Security is a very important consideration when running your custom middleware applications. The internet can be an unfriendly place.
Sometimes middleware users have a requirement for their software to run in a “‘disconnected” environment, which is one where the network is not routed to addresses outside the one the local node is on—in other words, no internet.
Continue reading “Using .NET Core in a “Disconnected” Environment”
Red Hat Summit 2018 will focus on modern application development. A critical part of modern application development is of course securing your applications and services. Things were challenging when you only needed to secure a single monolithic application. In a modern application landscape, you’re probably looking at building microservices and possibly exposing application services and APIs outside the boundaries of your enterprise. In order to deploy cloud-native applications and microservices you must be able to secure them. You might be faced with the challenge of securing both applications and back-end services accessed by mobile devices while using third party identity providers like social networks. Fortunately, Red Hat Summit 2018 has a number of developer-oriented sessions where you can learn how to secure your applications and services, integrate single-sign on, and manage your APIs. Session highlights include:
Continue reading “Red Hat Summit 2018: Develop Secure Apps and Services”
At Red Hat Mobile we understand the need for a flexible product that enables our customers to integrate with the tools they need to build their current and future applications. Our position as a leading contributor to the Kubernetes project ensures that the Red Hat OpenShift Container Platform offers this tremendous flexibility to customers and end users.
Red Hat Mobile also supports highly flexible integrations to a range of 3rd party services and products. In this article, we’ll demonstrate how Red Hat Mobile v4 and OpenShift v3 enable customers to rapidly deploy and secure their mobile applications by integrating with a third party product provided by Intercede. We’ll be using Intercede’s RapID product to enable two-way TLS (often referred to as Client Certificate Authentication or CCA) for our mobile application.
Continue reading “Integrating Intercede RapID with Red Hat Mobile and OpenShift”
In a few weeks, the Fast Datapath Production channel will update the Open vSwitch version from the 2.7 series to the 2.9 series. This is an important change in more ways than one. A wealth of new features and fixes all related to packet movement will come into play. One that will surely be blamed for all your troubles will be the integration of the `–ovs-user` flag to allow for an unprivileged user to interact with Open vSwitch.
Running as root can solve a lot of pesky problems. Want to write to an arbitrary file? No problem. Want to load kernel modules? Go for it! Want to sniff packets on the wire? Have a packet dump. All of these are great when the person commanding the computer is the rightful owner. But the moment the person in front of the keyboard isn’t the rightful owner, problems occur.
Continue reading “Non-root Open vSwitch in RHEL”
Did you know that when you compile your C or C++ programs, GCC will not enable all exceptions by default? Do you know which build flags you need to specify in order to obtain the same level of security hardening that GNU/Linux distributions use (such as Red Hat Enterprise Linux and Fedora)? This article walks through a list of recommended build flags.
The GNU-based toolchain in Red Hat Enterprise Linux and Fedora (consisting of GCC programs such as
g++, and Binutils programs such as
ld) are very close to upstream defaults in terms of build flags. For historical reasons, the GCC and Binutils upstream projects do not enable optimization or any security hardening by default. While some aspects of the default settings can be changed when building GCC and Binutils from source, the toolchain we supply in our RPM builds does not do this. We only align the architecture selection to the minimum architecture level required by the distribution.
Consequently, developers need to pay attention to build flags, and manage them according to the needs of their project for optimization, level of warning and error detection, and security hardening.
Continue reading “Recommended compiler and linker flags for GCC”
In my last article, I wrote about how API Management and Identity Management can work together in a complementary fashion to secure and manage the services/endpoints which applications expose as APIs. In that article I covered how Red Hat 3scale API Management can be used to integrate an identity manager, in addition to providing API management functions such as rate limiting and throttling.
Continue reading 3Scale by Red Hat Integration with ForgeRock using OpenID Connect
On behalf of the selection teams for Modern Application Development, I am pleased to share this exciting, dynamic, and diverse set of developer-related breakouts, workshops, BoFs, and labs for Red Hat Summit 2018.
With these 61+ sessions listed below, we believe that every attending application developer will come away with a strong understanding of where Red Hat is headed in this app dev space, and obtain a good foundation for tackling that next generation of apps. Encompassing various aspects of Modern App Dev, some sub-topics we’ve focused on are around microservices, service mesh, security and AI/ML, plus there is a large collection of complementary and related topics.
So…if you’re an application developer, we invite you to attend Red Hat Summit 2018 and experience the code first hand. There’s something for everyone and definitely something for you. Register today.
Great talks don’t happen without great speakers, and we feel really privileged to have these popular, high-in-demand speakers:
Continue reading “Red Hat Summit 2018 to focus on Modern App Development”
Previously I did a post on Securing AMQ7 Routers with SSL. This post will expand upon that and explain how to secure JBoss AMQ7 Brokers with SSL and how to connect the routers and brokers with SSL as well.
Continue reading “Securing AMQ7 Brokers with SSL (part 2)”
In previous versions of JBoss EAP, the primary method of securely storing credentials and other sensitive strings was to use a password vault. A password vault stopped you from having to save passwords and other sensitive strings in plain text within the JBoss EAP configuration files.
However, a password vault has a few drawbacks. For example, each JBoss EAP server can only use one password vault, and all management of the password vault has to be done with an external tool.
Continue reading “New with JBoss EAP 7.1: Credential Store”
It has long been recognized that unconstrained growth of memory usage constitutes a potential denial of service vulnerability. Qualys has shown that such unconstrained growth can be combined with other vulnerabilities and exploited in ways that are more serious.
Continue reading “Stack Clash Mitigation in GCC — Background”