* Posts by Ptothgriffiths

3 publicly visible posts • joined 13 Jan 2022

Why securing East-West network traffic is so important – and how it can be done


Re: bad example

You can also do E-W security with an overlay network. I work on an open source one which does this. In fact, you can embed it in an app using an SDK and not even trust the host OS network.

Jenkins warns of security holes in these 25 plugins


Fully agreed. We did similar, used the open source technology my company created to make our Jenkins invisible to the internet. Outbound only connectivity. We used webhooks with embedded zero trust SDKs to connect it to any external public resources (e.g., GitHub).

Open source isn't the security problem – misusing it is


If every cloud server is dark with all inbound ports close, do we care about Log4shell?

If we embed private, zero trust connectivity embedded into applications and systems using open source components then we can close all inbound ports while ensuring transparency to users. This disrupts the Reconnaissance and Initial Access Tactics (as defined by MITRE ATT&CK) of malicious actors as well as restricting lateral movement - external network-level attacks (CVE or zero day exploit, DDoS, brute force etc) become all but impossible.