The Tale of Smokey and the Crypto Bandits How Okteto uses Falco to keep users happy and our platform healthy Ramiro Berrelleza October 28, 2020 ● Co-founder of Okteto ● Former architect @ Atlassian malicious actions without requiring human intervention Future Ideas The Tale of Smokey and the Crypto Bandits Ramiro Berrelleza October 28, 2020

synchronisation 3 network-dpdk The DPDK library 2 Cryptography 3 introduction-to-crypto-libraries Introduction to crypto libraries 3 openssl OpenSSL 3 gnutls GnuTLS 3 network-security-services-nss Network bind-9-dnssec-cryptography-selection BIND 9 DNSSEC cryptography selection 3 openssh-crypto-configuration OpenSSH crypto configuration 3 Level Path Navlink 3 troubleshooting-tls-ssl Troubleshooting TLS/SSL Cryptography Introduction to crypto libraries OpenSSL GnuTLS Network Security Services (NSS) Java cryptography configuration BIND 9 DNSSEC cryptography selection OpenSSH crypto configuration Troubleshooting

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801 10.96 Apache Module mod session crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 804 10.97 Apache Module mod session SECKEYSIZE SSL CIPHER USEKEYSIZE renamed SSL SSLEAY VERSION SSL VERSION LIBRARY renamed SSL STRONG CRYPTO - Not supported by mod ssl SSL SERVER KEY EXP - Not supported by mod ssl SSL SERVER KEY ALGORITHM myName:rqXexS6ZhobKA 32http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt blowfish.c?view=markup 33http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr md5.c?view=markup 340 CHAPTER 9. APACHE MISCELLANEOUS

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802 10.96 Apache Module mod session crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805 10.97 Apache Module mod session SECKEYSIZE SSL CIPHER USEKEYSIZE renamed SSL SSLEAY VERSION SSL VERSION LIBRARY renamed SSL STRONG CRYPTO - Not supported by mod ssl SSL SERVER KEY EXP - Not supported by mod ssl SSL SERVER KEY ALGORITHM myName:rqXexS6ZhobKA 32http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt blowfish.c?view=markup 33http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr md5.c?view=markup 340 CHAPTER 9. APACHE MISCELLANEOUS

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885 10.103 Apache Module mod session crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 888 10.104 Apache Module mod session SECKEYSIZE SSL CIPHER USEKEYSIZE renamed SSL SSLEAY VERSION SSL VERSION LIBRARY renamed SSL STRONG CRYPTO - Not supported by mod ssl SSL SERVER KEY EXP - Not supported by mod ssl SSL SERVER KEY ALGORITHM myName:rqXexS6ZhobKA 32http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt blowfish.c?view=markup 33http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr md5.c?view=markup 364 CHAPTER 9. APACHE MISCELLANEOUS

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871 10.101 Apache Module mod session crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874 10.102 Apache Module mod session SECKEYSIZE SSL CIPHER USEKEYSIZE renamed SSL SSLEAY VERSION SSL VERSION LIBRARY renamed SSL STRONG CRYPTO - Not supported by mod ssl SSL SERVER KEY EXP - Not supported by mod ssl SSL SERVER KEY ALGORITHM myName:rqXexS6ZhobKA 32http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt blowfish.c?view=markup 33http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr md5.c?view=markup 364 CHAPTER 9. APACHE MISCELLANEOUS

SSL_SECKEYSIZE SSL_CIPHER_USEKEYSIZE renamed SSL_SSLEAY_VERSION SSL_VERSION_LIBRARY renamed SSL_STRONG_CRYPTO - Not supported by mod_ssl SSL_SERVER_KEY_EXP - Not supported by mod_ssl SSL_SERVER_KEY_ALGORITHM SessionCryptoPassphrase to create an encrypted session cookie. This required the additional module mod_session_crypto be loaded. In the simple example above, a URL has been protected by mod_auth_form, but the user the user through the use of mod_session_cookie, and the session is not protected with mod_session_crypto, the passphrase is open to potential exposure through a dictionary attack. Regardless of how the

SSL_SECKEYSIZE SSL_CIPHER_USEKEYSIZE renamed SSL_SSLEAY_VERSION SSL_VERSION_LIBRARY renamed SSL_STRONG_CRYPTO - Not supported by mod_ssl SSL_SERVER_KEY_EXP - Not supported by mod_ssl SSL_SERVER_KEY_ALGORITHM SessionCryptoPassphrase to create an encrypted session cookie. This required the additional module mod_session_crypto be loaded. In the simple example above, a URL has been protected by mod_auth_form, but the user the user through the use of mod_session_cookie, and the session is not protected with mod_session_crypto, the passphrase is open to potential exposure through a dictionary attack. Regardless of how the

SSL_SECKEYSIZE SSL_CIPHER_USEKEYSIZE renamed SSL_SSLEAY_VERSION SSL_VERSION_LIBRARY renamed SSL_STRONG_CRYPTO - Not supported by mod_ssl SSL_SERVER_KEY_EXP - Not supported by mod_ssl SSL_SERVER_KEY_ALGORITHM the user through the use of mod_session_cookie, and the session is not protected with mod_session_crypto, the passphrase is open to potential exposure through a dictionary attack. Regardless of how the security. These features are divided into several modules in addition to mod_session; mod_session_crypto, mod_session_cookie and mod_session_dbd. Depending on the server requirements, load the appropriate

SSL_SECKEYSIZE SSL_CIPHER_USEKEYSIZE renamed SSL_SSLEAY_VERSION SSL_VERSION_LIBRARY renamed SSL_STRONG_CRYPTO - Not supported by mod_ssl SSL_SERVER_KEY_EXP - Not supported by mod_ssl SSL_SERVER_KEY_ALGORITHM the user through the use of mod_session_cookie, and the session is not protected with mod_session_crypto, the passphrase is open to potential exposure through a dictionary attack. Regardless of how the security. These features are divided into several modules in addition to mod_session; mod_session_crypto, mod_session_cookie and mod_session_dbd. Depending on the server requirements, load the appropriate