Showing results for tag Security

Block Log4Shell attacks with Gloo Edge

Headlines have screamed “The Internet’s on fire” since the Log4Shell zero-day vulnerability CVE-2021-44228 emerged. It has been rated with a Critical CVSS score of 10 (out of 10). TechCrunch reports that numerous Big Tech systems are vulnerable. The root cause is an issue in the commonly used open-source Java library Log4j. Many enterprise developers (including yours […]

Jim Barton | December 14, 2021
Read More

The New Stack – Secure Your Service Mesh: A 13-Item Checklist

Solo customers always rank security as one of the top criteria for evaluating solutions. When you need to decide whether to go with open-source Istio, Gloo Mesh Enterprise, or another offering, use our service mesh security checklist to help you make the smart choice. This article originally appeared on The New Stack. “Organizations worldwide are […]

Nikki Rouda | August 11, 2021
Read More

[Tutorial] Crush CSRF Attacks with Gloo Edge

Shield your applications from session-riding, Cross-Site Request Forgery attacks.   According to OWASP: “Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an […]

Jim Barton | January 11, 2021
Read More

Multi-Cluster Service Mesh Role-Based-Access-Control

In the previous posts, we covered how Gloo Mesh (previous known as Service Mesh Hub) makes it easy to federate the identity across clusters to allow cross-cluster communication, failover and access control based on policies. RBAC in Kubernetes In large organizations, several teams are using the same Kubernetes cluster. They use Kubernetes RBAC to define who can […]

Denis Jannot | November 12, 2020
Read More

Advanced Authentication Workflows with OpenID Connect using Gloo API Gateway – Part 2

In the previous Blog post, we covered how Gloo can be used to authenticate users with OIDC and how it can process the JWT token returned by the identity provider. The JWT token was stored as a cookie in the web browser and sent with each HTTP request as a header. We configured Gloo to […]

Denis Jannot | November 9, 2020
Read More

Multi-cluster global access control for Kubernetes and Service Mesh

In this blog series, we will dig into specific challenge areas for multi-cluster Kubernetes and service mesh architecture, considerations and approaches in solving them. In a previous blog post we covered Identity Federation for Multi-Cluster Kubernetes and Service Mesh which is the foundation for multi-cluster global access control. We explained how to setup each Istio cluster with a different […]

Denis Jannot | October 19, 2020
Read More

Zero Trust Application Networking with Envoy Proxy

Security is an evergreen requirement for any system, and in recent years, the concept of Zero Trust has gained in popularity as a different security model to protect organizations and their IT portfolio from the increasing business risk of security incidents. Traditional security practices and tools are designed to secure the perimeter and by default […] | October 12, 2020
Read More

[Tutorial] External Authorization of Service Requests in Istio Service Mesh

Istio is an open source and platform-independent service mesh that provides functionality for traffic management, policy enforcement and telemetry collection in Kubernetes application environments. As a service mesh, Istio solves the service-to-service communication for the applications deployed within the cluster. Istio has a robust feature set to address these east-west traffic concerns.  In fact, we are huge Istio […]

Jim Barton | October 5, 2020
Read More

Webinar Recap – Protecting Applications with L4 and L7 Network Encryption for TLS/mTLS

API Gateways act as a control point for accessing backend application services by external clients and end users. Depending on the request path and the service the client is connecting to, organizations may want to secure it by encrypting the communications.  Gloo is a next generation API Gateway and Kubernetes Ingress controller that connects, manages […] | August 3, 2020
Read More

Hoot Livestream Series to Learn All About Envoy Proxy

In our previous Hoot series, we looked at the different service meshes and API gateway solutions available today, compared their architecture and philosophies. In our new series Chief Architect, Yuval Kohavi will provide a deep dive into Envoy Proxy.  What is Envoy Proxy? Envoy is an open source edge and service proxy designed for cloud-native […] | July 19, 2020
Read More

[Videos] Avoiding Downtime With Istio 1.6 Certificate Rotation

Istio uses certificates to issue workload identity following the SPIFFE specification. To manage issuing, signing, and rotating these certificates at runtime, Istio has a built in CA component (in Istio 1.5 and newer, you’ll see this co-located with the istiod component in the control plane). These workload certificates are used to establish mTLS, assert identity, […]

Christian Posta | July 14, 2020
Read More

Webinar Recap – Advanced Rate Limiting with Envoy Proxy and Gloo API Gateway

In last week’s webinar, Rick Ducott covered advanced use cases of rate limiting with Envoy as the edge proxy managed by Gloo API Gateway. Rate limiting is a strategy that can prevent service outages by protecting the service from being overrun with more requests than it’s resources can process and respond to within the agreed […] | June 30, 2020
Read More