blog.howardjohn.info/posts/bypass-egress
Preview meta tags from the blog.howardjohn.info website.
Linked Hostnames
4Search Engine Appearance
Outbound sidecars are not secure enforcement points
It is a very common misconception that egress policies in Istio can be used for security purposes. This is not true. Despite repeatedly explaining this (and documenting it), I still often see people that do not believe it, and that they can just add one more check to lock things down. In this post, I will show a variety of ways to bypass any possible check, and prove that these policies cannot be used as secure policies.
Bing
Outbound sidecars are not secure enforcement points
It is a very common misconception that egress policies in Istio can be used for security purposes. This is not true. Despite repeatedly explaining this (and documenting it), I still often see people that do not believe it, and that they can just add one more check to lock things down. In this post, I will show a variety of ways to bypass any possible check, and prove that these policies cannot be used as secure policies.
DuckDuckGo
https://blog.howardjohn.info/posts/bypass-egressOutbound sidecars are not secure enforcement points
It is a very common misconception that egress policies in Istio can be used for security purposes. This is not true. Despite repeatedly explaining this (and documenting it), I still often see people that do not believe it, and that they can just add one more check to lock things down. In this post, I will show a variety of ways to bypass any possible check, and prove that these policies cannot be used as secure policies.
General Meta Tags
14- titleOutbound sidecars are not secure enforcement points | howardjohn's blog
- charsetutf-8
- X-UA-CompatibleIE=edge
- viewportwidth=device-width, initial-scale=1, shrink-to-fit=no
- robotsindex, follow
Open Graph Meta Tags
6- og:urlhttps://blog.howardjohn.info/posts/bypass-egress/
- og:site_namehowardjohn's blog
- og:titleOutbound sidecars are not secure enforcement points
- og:descriptionIt is a very common misconception that egress policies in Istio can be used for security purposes. This is not true. Despite repeatedly explaining this (and documenting it), I still often see people that do not believe it, and that they can just add one more check to lock things down. In this post, I will show a variety of ways to bypass any possible check, and prove that these policies cannot be used as secure policies.
- og:localeen-us
Twitter Meta Tags
3- twitter:cardsummary
- twitter:titleOutbound sidecars are not secure enforcement points
- twitter:descriptionIt is a very common misconception that egress policies in Istio can be used for security purposes. This is not true. Despite repeatedly explaining this (and documenting it), I still often see people that do not believe it, and that they can just add one more check to lock things down. In this post, I will show a variety of ways to bypass any possible check, and prove that these policies cannot be used as secure policies.
Link Tags
7- apple-touch-iconhttps://blog.howardjohn.info/apple-touch-icon.png
- canonicalhttps://blog.howardjohn.info/posts/bypass-egress/
- iconhttps://blog.howardjohn.info/favicon.ico
- iconhttps://blog.howardjohn.info/favicon-16x16.png
- iconhttps://blog.howardjohn.info/favicon-32x32.png
Website Locales
1
enhttps://blog.howardjohn.info/posts/bypass-egress/
Links
14- https://blog.howardjohn.info
- https://blog.howardjohn.info/archives
- https://blog.howardjohn.info/posts
- https://blog.howardjohn.info/posts/go-map
- https://blog.howardjohn.info/posts/lts