#security (2024-02)

Archive: https://archive.sweetops.com/security/

2024-02-06

Juan Soto avatar
Juan Soto
01:58:25 AM

Hey everyone! Given that 3DES ciphers are susceptible to SWEET32 attacks, I’m on a mission to secure our CloudFront domains. However, I’ve hit a snag: the most up-to-date security policy I can apply is TLSv1.2, which, to my surprise, still supports 3DES. Does anyone know if there’s a method to exclude 3DES ciphers from CloudFront? Alternatively, is there a way to customize the security policy manually? Appreciate any insights or guidance!

venkata.mutyala avatar
venkata.mutyala
02:52:40 AM

https://aws.amazon.com/about-aws/whats-new/2017/09/amazon-cloudfront-now-lets-you-se[…]mum-tls-v1_1-1_2-and-security-ciphers-for-viewer-connections/

...with this feature, you can select the security policy that enforces TLS version 1.1 and weak ciphers such as RC4 and 3DES will automatically be excluded...
venkata.mutyala avatar
venkata.mutyala
02:52:47 AM

^ Hope it helps.

2024-02-07

2024-02-12

gyoza avatar
gyoza
10:23:44 PM

yoo anybody know any good alternative to Weaveworks Ignite Firecracker vm – that has docker images lol (Weaveworks is shutting down apparently)

Alanis Swanepoel avatar
Alanis Swanepoel
04:50:50 AM

https://firecracker-microvm.github.io

2024-02-13

2024-02-26

Kamil avatar
Kamil
09:03:24 AM

Hi Everyone! Does anyone know a good alternative to freeipa? Is freeipa the best for managing access to Linux machines?

    keyboard_arrow_up