Dangerous Defaults

Dangerous Defaults
Don’t let your IaC Configurations Drift

Manage configuration drift with IaC: understand, automate, and scan modules for security risks.

Dangerous Defaults
Rooting for Trouble: Unmasking the Perils of Root Access in Containers!

"Unmasking Risks: Running containers as root exposes host files! 🛑 Learn why it's a bad idea with a simple example. #ContainerSecurity #DevOps"

Dangerous Defaults
Dangerous Defaults # 3 - Rules overwriting each other

Terraform has an interesting quirk. Security groups can be defined inline using 2 different methods. Like in Ghostbusters, you should never cross stream. Mixing methods might be valid but it causes unexpected security settings. CoGuard is the only IaC scanner that identifies the overwritten rules sets.

Dangerous Defaults
Dangerous Defaults # 1 - AWS VPC and VPNs with No Backups Enabled

We evaluate the configuration for setting up AWS GPU VPC and VPNs using CoGuard, Snyk and KICS #aws #cloudformation #iac #config #backups #configuration

Dangerous Defaults
Dangerous Defaults # 2 - MSK choose Uptime or Data Integrity

Default configurations for PaaS providers maybe different than the default cofigurations for the same applications in a Docker container. We use three different IaC configuration scanners to identify configuration settings including a tradeoff data integrity vs uptime in Amazon MSK. #iac #aws #kafka #config

© 2021-2024 All rights reserved Heinle Solutions Inc.