Hacker News new | past | comments | ask | show | jobs | submit login

Yeah it's nuts. The best solution I've found is some kind of cloud firewall, whether that be an off the self service that you use with whatever cloud provider you are using, or rolling your own by routing all traffic through another host that doesn't have Docker nuking all your firewall rules every time it restarts.



This.

You need a last resort security control against stuff like this anyway. Even an automation failure or misunderstanding of a ruleset can leave you exposed.

Security must be layered.


To be fair either in the cloud or on premise, firewall is a must. It’s just one of the layers of security.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: