Search
Follow me:
Listen on:

Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Security is a top concern when it comes to cloud applications and services.

Given internal configuration errors and external malicious actors, it’s reasonable to assume that at some point your cloud services will be attacked.

What strategies can be applied to make sure the bad actor is trapped and the damage is limited? Let’s discuss.

Guiding us through the dark and dangerous clouds of security is David Redekop, Founder of Adam Networks and Co-founder of Nerds On Site.

We discuss:

  • Default security settings of cloud services and when you need to go beyond those defaults
  • How encryption can stymie traffic inspection
  • The need for egress control in cloud services
  • The complexities of IP-based egress control
  • DNSSEC vs. DNS over HTTPS/TLS
  • Using DNS domains and subdomains to create egress whitelists
  • The role of logging
  • Using tools such as OSquery

Sponsor: Netrounds

Netrounds software performs active testing and monitoring to ensure your business-critical applications and services are running as expected. Get real-time insights for testing, troubleshooting, and SLA monitoring. Find out more at netrounds.com/packetpushers.

Show Links:

DNS over HTTP/S – Wikipedia

osquery from Facebook – Osquery.io

Dnsmasq by Simon Kelly – thekellys.org

Google Transparency Report – Google

David Redekop on Twitter

Adam Networks

Your Host:

Ned Bellavance on Twitter

Ned In The Cloud – Ned’s blog

Join the discussion

Episode 10