magic oil |information technology colleges






9 Powerful Managed Firewall to guard Cloud Infrastructure

By Chandan Kumar on June 9, 2020

Posted in

Cloud Computing 

Security

apptrana

Get application security done the proper way! Detect, Protect, Monitor, Accelerate, and more…

Organizations from many industries have started moving their IT infrastructure to the cloud faster than ever.

When we mention infrastructure, it’s not just server, database, storage – there's more thereto .

A typical medium to an outsized organization would have the subsequent infrastructure components.

Server

Load balancer

Database

Messaging

Storage

Security/DDoS protection

and Firewall

In a traditional infrastructure, Firewall appliances may cost around a couple of thousand dollars and wish a firewall admin to manage it. It’s expensive.

Thanks to the managed firewall where you don’t need to buy expensive hardware appliances and hire an administrator for them.

The managed firewall may be a service where you buy what you employ either on-demand or monthly. You don’t need to worry about the hardware. you'll administer the firewall rules from intuitive GUI or command lines.

Note: the subsequent are infrastructure firewall and to not confuse with the online Application Firewall.

Let’s take a glance at a number of the managed firewall you'll use to guard your production infrastructure environment.

Google Cloud Platform

Google Cloud creates default firewall rules for every VPC (Virtual Private Cloud) network. you'll allow or deny connections to ingress (incoming) or egress (outgoing) rules, and that they are effective immediately.

It supports priority order between 0 to 65535, where rock bottom rule number got the very best priority. All are managed either through the “Firewall rules” section under VPC Network or instruction.

I use GCP and love simplicity.

Source support multiple options like IP ranges, sub-networks, source tag, or service accounts, and during a single line, you'll give multiple port numbers.

If you're already using Google Cloud, then fiddle with firewall rules to explore the chances to harden and secure the server at the network firewall level.

Check Point

A known name within the security industry – Checkpoint got the vSEC product for public and personal cloud security. vSEC is out there on a public cloud like AWS, GCP, Azure & VMware, and personal cloud as OpenStack, VMware NSX & Cisco ACI.vSEC provides advanced threat protection including firewall, IPS (Intrusion Prevention System), Anti-virus, Anti-bot, Zero-day protection, DLP (Data Loss Prevention), and application control.

You can try a FREE test drive.

Barracuda

Barracuda NexGen firewall is out there on the general public cloud – AWS, GCP & Azure. NexGen may be a full-featured firewall solution to supply network-level protection. It acts as a network gateway between your network and therefore the Internet and inspects all inbound & outbound traffics to guard supported the policies.

NexGen firewall got a built-in SD-WAN (Software-defined wide area network) to supply connectivity between the cloud to an on-premise data center.

Zscaler

Zscaler Cloud Firewall is powered by patented technologies like SSMA, ByteScan, PageRisk, Nanolog, PolicyNow to supply advanced security protection.

You can create a granular level of policies to regulate protocol, ports, location, user department, etc.

If you're trying to find all-in-one network security with a number of the subsequent features, then provide an attempt to Zscaler.

Cloud firewall

DNS/URL filtering

Bandwidth control

DNS Security

Anti-virus

File type controls

Data loss prevention

SonicWall

The SonicWall firewalls give your organization the safety, control, and visibility of the network hence allowing you to stop current and future cyber threats. the corporate offers a spread of solutions with flexible pricing plans to suit all sizes of companies. And you'll deploy the firewall as an on-premise or virtual appliance.

Features include

Protects network, infrastructure, public, private, and hybrid cloud environments from malware threats, ransomware attacks, DDoS, data theft, et al..

Advanced and intelligent threat management, detection, and protection

Advanced web page filtering

Quick and accurate decrypting and validating of huge volumes of network traffic

Automatically enforce antivirus protection.

Application control that has identification, bandwidth management, and granular application control

Great analysis dashboard, attack visualization, and real-time alerts.

Sophos XG

Sophos XG may be a comprehensive firewall solution optimized to effectively secure entire cloud environments. It provides the simplest visibility, protection, and response to threats targeting public and hybrid clouds. Key features include;

A rich feature, centralized dashboard with extensive reporting hence greater visibility and insights.

Cloud-based management platform that creates it easy to configure and scale the firewall components also as monitor network health and threats,

An easy and quick to deploy beat one solution with a firewall and other security measures like sandboxing, VPN, WAF, IDS, etc.

Enhanced threat protection to spot all kinds of attacks and therefore the ability to spot the hidden threat, risks, and vulnerabilities

Ability to automatically respond and also isolate compromised networks, hosts, and systems.

The Sophos XG features a free test period to assist you to discover out if it meets your requirements.

pfSense

Pfsense may be a powerful open-source firewall, Router, and VPN solution that fully secure IT systems. The low-cost security solution supported by FreeBSD operating systems is out there as a Netgate appliance, a cloud instance, a virtual machine, or as a white box hence suitable for a good range of deployment scenarios. It offers great, low-cost perimeter security for all kinds of companies and maybe a good selection if you've got a limited budget. The pfSense lightweight firewall solution doesn't require high-end hardware to run and features a wide selection of easy-to-manage features with a centralized configuration.

Key features include

Effective firewall, routing and VPN Load balancing,

Filtering web page 

Intruder detection and prevention system

Transparent Caching Proxy

supports on-premise and cloud environments

Effective and versatile solution.

Alternatively, you'll host pfSense yourself or get the running instance on the Kamatera cloud.

Imperva Cloud Security

Imperva security solution allows you to guard your cloud environment, applications, databases, APIs, and data. information technology training is often a versatile, affordable, and effective security solution that gives a good range of services while allowing you to manage everything from one place.

Usually available as a self-managed or as a SaaS model, Imperva allows you to guard all of your cloud workloads, ensure compliance, answer threats, and address a good range of security risks.

The easy to deploy and integrate solution features a continuous monitoring capability to supply you with real-time visibility and insights into your cloud environments.

Key features include;

An effective web application firewall (WAF)

Enhanced Data, applications, API security

protection against DDoS, BOTs, and other attacks

reliable data risks and attacks analytics and reports

Runtime Application Self-Protection (RASP)

Supports AWS, Azure, Google cloud platforms et al. 

Easily and quickly identify and mitigate security risks.

DigitalOcean

Cloud Firewall by DigitalOcean is free, and you don’t get to install any software on your server. you'll control what services are allowed to your droplet from what sources.

a firewall is straightforward to use, and you'll control the principles in one view to manage the whole DO infrastructure.

Conclusion

I hope above to offer you thought about a number of the cloud-managed firewall available within the market to guard small to enterprise business. If you're running out of budget then alternatively you'll try an open-source firewall. How to Configure SSL Certificate on Google Cloud Load Balancer?

By Chandan Kumar on December 2, 2018

Posted in

Cloud Computing

apptrana

Get application security done the proper way! Detect, Protect, Monitor, Accelerate, and more…

In my previous post, I talked about the way to implement SSL certificates on shared hosting, Cloud/VPS server, Cloudflare, etc., and a few of you asked the way to roll in the hay on Load Balancer (LB).

It’s an honest idea to terminate the SSL handshake at a network edge device for several reasons.

It’s faster

You can make changes on the fly

Easy maintenance

SSL/TLS hardening managed by LB

Google Cloud Platform (GCP) is astounding, and that I use it for Geek Flare and just like it. GCP offers many cloud solutions including the load balancer.

There are three sorts of load balancers available, and if you're hosting Web-based applications, then the HTTP(S) type is suggested.

I assume you have already got the subsequent ready.

Running web server

HTTP(S) LB with port 80

Implementing Certificate on Google Cloud LB

Log in to Google Cloud >> Network services >> Load balancing (direct link)

Click edit for the respective LB

How to Implement AWS EFS to Share filing system between EC2?

By Chandan Kumar on May 31, 2020

Posted in

Cloud Computing

apptrana

Get application security done the proper way! Detect, Protect, Monitor, Accelerate, and more…

If you're performing on a multi-server application environment where you've got a requirement to share a filing system between multiple servers, then you bought to line up NFS (Network File System).

NFS allows you to share the filing system on quite one server, but implementation requires some administration skills.

In a traditional infrastructure environment, you'll need to involve multiple teams, and would take time to make NFS. But if you're using AWS, you'll catch on wiped out a couple of minutes with their EFS (Elastic File System) service.

lets you create scalable file storage to be used on EC2. You don’t need to bother about capacity forecasting because it can proportion or down on-demand.

A quick illustration was taken from the AWS page to offer you a thought of how it works. Some of the EFS advantages are:

Fully managed by AWS.

Low cost, buy what you employ.

High available & durable

Automatically proportion or down.

Scalable performance

I’ve two EC2 Ubuntu instances running, and during this tutorial, I’ll create one EFS then mount it on both EC2 servers.

Let’s catch on started.

Login to AWS console

Go to Services and choose EFS under storage (direct link)

Click “Create a filing system .”This concludes you’ve created EFS and prepared it to be mounted on EC2 instances.

Mounting EFS on EC2

Before mounting, you would like to put in the NFS client. If you expand the list and click on “Amazon EC2 mount instructions”, you'll get the small print.

This is easy, isn’t it?

I tried creating a few files, and the overall performance looks good. cloud technology companies AWS EFS looks promising, and if you're in need of filing system sharing across EC2 instances, then provides a try, and that I am sure you'll love it.

Are you curious about learning more about AWS? inspect this Udemy course.

What are Cloudflare Apps and the way to feature them on Your Website?

By Chandan Kumar on August 2, 2020

Posted in

Cloud Computing

Cloudflare Apps aren't new, but lately, they need to introduce quite 200 tools to grow your email list, make money online, and obtain more customers.

Cloudflare Apps got a fresh look and now easy to integrate with the website.

What is Cloudflare Apps?

It’s like an app store where you'll explore tools from multiple categories in SEO, Social Media, Conversion, Payment, Security, Images, Ads, Analytics, etc.

How to Backup Google Cloud VM Automatically?

By Chandan Kumar on November 8, 2020

Posted in

Cloud Computing

apptrana

Get application security done the proper way! Detect, Protect, Monitor, Accelerate, and more…

You don’t need to bother about backup if you're hosting your website on shared hosting as most of the hosting provider takes care of the backup for you.

However, once you migrate hosting to cloud-like Google Cloud or AWS, then there are few things that you simply need to look out for yourself.

Backup is one among them!

Lately, I moved Geekflare to Google Cloud Platform and was trying to find a one-click backup option, but unfortunately, it doesn’t exist.

After some research, I learned backup procedure is slightly different, and that I loved it. the great thing is, you've got full control over your backup.

There are multiple levels (application, configuration, logs, etc.) of backup, and therefore the following I will be able to mention taking complete VM backup manually and automatically.

The term wont to take a backup of Google Cloud is named “snapshot.”

Some of the benefits of a snapshot.

You can take a snapshot while a disk is attached to the instance – no downtime during backup

It’s differential rather than creating full disk backup whenever – it reduces the backup storage cost and fast operation

Manually using Google Cloud Console

Google cloud console has the choice to require a snapshot of the disk, and it's easy.

Log in to Google Cloud and attend Disks under Compute Engine

Click on the disk name which is attached to the instance, and you would like to require a snapshot

Click on “CREATE SNAPSHOT.”

This indicates VM disk backup is completed. Whenever needed, you'll use this snapshot to restore/create a replacement VM with an equivalent state at the time of VM backup.

Automatically using Scripts

If your application has frequent changes and would really like to automate taking a snapshot regularly then the subsequent will assist you.

Log in to the instance in which you would like to require auto backup

Create a folder where you would like to store the script file

Download the script file by default, a script will keep the snapshot for the last seven days. If you would like to vary this schedule, then edit the script file and alter the worth of OLDER_THAN=7

Automatically using Google Cloud Console

Google recently introduced these features, and that I like it. Now, GCP has the choice for you to schedule a disk snapshot from the console itself.

Go to Compute Engine >> Snapshots

Click on the Snapshot schedules tab and therefore the following popup will appear. Click Create snapshot schedules

Let’s explore a number of available options.

Region – select where you would like to store your VM snapshot (backup)

Schedule frequency – choose how often you would like to require a backup from daily, weekly, hourly

Start time – at what time backup should be made. Choose low peak hours.

Autodelete snapshots after – what percentage of last snapshots you would like to stay at any time.

Deletion rule – what should happen if you delete the source disk (VM)

Once created, you ought to see them listed. That’s all!

Google Cloud will take the snapshot supported by the schedule.

You see, just spending a couple of minutes to line up a backup is often a lifesaver. information technology colleges On top of the snapshot, you ought to also consider enabling screenshots which may help to understand the VM state.

If you're curious about learning more then inspect this GCP certification course