Security on Sandro Cirulli

Assess EKS Security with kube-bench

Wed, 31 Mar 2021 00:00:00 +0000

I wrote a post on The Scale Factory blog on how to assess EKS security with kube-bench. The blog post is also available on Medium.

Cloud Natives UK Meetup

Tue, 30 Mar 2021 00:00:00 +0000

Image: Meetup LCC ©

I recently gave a lightning talk on assessing EKS security with kube-bench at Cloud Natives UK, a joint virtual event being put together by the Cloud Native groups in Manchester, Wales, Glasgow, and Edinburgh, representing the cloud native communities from each of the countries in mainland UK. This was a shorter but updated version of the talk I gave at the end of last year at two AWS User Group meetups. The slides are available here and a recording of the event is available on YouTube. It was a very slick and well organized event (kudos to the organizers!) with very interesting presentations so check out the whole even on YouTube if you missed it.

How I Passed the AWS Security Specialty Exam

Mon, 01 Feb 2021 00:00:00 +0000

Image: Amazon Web Services, Inc. ©

I wrote a post on The Scale Factory blog on how I passed the AWS Security Specialty exam. The blog post is also available on Medium.

How to Set Up a Site-to-Site VPN Connection

Mon, 01 Feb 2021 00:00:00 +0000

Image: The Scale Factory ©

I wrote a post on The Scale Factory blog on how to set up an AWS Site-to-Site VPN connection. The blog post is also available on Medium.

AWS User Group Meetups

Sun, 11 Oct 2020 00:00:00 +0000

Image: Meetup LCC ©

I recently gave a talk on assessing EKS security with kube-bench at two AWS User Group meetups, namely at AWS User Group Liverpool on 26th October 2020 and at Cambridge AWS User Group on 10th November 2020. These were two online events and the organisers and the audience were very friendly as you would expect from a good meetup! The slides are available here.

How to Encrypt and Decrypt Emails and Files

Sat, 23 Jun 2018 00:00:00 +0000

Image: Richard Patterson CC BY 2.0

Somewhere I read that sending unencrypted email is like sending postcards: anyone can potentially read them. This is not nice for privacy but becomes very dangerous when the content of the email or attached files contains secrets like passwords, access keys, etc. Anyone who can get hold of your email can also potentially access your systems.

For sending encrypted email I generally use Enigmail which is data encryption and decryption extension for the Thunderbird email client. I also used Mailvelope which is an add-on for Firefox and Chrome allowing to integrate encryption in webmail providers such as Gmail, Outlook, etc. These tools simplify the encryption/decryption process, especially if you are not familiar with it.

How to force HTTPS on Apache

Sun, 23 Oct 2016 00:00:00 +0000

I recently added an SSL certificate to this website. I used Let’s Encrypt which is an awesome initiative to increase the use of HTTPS in websites by making SSL certificates free and easy to install.

My web hosting provider offers Let’s Encrypt certificates via cPanel so installing one for my website was as easy as clicking few buttons. If you are not that lucky, Let’s Encrypt provides instructions to install certificates via the shell as well as a list of hosting providers supporting Let’s Encrypt.

CD Summit and Jenkins Days 2016

Tue, 04 Oct 2016 00:00:00 +0000

Image: DevOps Connect ©

This week I’m giving a talk about Continuous Security with Jenkins, Docker Bench, and Amazon Inspector at CD Summit & Jenkins Days in Amsterdam and in Berlin. CD Summit & Jenkins Days are a series of conferences in the US and in Europe focusing on Continuous Integration (CI) and Continuous Delivery (CD).

This is the abstract of my talk:

Continuous Security with Jenkins and Amazon Inspector

Sat, 01 Oct 2016 00:00:00 +0000

Amazon Inspector is an automated security assessment service on Amazon Web Services (AWS). It allows to identify security vulnerabilities at operating system and network levels by scanning the host against a knowledge base of security best practices and rules.

I recently integrated Amazon Inspector to run in a Jenkins job so that security testing can be automated and performed prior to deployment to production.

Continuous Security with Jenkins and Docker Bench

Wed, 31 Aug 2016 00:00:00 +0000

Image: Docker Bench - Apache 2.0 License

Docker Bench is an open source tool for automatically validating the configuration of a host running Docker containers. The tool has been written among others by Diogo Mónica, security lead at Docker, and performs security checks at the container level following Docker’s CIS Benchmark recommendations.

As you would expect, the easiest way to run Docker Bench is via a Docker container. Just make sure you have Docker 1.10 or better, download the Docker image:

My deny list of IP addresses

Sun, 06 Mar 2016 00:00:00 +0000

Image: GotCredit - CC BY 2.0 Deed

I monitor few websites for friends and had to configure security modules in order to prevent brute force attacks and breaches in the admin interface of the website. For CMS like WordPress and Drupal there are some good security modules like Solid Security (formerly iThemesSecurity), Security Review, and Login Security. These modules improve the security of a website by limiting the number of failed login attempts and blocking the suspicious IP address.

How to install and update KeePass

Mon, 03 Aug 2015 00:00:00 +0000

Image: Christopher Bolin (original), Minoa (vectorisation), GPL License

KeePass is one of my favourite software. It is a password manager which allows to store secure passwords and forget about them. All you need to do is to remember one single (strong) password to open the software and that’s it. Considering the amount of passwords one has to remember these days, there is a bad tendency to use weak memorable passwords – or even worse always the same password! KeePass is good choice since it is cross-platform, uses strong encryption algorithms, and can store data offline.