Search
Follow me:
Listen on:

Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Episode 10

Play episode

Security is a top concern when it comes to cloud applications and services.

Given internal configuration errors and external malicious actors, it’s reasonable to assume that at some point your cloud services will be attacked.

What strategies can be applied to make sure the bad actor is trapped and the damage is limited? Let’s discuss.

Guiding us through the dark and dangerous clouds of security is David Redekop, Founder of Adam Networks and Co-founder of Nerds On Site.

We discuss:

  • Default security settings of cloud services and when you need to go beyond those defaults
  • How encryption can stymie traffic inspection
  • The need for egress control in cloud services
  • The complexities of IP-based egress control
  • DNSSEC vs. DNS over HTTPS/TLS
  • Using DNS domains and subdomains to create egress whitelists
  • The role of logging
  • Using tools such as OSquery

Sponsor: Netrounds

Netrounds software performs active testing and monitoring to ensure your business-critical applications and services are running as expected. Get real-time insights for testing, troubleshooting, and SLA monitoring. Find out more at netrounds.com/packetpushers.

Show Links:

DNS over HTTP/S – Wikipedia

osquery from Facebook – Osquery.io

Dnsmasq by Simon Kelly – thekellys.org

Google Transparency Report – Google

David Redekop on Twitter

Adam Networks

Your Host:

Ned Bellavance on Twitter

Ned In The Cloud – Ned’s blog

Join the discussion

More from this show

Day Two Cloud 164: DevSecOps Is A Real Thing

Today on the Day Two Cloud podcast, we talk DevSecOps and how it's more than just a marketing term. We also discuss Infrastructure as Code (IaC) and IT as Code and what that actually means for operations folks. It doesn't mean you have to write code all...

Episode 10