Influencing ingress BGP routing using communities and local preference
Posted on October 19, 2021, Level advanced Resource Length long
Border Gateway Protocol (BGP) is an enormous protocol with a nearly endless list of features, knobs and capabilities. BGP's mechanism for choosing the best path is complex but also well known. You should brush up on that algorithm if you're out of practice. By Nicholas Russo.
SSH tunneling explained
Posted on October 18, 2021, Level beginner Resource Length medium
In this post author will cover different tunneling features as supported by OpenSSH, which helps achieve security use cases such as remote web service access without exposing port on the internet, accessing server behind NAT, exposing local port to the internet. OpenSSH is the most widely used open-source SSH server. It comes pre-installed by default with the vast majority of Linux distributions. By Sakshyam Shah.
The state of security operations: How SOCs changed in 2021
Posted on October 17, 2021, Level beginner Resource Length medium
Security operations has seen non-stop evolution and growth for many years, but the past 18 months has been particularly impactful on security operations teams. In addition to the drastic transformation brought on by the COVID-19 pandemic, there have also been some significant breaches that have shifted perspectives and highlighted some key areas of concern. By pwheiler.
Tags cio learning infosec miscellaneous
AWS WAF and CloudFront: How to use them together
Posted on October 5, 2021, Level intermediate Resource Length medium
Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users. By Peter Grainger.
12 critical resources to help you learn DevSecOps
Posted on October 3, 2021, Level intermediate Resource Length short
Whether you are a seasoned DevOps engineer who wants to branch out to DevSecOps, or you're just starting your career and defining your direction, there has perhaps never been a better time to enter the DevSecOps career field or learn about cloud native security. By Maor Goldberg.
Tags learning devops infosec containers
Authenticated boot and disk encryption on Linux
Posted on September 28, 2021, Level advanced Resource Length long
Linux has been supporting Full Disk Encryption (FDE) and technologies such as UEFI SecureBoot and TPMs for a long time. However, the way they are set up by most distributions is not as secure as they should be, and in some ways quite frankly weird. In fact, right now, your data is probably more secure if stored on current ChromeOS, Android, Windows or MacOS devices, than it is on typical Linux distributions. By Pid Eins.
How to create a self-signed SSL certificate for Nginx in Ubuntu 20.04
Posted on September 24, 2021, Level intermediate Resource Length long
TLS, or transport layer security, and its predecessor SSL, which stands for secure sockets layer, are web protocols used to protect and encrypt traffic over a computer network. By Brian Boucheron and Jeanelle Horcasitas.
Top 4 cloud native application architecture principles
Posted on September 12, 2021, Level beginner Resource Length short
Cloud Native Applications are independent services, collectively but loosely coupled. Cloud native development is an approach to build quality apps. It is efficient as Cloud native development focuses on architecture's modularity. We need DevOps, Microservices and Containers for cloud native. By AnAr Corporate.
Top 10 common types of network security attacks explained
Posted on September 10, 2021, Level beginner Resource Length medium
Network security attacks have gained momentum over the past years, which highlights the need for network defenders. Learn more about network security attacks and their types. By CISOMAG.
Tags cloud infosec devops cio app-development
Introduction to OWASP top 10 2021
Posted on September 9, 2021, Level beginner Resource Length medium
Welcome to the latest installment of the OWASP Top 10! The OWASP Top 10 2021 is all-new, with a new graphic design and an available one-page infographic you can print or obtain from our home page. By @owasp.
Tags cloud infosec devops cio app-development
Administrator's guide: What makes passwordless, dare we say it, phish-proof?
Posted on August 31, 2021, Level beginner Resource Length medium
In some ways, the term "passwordless" is a misnomer. Yes, it's a password-less authentication method, greatly streamlining the login experience, and while that's a great incentive to use passwordless for logging in, it's not an improvement in authentication security in and of itself. By Jeremy Erickson.
Microsoft, Google to invest $30 billion in cybersecurity over next 5 years
Posted on August 26, 2021, Level beginner Resource Length short
Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide. Ravie Lakshmanan.