Defense-In-Depth / Page 2


Defense In Depth. Don’t spend all your effort on a single moat around the castle, assume each layer of defense will be breached, and have a fallback defensive position.

How phishing negates your firewall

Your corporate firewall. That invulnerable bastion that lets you fearlessly run less-than-secure internal tools like a CRM, a Finance portal. But, is it really invulnerable? Or is it a paper wall at best? We look at how Cross-Site-Scripting vulnerabilities, known session ID cookies or access tokens can allow content from the world to pierce it as if it were not there. We do this using the weakest link: you.

Logging real remote address with Nginx and Lua

For audit, security, tracing, we want the origin IP logged. Load-balancers can mask this. Learn how to log the true client IP from nginx with lua, when that nginx is behind a load-balancer (reverse proxy)

Covert Exfiltration, Cloud Native

Your virtual-private-cloud private IP setup still has access to key API’s such as storage and messaging. Have you considered exfiltration through these?