Defense-In-Depth Archives

Zero-Trust Principles

by Don Bowman | 2020-01-17 | Defense-In-Depth, IT-Modernisation

The principles of zero trust make for improved security. Each component must prove itself to its neighbours. No trust is based on affinity or path. Explore.

Secure Exposed Access: Zero-Trust Legacy Online With High Security and No Work

by Don Bowman | 2020-01-15 | Defense-In-Depth, IT-Modernisation, Multi-Factor Authentication

Somewhere in your basement lurks a challenge. A web application that people need, but you don’t trust. Maybe its your timesheet or vacation planner. Maybe its your HR policies portal. But you know if it meets the Internet that you’ll be in the news. We...

Remove information exposure: nginx banner

by Don Bowman | 2019-12-05 | Defense-In-Depth

Information exposure. Many servers send a helpful banner out with the specific name and version of the software. This can in turn attract low-level attacks that use tools like Shodan.io to find vulnerable hosts. CWE-200 suggests we need to remove the information...

Email Strict Transport Security with MTA-STS

by Don Bowman | 2019-11-01 | Defense-In-Depth

Email security. A complex patchwork. Enable MTA-STS to get strict transport security on your STARTTLS.

Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within

by Don Bowman | 2019-06-10 | Defense-In-Depth, Uncategorized

In the greater Montreal area? Come see me speak tomorrow at Cloud Native Day. The abstraction layers of ‘container’ and ‘helm’ etc often make people not think about the security issues. I run ‘helm install X’ or ‘docker...

Zero-Trust Principles

Secure Exposed Access: Zero-Trust Legacy Online With High Security and No Work

Remove information exposure: nginx banner

Email Strict Transport Security with MTA-STS

Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within

Recent Posts

Recent Comments

Archives

Categories