Cloud Detection & Response at Google. Author of https://t.co/8L5ldboPQ2.
Dec 10, 2018 • 11 tweets • 3 min read
Five years ago, my security reviews were full of mitigations mostly abandoned today: selinux, ddos protection, ids, etc. Not that they were bad, but cloud infrastructure and containers have matured way beyond what we could foresee back then, and we're better off.
For example, I advocated using HAProxy in AWS for better rate limiting and ip blacklisting. I even wrote a long doc on how to do it github.com/jvehent/haprox…. We never used it, mostly because scaling out is generally cheaper and simpler, then straight to cloudflare-type offerings.