Life
Dependency Vulnerabilities: The Cost of Constant Updates
Managing software dependencies carries a continuous burden and security risk in today's software world. In this post, I explore the technical and financial.
#güvenlik
13 posts found.
Tutorials
RBAC or ABAC: Which Authorization Model?
Comparing RBAC and ABAC among authorization models. Which is more suitable for which scenario, based on my production environment experiences...
Technology
OSPF/IS-IS Authentication: Block Rogue Neighbors in the Routing Domain
Reducing the risk of rogue neighbors and route injection in the routing domain through OSPF/IS-IS authentication, key rotation, and control-plane hardening.
Tutorials
Reducing Layer-2 Insider Threats on Switches with DHCP Snooping + DAI
A staged playbook for rolling out DHCP Snooping, DAI, and IP Source Guard on access networks to defend against rogue DHCP, ARP spoofing, and IP impersonation.
Tutorials
Kubernetes Pod-to-Pod Network Policies Battles: Securing the Mesh…
Learn step by step how to secure pod-to-pod network communication in Kubernetes with Network Policies. A detailed guide with examples.
Tutorials
Secure Network Device Monitoring with SNMPv3: Auth, Encryption, ACL
A guide to leaving SNMPv2c community strings behind and making network device monitoring secure and operable with SNMPv3 authPriv, views and ACLs.
Technology
Jump-Host-Free Management Corridor in ERP Infrastructures
An enterprise access architecture that manages privileged access without depending on a single jump server.
Technology
Privileged Access Segmentation in ERP Systems
A network and access segmentation approach that reduces standing broad permissions when administering ERP core systems.
Technology
Out-of-Band Management Plane in Enterprise Networks
An out-of-band design approach that separates management access from production traffic on critical network and server infrastructures.
Tutorials
Gradually Tightening Kubernetes Network Policies with Cilium
A guide to moving Kubernetes network policy from observability into enforced control without breaking production.
Technology
Designing a Landing Zone in the Hybrid Cloud
A landing zone approach for getting network, security, and governance right from day one in enterprise cloud migrations.
Technology
Enterprise Defence with Zero Trust Network Segmentation
An observable and actionable Zero Trust segmentation approach that reduces lateral movement on enterprise networks.
Tutorials
Immutable Infrastructure Discipline on Linux Servers
An approach for moving server configuration out of manual labour and into a safe, repeatable automation flow.