Security Misconfiguration

Understand common security misconfigurations such as default passwords and overly broad server listening. Learn practical steps to secure admin logins, reduce attack surfaces, and enforce strong password hygiene to protect distributed systems.

We'll cover the following...

Admin logins
MangoDB
Server listening too broadly

Admin logins

How many times have you typed “admin/admin” as a login? It may seem ridiculous, but default passwords are a serious problem. Attackers have entered applications, network devices, and databases by using the default, out-of-the-box admin login. This is just one kind of security misconfiguration.

Security misconfiguration usually takes the form of omission. Servers enable unneeded features by default. We forget (or don’t know) to disable them and thereby leave an unconfigured, unmonitored entry point open. Admin consoles are a common source of problems. Seek them out and force good password hygiene. Never allow a default password on a production server. Cast a wary eye on containers, especially if building on an image that includes applications. ...

1.Living in Production

2.The Exception That Grounded an Airline

3.Stabilize Your System

4.Stability Antipatterns

5.Failures And Blockages

6.Force Multiplier

7.Stability Patterns

8.Launching An Online Store

9.Foundations

10.Processes on Machines

11.Interconnect

12.Control Plane

13.Security

14.Design for Deployment

15.Handling Versions

16.Case Study: Trampled by Your Own Customers

17.Adaptation

18.System Architecture

19.Information Architecture

20.Chaos Engineering

21.Bibliography

Security Misconfiguration

Admin logins