There can be times when you’re working on the AWS Cloud where you need to grant limited access to your account to a third-party. For example:
In each of these cases you likely want to grant the permissions the third-party needs but no more. In other words, no granting of AdministratorAccess
policies because it’s easy and just works. Instead, adherence to the principle of least privilege.
This post will describe two methods–IAM users and IAM roles–for proving limited access to third-parties.
The big difference with the IAM user approach vs the role-based approach is the way the credentials for each entity are handed out.
IAM users have long-term credentials that only change by a manual action (either the user or an administrator changes the credentials). Those credentials will continue to provide access to the account until they’re either changed or the user is disabled/deleted.
By contrast, roles Continue reading
About a month ago, we published a VMworld security guide with shortlisted 100 to 300 level sessions that best illustrate real-world application of our products. This time, we’ll be focusing on two networking and security keynotes. The first keynote will highlight how VMware’s single-stack, complete networking and security platform can achieve a consistent operational network fabric for hybrid cloud environments, and the second keynote will focus on how users can leverage existing VMware infrastructure to implement a more effective, intrinsic security.
In addition, you will have a shot at winning Bose headphones simply by attending each event. Although chances are slim (1250 times harder to win both as opposed to just one), duplicate winners will be acknowledged so if you are looking for a present for yourself and a significant other, make sure to register and save on your yearly bonus! Winners will be announced at the end of each keynote, so make sure to stay until the end!
There has never been a more exciting and challenging time in the networking space. As the cloud, application developers, IoT, Continue reading
Huawei earned itself another narrow and temporary reprieve from a blanket ban against doing...
SDxCentral spoke with Cisco and F5 Networks about their companies’ complementary approaches and...
It also directly competes against CDN firms like Akamai, Limelight, and Fastly, which went public...
Cisco’s China revenue dropped 25% on an annualized basis in the fourth quarter.
Hear from Valtix CEO Vishal Jain and is his take on cloud security today, where it’s going, and...
Application security is changing the role of virtual administrators and expanding their job...
YOU'LL LIKELY SHAKE YOUR HEAD WHEN YOU SEE TELNET AVAILABLE, NORMALLY SEEN ON THIS PORT
pre-1988 it was 25, but you had to type DEBUG after connecting ?— pukingmonkey? (@pukingmonkey) August 10, 2019
I just got back from my first Black Hat and it was an interesting experience. It was crazy to see three completely different security-focused events going on in town all at once. There was Black Hat, B-Sides Las Vegas, and DEFCON all within the space of a day or so of each other. People were flowing back and forth between them all and it was quite amazing.
A wanted to share a few quick thoughts about the event from my perspective being a first timer.
Today we’re launching Certificate Transparency Monitoring (my summer project as an intern!) to help customers spot malicious certificates. If you opt into CT Monitoring, we’ll send you an email whenever a certificate is issued for one of your domains. We crawl all public logs to find these certificates quickly. CT Monitoring is available now in public beta and can be enabled in the Crypto Tab of the Cloudflare dashboard.
Most web browsers include a lock icon in the address bar. This icon is actually a button — if you’re a security advocate or a compulsive clicker (I’m both), you’ve probably clicked it before! Here’s what happens when you do just that in Google Chrome:
This seems like good news. The Cloudflare blog has presented a valid certificate, your data is private, and everything is secure. But what does this actually mean?
Your browser is performing some behind-the-scenes work to keep you safe. When you request a website (say, cloudflare.com), the website should present a certificate that proves its identity. This certificate is like a stamp of approval: it says that your connection is secure. In other words, the certificate proves that content was not intercepted or Continue reading
Dynatrace raised $544 million in its initial public offering (IPO) today, selling 35.6 million...
It’s essentially pocket change for the vendor — Cisco CEO Chuck Robbin’s house sold for...
The Cloud Paks allow IBM software to run across major public cloud providers like Amazon Web...
Both companies announced new SD-WAN capabilities leveraging universal customer premises...
“Before us, backup data was just an expensive insurance policy. We are the first ones to make...
The vendor first started talking about Connected Security earlier this year. It involves a layered...
Check out my latest book co-authored with my colleagues Gilles Chekroun (@twgilles) and Nico Vibert (@nic972) on VMware NSX networking and security in VMware Cloud on AWS. Thank you Tom Gillis (@_tomgillis), Senior Vice President/General Manager, Networking and Security Business Unit for writing the foreword and providing some great insight.
I’ve been very fortunate to have the opportunity to publish my second VMware Press book. My first book was VMware NSX Multi-site Solutions and Cross-vCenter NSX Design: Day 1 Guide. This book was focused very much on NSX on prem and across multiple sites. In my latest book with Gilles and Nico, the focus was on NSX networking and security in the cloud and cloud/hybrid cloud solutions.
You can download the free ebook here:
In this book you’ll learn how VMware Cloud on AWS with NSX networking and security provides a robust cloud/hybrid cloud solution. With VMware Cloud on AWS extending or moving to the cloud is no longer a daunting task. In this book, we discuss use cases and solutions while also providing a detailed walkthrough of Continue reading
There are billions of reasons why network security needs to be pushed to the edge, and Netskope is...