SSL, tls
CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling […]
Filed under: InfoQ news, security | Leave a Comment
Tags: CA, CDN, certificate, CloudFlare, security, SSL, tls, web
This post originally appeared on the CohesiveFT blog The Docker subsystem available since version 3.5 allows additional virtualized network functions (VNFs) to be run on VNS3. I’ve previously written about using this capability for content caching, SSL termination and load balancing. This time I’ll cover using it as a network intrusion detection system (NIDS). Introducing Suricata […]
Filed under: CohesiveFT, Docker, networking, security | 1 Comment
Tags: Docker, intrusion, NIDS, rules, Snort, Suricata, VNS3
This was a warm up for a presentation I’ll be doing at AppSec USA later in the year. I got some good feedback on the night, but if you have more then please make a comment below.
Filed under: CohesiveFT, Docker, presentation, security | Leave a Comment
Tags: Chicago, DevOps, Docker, meetup, security
The dust is starting to settle now in the wake of Heartbleed[1] – those that are going to fix it have already, other servers that are suffering from the issue will remain vulnerable for years to come. It’s time now for reflection, so here’s mine. I was on a family vacation when Heartbleed was announced, and […]
Filed under: CohesiveFT, security | Leave a Comment
Tags: Heartbleed, IoT, OpenSSL, security, SSL, tls, vulnerability
Update (13 Mar 2014) – this presentation is also available on YouTube I did a presentation at the open source hardware users group (OSHUG) last night. Click to the second slide to get the TL;DR version: With more time I’d like to get some quantitative material on the memory footprint of various cipher suites and […]
Filed under: Arduino, BeagleBone, presentation, Raspberry Pi, security | 1 Comment
Tags: arduino, ARM, BeagleBone, encryption, IPSEC, keys, Raspberry Pi, RPi, security, SSH, SSL, tls
I got an email from my bank yesterday telling me that they’re rolling out two factor authentication (2FA) to protect their my money from fraudsters. It looks like a pretty standard one time password (OTP) based scheme that will have a choice between mobile and physical tokens. They’re being pretty inflexible about the deployment model […]
Filed under: identity, security | 2 Comments
Tags: 2FA, banking, identity, NFC, online, OTP, security, twitter, user experience, UX
Chris Swan's Weblog 