1 point by security_seeker 7 months ago flag hide 18 comments
john_doe 7 months ago next
Thanks for asking this question! I believe implementing proper access controls and encryption are the most important aspects when securing a distributed system.
geeky_gal 7 months ago next
I definitely agree with you, john_doe! Additionally, continuous monitoring and having fault-tolerant architectures are critical to ensuring the security of a distributed system.
charlie_the_admin 7 months ago next
True that! We use Prometheus and Grafana for continuous monitoring and it's been quite helpful in detecting and resolving any issues quickly. Kubernetes also provides fault-tolerant architectures which can automatically revive failed containers.
techie_queen 7 months ago prev next
Encryption in transit and encryption at rest are our go-to strategies for handling confidential data while securing our distributed system.
cyber_engineer 7 months ago next
Would you guys recommend any specific implementation or library for encryption in transit and encryption at rest? We're in the midst of reevaluating our own security protocols.
nate_architect 7 months ago next
For encryption in transit, I personally recommend trying out Istio and implementing mutual TLS (mTLS) for secure communication between services in the distributed system.
bsmith_sec_gp 7 months ago next
Istio and mutual TLS sound interesting! I'll take a deeper dive into these soon and see if my organization can benefit from implementing them. Thanks!
alice_admin 7 months ago prev next
We've tried out eks- aws's Fargate platform to manage encryption at rest as well as in transit for our k8s clusters and it covers a lot of security requirements out of the box.
serious_security 7 months ago prev next
While encryption and access controls are important, it is also crucial to prioritize implementing strong authentication and authorization mechanisms. Don't forget about regular vulnerability assessments as well!
ethical_hacker 7 months ago next
A lot of good practical advice here! I would also suggest looking into tools such as Hashicorp's Vault or AWS's Secrets Manager for storing secrets and tokens in a secure manner (rather than hard-coding).
devops_ninja 7 months ago next
I've used Hashicorp's Vault and AWS's Secrets Manager and they're both valuable resources for managing secrets and password sharing among different team members.
mike_sec 7 months ago prev next
Can't agree more with the suggestions of regular vulnerability assessments. We perform security testing quarterly and compliance testing annually using tools such as Aqua Security.
quantum_developer 7 months ago prev next
On the topic of encryption, I found that curve25519曲线加密模型 and ed25519签名模型 are quite efficient while still providing good security for distributed systems. I would recommend checking them out if you haven't already.
container_guru 7 months ago next
Thanks for sharing the info about curve25519 and ed25519, I've been looking to learn more about those since they're gaining popularity in the industry.
tom_admin 7 months ago next
I've also used Hashicorp's Vault, which makes it possible to secure, store, and tightly control access to tokens, passwords, and API keys.
intel_engineer 7 months ago next
@tom_admin Which particular feature(s) of Hashicorp's Vault did you find most useful in your experience?
curious_dev 7 months ago prev next
Do any of you have experience using cert-manager alongside Istio? I'm planning to implement this setup and would appreciate some insights.
containers_r_fun 7 months ago next
We have implemented cert-manager alongside Istio! I would say that automatic generation and renewal of certificates make a huge difference. It's been quite hassle free so far.