Security

The Bastion - Part 3

The Bastion – Part 3 – Security at the core

In previous parts, we’ve covered the basic principles of the bastion. We then explained how delegation was at the core of the system. This time, we’ll dig into some governing principles of how The Bastion is written. In a nutshell, the main purpose of the bastion is to ensure security, auditability and reliability in all …

The Bastion – Part 3 – Security at the core Read More »

DNSSEC

An introduction to DNSSEC

DNS (Domain Name System) is the “phone book” of the internet – meaning that it translates a human-readable domain name (like ovhcloud.com) into a computer-readable IP (54.39.46.56). The DNS was designed when the internet first started. At that time, the Internet was not as big, or critical as it is today.DNS, therefore, was designed on …

An introduction to DNSSEC Read More »

OVHcloud Predictor - Part 1

OVHcloud Predictor, part 1

In our previous article concerning the CVE-2017-9841 vulnerability, we presented our web application firewall (WAF) implemented with NAXSI. Usually, a WAF is run directly on the web server. At OVHcloud, we chose to run our web application firewall upstream, on a very powerful software layer that is specific to our web hosting infrastructures. These are …

OVHcloud Predictor, part 1 Read More »

The OVHcloud Bastion - Part 2

The OVHcloud SSH Bastion – Part 2: delegation dizziness

This is the second part of a blog series, here is part one. We’ve previously found that the bastion is not your usual SSH jumphost (in fact, we found it is not a jumphost at all) and we discussed how the delegation was one of the core features we’d originally needed. So, let’s dive into …

The OVHcloud SSH Bastion – Part 2: delegation dizziness Read More »

Confinement and remote working — don’t overlook your data security

With confinement measures now being enforced in an increasing number of countries, we can really see the extent to which technology helps us combat isolation. Technology is what enables us to continue studying, stay in touch with those we care about, and keep ourselves entertained. We are even seeing the emergence of new ways to …

Confinement and remote working — don’t overlook your data security Read More »

Protect Yourself, And Protect Your IT Infrastructure

On 20th March 2020, ENISA (the European Union Agency for Cybersecurity) published an article calling for vigilance from both companies and individuals, following scam attempts that are capitalising on the COVID-19 healthcare crisis. Various organisations such as ANSSI (the National Cybersecurity Agency of France), the NCSC (National Cyber Security Center), and CISA (Cybersecurity And Infrastructure …

Protect Yourself, And Protect Your IT Infrastructure Read More »

CVE-2017-9841: What is it, and how do we protect our customers?

CVE-2017-9841: What is it, and how do we protect our customers?

Recently, a previously-identified CVE (Common Vulnerabilities and Exposures) security breach, CVE-2017-9841, was thrust back into the spotlight, thanks to PrestaShop‘s security alert. Unfortunately, it’s already been exploited ‘in the wild’ for a while now. What are the risks ? The CVE-2017-9841 vulnerability lets a malicious user remotely run PHP code on fallible websites, by exploiting …

CVE-2017-9841: What is it, and how do we protect our customers? Read More »

Linux Kernel Vulnerabilities Affecting The Selective ACK Component

On June 18th 2019 at 7pm CEST, 4 vulnerabilities have been disclosed affecting the TCP stack of the Linux kernel. These vulnerabilities relies on an integer overflow in the Linux kernel which can lead to a kernel panic on one hand, and on an algorithmic complexity in the SACK implementation leading to CPU resource exhaustion …

Linux Kernel Vulnerabilities Affecting The Selective ACK Component Read More »