Time  Nick       Message
13:20 hydrajump  anyone have experience with IDS/IPS on AWS? And/or WAF such as incapsula http://incapsula.com? /cc codex
13:25 lguillaume pdurbin: I stopped using kde years ago. I'm sure it's even more bloated now! Now (when I need X) I just use twm or xfce if I want a desktop.
13:27 pdurbin    lguillaume: wow! you even had your wife on KDE for a while! (the poor thing)
13:28 lguillaume Yeah - she has a Mac now :)
13:29 pdurbin    good for her. but you're still on netbsd?
13:30 lguillaume Servers are all netbsd. Rock solid. Easy to upgrade and pkgsrc works the same on my macs as it does on netbsd
13:30 pdurbin    ah. for mac I use homebrew
13:30 lguillaume I've always had a mac for work.
13:31 lguillaume Never needed to jump on that bandwagon
13:32 pdurbin    there's a guy from oftc/#ikiwiki who's really into pkgsrc
13:35 pdurbin    this guy: https://github.com/schmonz/pkgsrc-ikiwiki
13:37 lguillaume I don't know why it's not more popular
13:39 pdurbin    searchbot: lucky xkcd standards
13:39 searchbot  pdurbin: http://xkcd.com/927/
13:42 pdurbin    that could be why
13:42 lguillaume Indeed
13:46 pdurbin    hydrajump: nope, but semiosis uses a lot of AWS. Oh, and (unrelated) check this out: https://t37.net/is-docker-ready-for-production-feedbacks-of-a-2-weeks-hands-on.html
13:55 codex      hydrajump: we are just getting into that at work -- not yet though
13:55 codex      going to start poking at incapsula soon
15:13 hydrajump  codex: same here. I'm investigating what we can do from using 3rd party SaaS such as incapsula to what we can do within our AWS VPC which is running (will be) CoreOS and DOcker.
15:15 pdurbin    wow. coreos. fancy
15:16 hydrajump  Due to the way CoreOS is built, e/g. read-only, no package managers. Installing HIDS won't work. I think that our security efforts will be securing our node apps in terms of secure coding practices, making sure all communication is using SSL internally as well as externally.
15:18 hydrajump  Using something such as Incapsula will hopefully go quite a long way. I don't know what can be done in terms of the Docker containers. Each container should ideally run one process. We discussed iptables a few weeks ago. I haven't looked into how that works in Docker containers.
15:18 hydrajump  I don't know whether running a Suricata container behind our ELBs is something to consider. Never used it myself.
15:20 hydrajump  codex: if you can...can you share what types of things you are looking at besides incapsula? What are your thoughts on what I've described?
15:21 hydrajump  pdurbin: hehe it's what I see most companies going towards at least startups and companies who understand the benefits.
15:22 pdurbin    hydrajump: this is even fancier: Mirage OS - http://www.openmirage.org
15:22 codex      hydrajump: i am not involved in this, but I think i will be soon -- i'll let you know what we research
15:22 codex      we were looking at "cloud ids" and also a waf -- and incapsula looks to be putting the two together
15:23 codex      hydrajump: that said, a whole bunch of my co-workers use vyatta (now brocade) for the IDS/cloud firewall
15:44 semiosis   hydrajump: nidps or hidps?  i have used ModSecurity in AWS, but that's no different from using it anywhere else
16:12 semiosis   pdurbin: http://www.infoworld.com/article/2835160/java/robovm-enables-java-to-ios.html
16:13 pdurbin    meh. ios
16:14 * pdurbin  remembers Cisco IOS
16:18 hydrajump  codex: ay yeah Vyatta I'm familiar with. Incapsula looks like it is doing a lot of layer 7 web application specific filtering which is probably what a web focused company needs in terms of protection
16:19 codex      hydrajump, semiosis: https://awsmedia.s3.amazonaws.com/SEC402.pdf
16:20 codex      not sure if helpful - haven't had time to read yet, but only "stuff" on IDS in Aws
16:20 hydrajump  codex: yeah I watched that presentation and downloaded the secaudit.json Role Policy and the SecConfig.py script
16:20 hydrajump  Very good presentation covering the AWS parts.
16:21 hydrajump  codex: (http://www.youtube.com/watch?v=aGfKCmnmh5g)
16:21 hydrajump  Intrusion Detection in the Cloud (SEC402) | AWS re:Invent 2013 ^^
16:22 hydrajump  codex: what do you use today to centralise logs? ELK?
16:22 semiosis   great stuff!
16:22 semiosis   thx for these links
16:22 codex      thanks
16:22 codex      hydrajump: splunk
16:22 hydrajump  codex: ok
16:23 hydrajump  semiosis: yeah really good presentation!
19:57 semiosis   pdurbin: icymi, ubuntu utopic unicorn final release is this thursday!
19:57 semiosis   https://wiki.ubuntu.com/UtopicUnicorn/ReleaseSchedule
20:05 lguillaume Just curious - why Ubuntu and not just Debian?
20:29 pdurbin    yeah, I should try Debian, I guess. I dunno. strength in numbers or something
20:30 pdurbin    semiosis: yeah, saw that. has java 8, which is nice
20:38 semiosis   lguillaume: or slackware for that matter?!
21:03 semiosis   lguillaume: but seriously, ubuntu is pretty far ahead of debian.  if you're using modern x86 hardware, it's great.  if you're on a raspberry pi or some other strange thing, then there's probably a debian build for it
22:20 pdurbin    netbsd runs on everything
22:28 lguillaume :) even on my SE 30
22:29 pdurbin    oh man, the tinky wars
22:29 lguillaume I still got mine. Does that mean I win ?
22:29 pdurbin    it does :)
22:30 lguillaume hehe. I mean a rpi is quite "tinky"
22:31 pdurbin    haven't played with one yet
22:31 lguillaume nor I
22:31 lguillaume I have my firewalls running on Soekris boxes
22:31 lguillaume not quite as small or powerful, but very good hardware
22:32 pdurbin    oh yeah. I don't have any servers at home anymore. the server on a lamp timer is long gone
22:33 lguillaume I know - I'm a glutton for punishment and high electric bills
22:36 pdurbin    I bet that Soekris box is pretty low power
22:36 lguillaume That's not the culprit :)
22:37 lguillaume I think it's the media server and the Xen host with all the websites and the mail server
22:41 pdurbin    lguillaume: speaking of Xen, I'm curious if you've heard of http://www.openmirage.org
22:43 lguillaume huh - interesting.
22:44 pdurbin    yeah, Xen... not Linux... perfect for you :)
22:44 pdurbin    dunno how you feel about OCaml though ;)
22:45 lguillaume Or what I'd do with just a kernel!
22:46 pdurbin    their website is hosted on it... so you can run a web app
22:47 pdurbin    it's all open source: https://github.com/mirage
22:48 lguillaume great idea and use of Xen
22:48 pdurbin    this one is their website: https://github.com/mirage/mirage-www
22:49 lguillaume Do you guys use EC2 for a lot of stuff?
22:49 pdurbin    65% javascript, 20% ocaml
22:49 pdurbin    I don't. semiosis does
22:49 lguillaume I wonder how hard it is to port a DOMU running on a NetBSD DOM0 to EC2
22:50 pdurbin    why port the domu? let amazon be the domu :)
22:52 lguillaume well - say I have a running system. I want to just drop it in as an image of some sort on their DOM0 (or whatever they call that)
22:58 pdurbin    maybe there's a tool to convert your Xen images into AMIs (the images that run on Amazon)
23:12 semiosis   lguillaume: afaik there are not different linux kernels for different xen dom0, the same should work on all
23:13 semiosis   lguillaume: there is one catch, which is the bootloader.  i remember when ubuntu switched to pv-grub, which allowed for simple kernel upgrades without having to build a new image
23:15 semiosis   if you have a pv-grub kernel in the AMI then you should be able to boot the kernel from the root device
23:15 semiosis   whatever it is
23:16 * semiosis afk