#security (2019-06)
Archive: https://archive.sweetops.com/security/
2019-06-07
anyone knows a faster way to setup Vault than described in https://github.com/hashicorp/terraform-aws-vault ?
Fast don’t think so. depend on your target config
2019-06-10
exim have critical vulnerability https://www.exim.org/static/doc/security/CVE-2019-10149.txt
2019-06-13
2019-06-14
Yikes
2019-06-18
2019-06-26
“The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,” it said in a statement to Reuters.
Bahahahahaha, righttttt lol
2019-06-27
Is anybody using an IDS/IPS solution in their AWS environment?
We are currently implementing the whole suite of AWS security related products. Macie, GuardDuty, CIS Foundations with CFN, AWS Config with aggregation, AWS Inspector, AWS Security Hub
We use inspector/guard duty/watch/etc, configs pricings off-putting
Thanks. Have you guys heard of Security Onion? Looks like an interesting option and the new VPC mirroring should help with setting it up
AFAIK Guard Duty does not fully qualify as IDS/IPS
Interesting. If it all shows up in cloudtrail, while it won’t be as user friendly as something like teleport, it seems like it’s not a bad substitute if it doesn’t cost an arm and a leg
Although no kubectl integration -> k8s rbac
EC2 Instance Connect is now available at no additional cost in US East (Ohio and N. Virginia), US West (N. California and Oregon), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, and Tokyo), Canada (Central), EU (Frankfurt, Ireland, London, and Paris), and South America (São Paulo) AWS regions.
this is nice, had to use https://github.com/Netflix/bless in the past to achieve the same thing
Oh wow @btai: I did not know about Bless. This looks cool!
@Blaise Pabon im not sure its worth the hassle anymore because of ec2 connect
but maybe to use internally between apps? I guess that would be what KMS is for (I’m relatively new to AWS)