“Gentoo in production?” Oh no, not again…
I think it is that time of the year again, where people get some crazy ideas. Again I discussed the what must be the gazillion-th time I’ve been asked “Do you think Gentoo is ripe for use in...
View ArticleMitigating risks, part 1
We are running Foobar 2.0 on Tomcat 4. We know that Tomcat 4 isn’t supported, but hey – our (internal) customer is happy that the Foobar application works and would like to keep it that way. Upgrading...
View ArticleMitigating risks, part 2 – service isolation
Internet: absolute communication, absolute isolation ~Paul Carvel The quote might be ripped out of its context completely, since it wasn’t made when talking about risks and the assurance you might...
View ArticleMitigating risks, part 3 – hardening
While I’m writing this post, my neighbor is shouting. He’s shouting so hard, that I was almost writing with CAPS on to make sure you could read me. But don’t worry, he’s not fighting – it is how he...
View ArticleMitigating risks, part 4 – Mandatory Access Control
I’ve talked about service isolation earlier and the risks that it helps to mitigate. However, many applications still run as highly privileged accounts, or can be abused to execute more functions than...
View ArticleMitigating risks, part 5 – application firewalls
The last isolation-related aspect on risk mitigation is called application firewalls. Like more “regular” firewalls, its purpose is to be put in front of a service, controlling which data/connections...
View Articlenginx as reverse SMTP proxy
I’ve noticed that not that many resources are online telling you how you can use nginx as a reverse SMTP proxy. Using a reverse SMTP proxy makes sense even if you have just one mail server back-end,...
View ArticleMitigating DDoS attacks
Lately, DDoS attacks have been in the news more than I was hoping for. It seems that the botnets or other methods that are used to generate high-volume traffic to a legitimate service are becoming...
View Article
