Defense-In-Depth

Defense-In-Depth

Defense In Depth. Don’t spend all your effort on a single moat around the castle, assume each layer of defense will be breached, and have a fallback defensive position.

How phishing negates your firewall

Your corporate firewall. That invulnerable bastion that lets you fearlessly run less-than-secure internal tools like a CRM, a Finance portal. But, is it really invulnerable? Or is it a paper wall at best? We look at how Cross-Site-Scripting vulnerabilities, known session ID cookies or access tokens can allow content from the world to pierce it as if it were not there. We do this using the weakest link: you.

Logging real remote address with Nginx and Lua

For audit, security, tracing, we want the origin IP logged. Load-balancers can mask this. Learn how to log the true client IP from nginx with lua, when that nginx is behind a load-balancer (reverse proxy)