Container networking in the AWS VPC is now much simpler following AWS’s announcement of EC2 IP prefix assignments. Want to get rid of overlays and bridge networking? Let’s examine how the new IP prefix assignment functions and how it can be used to enable containers as first class citizens on the network. Feature Overview Prior […]
Designing cloud infrastructures that include security appliances for traffic inspection is easier following Amazon’s introduction of a feature called VPC Ingress Routing. In this article and accompanying video, I’ll examine the feature and how you can use it to force inbound traffic though security appliances. Companies that operate in highly regulated environments frequently require security […]
Whether you are a developer or network engineer, designing and implementing services in the AWS VPC requires an understanding of IP networking. My objective in this post about classifying IP addresses in the AWS VPC is to teach you one thing you didn’t previously know. Let’s dive in. The first way that IP addresses can […]
The recent announcements on IPv6 support for the Network Load Balancer and Fargate reminded me of AWS’s steady progress towards more widespread coverage for the current version of IP. The EC2 networking team deserves credit for the advances made since IPv6 was first supported on the Classic Load Balancer back in 2011. I believe that […]
Secure Access Service Edge (SASE) is a new enterprise technology category introduced by Gartner in 2019. SASE converges the functions of network and security point solutions into a unified, global cloud-native service. Because SASE has become such a hot buzzword, many vendors have slapped the term SASE onto their offerings without truly providing the upside […]
Highly regulated industries typically have a requirement for a firewall to inspect all traffic and out of select VPCs. The traffic could be sourced from other VPCs, on-premise or the Internet. In this post, we’ll examine two designs for forcing all inbound traffic from the Internet to traverse a firewall or similar appliance. Prior the […]
You may be looking at the title of the blog and wondering what the term “shift left” means in the context of cybersecurity. You are not alone. The term has yet to reach buzzword status among C-level executives; however, the chances are you will hear more about it more soon and you certainly must understand […]
Effectively embedding digital initiatives in your organizations strategy and your strategic planning is challenging in its own right as well as driving your digital transformation. It is often an exciting and equally challenging journey and more often than not seemingly less important items fall by the wayside—one of which is cybersecurity. As you are embarking […]
Irrespective of whether you or your organization is based in the European Union or not, if you are concerned about cybersecurity risks, the NIS directive should be on your radar – literally! What is NIS you may wonder? It’s the EU Network Information Security (NIS) Directive that has been passed into member state law this […]
Expect to see major announcements around networking and security at re:Invent next week. AWS has already enhanced its Application Load Balancer (ALB) and Network Load Balancer (NLB) ahead of its annual conference (see here for more details). As I did a year ago, I’m compiling a list of network and security features that would help […]