![\"protecting-PII-against-data-breaches-report\"](\"/c673b27f12f7cefcfd503ad7676ff0a2/protecting-PII-against-data-breaches-report.webp\")
You need to stay on guard and ensure that your company's data is safe. Confining data security best practices to the organization's size never helped in the past, nor will it work in the future.
\nYou should be everywhere, from the server to the endpoint, across the web, at the office, and your consumer's system—blocking every loophole that's possibly out there.
\nWhy? Because the risk is real—and growing. It is no secret that though cybercriminals often target large businesses, smaller organizations are also attractive to them. The logic is simple. Small businesses usually follow a common \"not much to steal\" mindset by using fewer controls and easy-to-breach data protection strategies.
\nHackers accumulate consumer information with the clear intent of financially abusing organizations and consumers at large. In fact, according to Verizon's breach report, 71 percent of breaches are usually financially motivated.
\nClearly, what cybercriminals gain is what consumers lose, and those losses add up.
\nData security refers to the protective measures taken to safeguard digital information from unauthorized access, corruption, or theft throughout its lifecycle. It encompasses various technologies, processes, and practices designed to ensure the confidentiality, integrity, and availability of data. In the digital age, where information is a valuable asset, data security has become paramount for organizations to protect sensitive information from cyber threats.
\nData security involves implementing controls and procedures to prevent unauthorized access, modification, or destruction of data. This includes encryption to encode data into an unreadable format, access controls to restrict who can view or modify data, and authentication mechanisms to verify the identity of users accessing the data.
\nIn today's interconnected and data-driven world, enterprises rely heavily on digital data for their operations, decision-making, and competitive advantage. This reliance on data also brings significant risks, as cyber threats continue to evolve and become more sophisticated.
\nEnterprises often store vast amounts of sensitive data, including customer information, financial records, intellectual property, and strategic plans. Data breaches can lead to severe consequences such as financial loss, reputational damage, legal repercussions, and loss of customer trust.
\nIt is impossible to protect something that you do not know exists. Therefore, you need to recognize your data and its sensitivity with a high degree of accuracy.
\nYou should know exactly how your data is used, who is using it, and where it is shared. Dig out data from everywhere, including the multiple devices and cloud services, and categorize those according to their sensitivity and accessibility.
\nNext, build data security best practices, programs, and protocols around it.
\nSo, how do you avoid becoming a victim of cyberattacks? Here's our data security best practices checklist for 2024.
\nYou need to know precisely what types of data you have in order to protect them effectively. For starters, let your security team scan your data repositories and prepare reports on the findings. Later, they can organize the data into categories based on their value to your organization.
\nThe classification can be updated as data is created, changed, processed, or transmitted. It would help if you also came up with policies to prevent users from falsifying the degree of classification. Only privileged users should, for instance, be allowed to upgrade or downgrade the data classification.
\nOf course, data classification on its own is not adequate; you need to develop a policy that defines the types of access, the classification-based criteria for data access, who has access to data, what constitutes proper data use, and so on. Restrict user access to certain areas and deactivate when they finish the job.
\nDon't forget that there should be strong repercussions for all policy breaches.
\nYou need to offer the right access control to the right user. Limit access to information based on the concept of least privilege—that means only those privileges necessary for performing the intended purpose should be offered. This will ensure that the right user is using data. Here's are a few necessary permissions that you can define:
\nPhysical security is often overlooked when discussing data security best practices. You can start by locking down your workstations when not in use so that no devices are physically removed from your location. This will safeguard your hard drives or other sensitive components where you store data.
\nAnother useful data security practice is to set up a BIOS password to prevent cybercriminals from booting into your operating systems. Devices like USB flash drives, Bluetooth devices, smartphones, tablets, and laptops, also require attention.
\nYour network's endpoints are constantly under threat. Therefore, it is important that you set up a robust endpoint security infrastructure to negate the chances of possible data breaches. You can start by implementing the following measures:
\n
Word of mouth and intuitional knowledge isn't the right choice when it comes to cybersecurity. Document your cybersecurity best practices, policies, and protocols carefully, so it's easier to provide online training, checklists, and information-specific knowledge transfer to your employees and stakeholders.
\nPay attention to minute details like what risks your company may face and how they may affect employee and consumer data. This is where proper risk assessment comes into play. Here are a few things risk assessment allows you to take up:
\nA risk-based approach allows you to comply with regulations and protect your organization from potential leaks and breaches.
\nEducate all employees on your organization's cybersecurity best practices and policies. Conduct regular training to keep them updated on new protocols and changes that the world is adhering to. Show them examples of real-life security breaches and ask for feedback regarding your current security system.
\nMulti-factor authentication (MFA) is considered one of the most advanced and proven forms of data protection strategies. MFA works by adding an extra layer of security before authenticating an account. This means even if the hacker has your password, they will still need to produce a second or third factor of authentication, such as a security token, fingerprint, voice recognition, or confirmation on your mobile phone.
\nData security best practices aren't just confined to the list of precautionary steps above. There's more to it, including conducting regular backups for all data, encryption in transit and at rest, enforcing safe password practices, and the likes.
\nBut then, you need to understand that cybersecurity is not about eliminating all threats—that's not achievable. It also is something that you should not ignore. By taking the right security measure, you can at least mitigate risks to a large extent.
\n1. What are the five practices to ensure security for enterprise networks?
\nUse strong passwords, implement firewalls, update software regularly, monitor network traffic, and conduct regular security audits.
\n2. What is the best practice for data security?
\nThe best practice is a combination of encryption, access control, regular backups, and employee training.
\n3. How to secure data in an enterprise?
\nSecure data by encrypting sensitive information, using access controls, implementing multi-factor authentication, and maintaining physical security of devices.
\n4. What is the security of data used in an enterprise?
\nData security in an enterprise involves protecting sensitive information through various measures such as encryption, access controls, and monitoring.
\n![\"book-a-demo-loginradius\"](\"/8fce571f703a5970dbb1359a2fe0e51a/book-a-demo-loginradius.webp\")
Today, smartphones have become a mini replica of a fully functional computer. A smartphone has wifi connectivity, web browsing capabilities and the ability to run applications that provide a wide range of functions. That's great news for consumers who have active online lifestyles.
\nBut there's bad news too—smartphones have become a data treasure for hackers. It's a target that's hard for them to ignore. For example, hackers use smartphones as “entry points” to attack banks or other organizations for data. They send malicious messages from the victim’s phone - making the user accountable for the theft.
\nHackers do not even have to steal the victim's phone to download malware. They just have to plant viruses on websites designed to infect the smartphones and wait for the user to simply click a link on their phone. Such hidden mobile applications accounted for half of consumer mobile threats in 2019.
\nIf your smartphone is displaying one or more of the following unusual behavior, there is a possibility that your device has already been hacked.
\n![\"6-signs-that-confirm-your-smartphone-has-already-been-hacked\"](\"/e7433bbc924a09e3f78b8884f827cb73/6-signs-that-confirm-your-smartphone-has-already-been-hacked.webp\")
If your phone has been compromised by malware, the battery will drain faster than usual. This is because the malware uses the phone's resources to transmit sensitive information back to the hackers' server. So, if the phone usage habits have remained the same, but a noticeable and constant decrease in battery life is seen, then hacking may be the reason.
\nMalware and other hacking tools work in the background while using the smartphone's resources and battery power. This reduces performance significantly. Unexpected freezing of apps or crashes, phone restarting, or device heating up are also the signs that you need to keep an eye out for.
\nUnusually high data usage by a smartphone can be a sign of hacking. Malicious software might be using data in the background to record activities and send information to the hacker.
\nStrange behavior like outgoing calls or texts, which have not been sent by the smartphone user, can be hackers tapping into the phone. These calls or texts could be premium-rate numbers that malware is forcing your smartphone to contact. The earnings would be directed to the hacker’s account.
\nConstant pop-up alerts could indicate that the smartphone has been infected with adware, a form of malware. Hackers use adware to force users into viewing web pages that drive revenue through clicks. While all pop-ups are not necessarily malware attacks, some may also be phishing for identity attempts to attract users to give away sensitive information.
\nIf the phone has been hacked, hackers would be able to access social media, email, or apps, putting you at risk for identity fraud. Activities such as resetting passwords, emails being sent or read without the users' knowledge, or new account sign-ups are all signals which indicate that the phone is in the wrong hands.
\nIf you witness any of the above signs on your smartphone, there is a high possibility that your phone has been hacked. You need to take the appropriate steps to eliminate the malware that has attacked your phone. Some of the steps which you can follow are:
\nMany smartphone users believe that their mobile service providers should deploy cyber-protection. However, it is also the responsibility of the users to protect themselves from hackers. There are many different ways a hacker can get into your phone and steal personal and critical information.
\nHere are a few safety tips to ensure that you do not become a victim of phone hacking:
\n![\"8-ways-to-stop-someone-from-hacking-your-phone-again\"](\"/01f316edd17b5c0a026e51139b270c86/8-ways-to-stop-someone-from-hacking-your-phone-again.webp\")
Phones work on the same principle as a computer operating system. Whenever software updates for phone operating systems are available, users need to get their phones updated directly from the manufacturer's website. Hackers exploit vulnerabilities in out-of-date operating systems. Therefore, downloading the latest patches would be of great help in keeping your phone safe.
\nInstallation of any smartphone app requires users to grant permissions, including reading files, access the camera, or listening to the microphone. There are legitimate uses for these capabilities, but they're potentially open to misuse. Users need to be careful before approving such requests. Always download apps from a trusted source.
\nUsers need to keep track of the apps already downloaded on their smartphones. It may have been safe when installed the first time, but subsequent updates could have infected the smartphone. Always keep track of what permissions have been given to the apps while accessing the operating system of the smartphone. Various security apps would have helped provide an overview of the permissions, but users need to download such apps from trusted sites.
\nUsers should ensure that they keep their phone locked when not in use and also set a strong passcode. Smartphones are basically like computers, and hence, need antivirus and malware protection. Install a good antivirus package onto your smartphones to make it difficult for hackers to get in. Use lock patterns, facial recognition or voice recognition to add an extra level of access security for your smartphone.
\nServices like ‘find my device’ are provided by smartphone manufacturers to help users locate their stolen phone on a map and remotely erase their data. All users need to do is set their phone to automatically erase itself after a certain number of incorrect access attempts. It is also possible to make a phone ring even if it is kept on silent. It is helpful in tracking down phone that was just stolen.
\n![\"buyer-guide-to-multi-factor-authentication-ebook\"](\"/6189ed241659d7be186ca0c44dd9e974/buyer-guide-to-multi-factor-authentication-ebook.webp\")
Auto-login is a convenient feature that automatically logs in without entering the password as they are already saved in the browser. It is a huge security risk because hackers simply need to open the browser to access all the online accounts. Instead of using auto-login features, users should use a password manager app that requires them to re-enter a master password regularly.
\nUsing an open wireless network allows anyone in the vicinity to snoop on what you are doing online. At times, hackers open their own free wireless \"hotspots\" to attract users to access their wifi. Once connected, they can easily hack into phones.
\nSo, whenever you are not sure about the security of the wireless network, use your phone’s mobile internet connection. It will be a much safer and secure option. Users can also opt for VPN tools which route the traffic through a private encrypted channel. Turning on two-factor authentication for online accounts will also help protect your privacy on public wifi. Users should turn off bluetooth and personal hotspot functions when not required.
\nLocking your phone is important but as a secondary security measure, lock individual apps too. This capability can be implemented by using apps from a trusted source as they are not an inbuilt feature of the operating system.
\nSmartphones have become an essential part of our daily lives. Once you know about how your phone can be hacked, you can take various safety precautions to protect it from data theft. Furthermore, it will also keep your data secure from opportunist thieves or state-sponsored spies!
\n
Let's walk through how to build and push Docker images programmatically using Go. To do this, we need to talk to the Docker daemon via the Docker Engine API. This is similar to how the Docker CLI works, but instead of entering commands through a CLI, we'll be writing code with Docker's Go SDK.
\nAt the time of writing, the official Docker Go SDK docs provide great examples of running basic Docker commands with Go. However, it's missing examples on building and pushing Docker images, so we'll go over those in this blog.
\nBefore we begin, this blog assumes you have a working knowledge of Docker and Go. We'll go over the following:
\nFirst, we need to set up the environment. Create a project and include the app we want to containerize:
\nmkdir docker-go-tutorial && cd docker-go-tutorial && mkdir node-helloWe'll add a simple Node.js app:
\n// node-hello/app.js\nconsole.log("Hello From LoginRadius");with the Dockerfile:
\n// node-hello/Dockerfile\nFROM node:12\nWORKDIR /src\nCOPY . .\nCMD [ "node", "app.js" ]Next, install the Go SDK. These are the Docker related imports we will be using:
\n"github.com/docker/docker/api/types"\n"github.com/docker/docker/client"\n"github.com/docker/docker/pkg/archive"One way to build a Docker image from our local files is to compress those files into a tar archive first.
\nWe use the archive package provided by Docker:
\n"github.com/docker/docker/pkg/archive"tar, err := archive.TarWithOptions("node-hello/", &archive.TarOptions{})\nif err != nil {\n return err\n}Now, we can call the ImageBuild function using the Go SDK:
\nNote that the image tag includes our Docker registry user ID, so we can push this image to our registry later.
\nopts := types.ImageBuildOptions{\nDockerfile: "Dockerfile",\nTags: []string{dockerRegistryUserID + "/node-hello"},\nRemove: true,\n}\nres, err := dockerClient.ImageBuild(ctx, tar, opts)\nif err != nil {\nreturn err\n}To print the response, we use a scanner to go through line by line:
\nscanner := bufio.NewScanner(res.Body)\nfor scanner.Scan() {\n lastLine = scanner.Text()\n fmt.Println(scanner.Text())\n}This prints the following:
\n{"stream":"Step 1/4 : FROM node:12"}\n{"stream":"\\n"}\n{"stream":" ---\\u003e e4f1e16b3633\\n"}\n{"stream":"Step 2/4 : WORKDIR /src"}\n{"stream":"\\n"}\n{"stream":" ---\\u003e Using cache\\n"}\n{"stream":" ---\\u003e b298b8519669\\n"}\n{"stream":"Step 3/4 : COPY . ."}\n{"stream":"\\n"}\n{"stream":" ---\\u003e Using cache\\n"}\n{"stream":" ---\\u003e 1ff6a87e79d9\\n"}\n{"stream":"Step 4/4 : CMD [ \\"node\\", \\"app.js\\" ]"}\n{"stream":"\\n"}\n{"stream":" ---\\u003e Using cache\\n"}\n{"stream":" ---\\u003e 6ca44f72b68d\\n"}\n{"aux":{"ID":"sha256:238a923459uf28h80103eb089804a2ff2c1f68f8c"}}\n{"stream":"Successfully built 6ca44f72b68d\\n"}\n{"stream":"Successfully tagged lrblake/node-hello:latest\\n"}The last step would be checking the response for errors, so if something went wrong during the build, we could handle it.
\nerrLine := &ErrorLine{}\njson.Unmarshal([]byte(lastLine), errLine)\nif errLine.Error != "" {\n return errors.New(errLine.Error)\n}For example, the following error can occur during build:
\n{"errorDetail":{"message":"COPY failed: stat /var/lib/docker/tmp/docker-builder887191115/z: no such file or directory"},"error":"COPY failed: stat /var/lib/docker/tmp/docker-builder887191115/z: no such file or directory"}All together, the file looks like this:
\npackage main\n\nimport (\n\t"bufio"\n\t"context"\n\t"encoding/json"\n\t"errors"\n\t"fmt"\n\t"io"\n\t"time"\n\n\t"github.com/docker/docker/api/types"\n\t"github.com/docker/docker/client"\n\t"github.com/docker/docker/pkg/archive"\n)\n\nvar dockerRegistryUserID = ""\n\ntype ErrorLine struct {\n\tError string `json:"error"`\n\tErrorDetail ErrorDetail `json:"errorDetail"`\n}\n\ntype ErrorDetail struct {\n\tMessage string `json:"message"`\n}\n\nfunc main() {\n\tcli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())\n\tif err != nil {\n\t\tfmt.Println(err.Error())\n\t\treturn\n\t}\n\n\terr = imageBuild(cli)\n\tif err != nil {\n\t\tfmt.Println(err.Error())\n\t\treturn\n\t}\n}\n\nfunc imageBuild(dockerClient *client.Client) error {\n\tctx, cancel := context.WithTimeout(context.Background(), time.Second*120)\n\tdefer cancel()\n\n\ttar, err := archive.TarWithOptions("node-hello/", &archive.TarOptions{})\n\tif err != nil {\n\t\treturn err\n\t}\n\n\topts := types.ImageBuildOptions{\n\t\tDockerfile: "Dockerfile",\n\t\tTags: []string{dockerRegistryUserID + "/node-hello"},\n\t\tRemove: true,\n\t}\n\tres, err := dockerClient.ImageBuild(ctx, tar, opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdefer res.Body.Close()\n\n\terr = print(res.Body)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc print(rd io.Reader) error {\n\tvar lastLine string\n\n\tscanner := bufio.NewScanner(rd)\n\tfor scanner.Scan() {\n\t\tlastLine = scanner.Text()\n\t\tfmt.Println(scanner.Text())\n\t}\n\n\terrLine := &ErrorLine{}\n\tjson.Unmarshal([]byte(lastLine), errLine)\n\tif errLine.Error != "" {\n\t\treturn errors.New(errLine.Error)\n\t}\n\n\tif err := scanner.Err(); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}The equivalent Docker CLI command would be:
\ndocker build -t <dockerRegistryUserID>/node-hello .We'll push the Docker image we created to Docker Hub. But, we need to authenticate with Docker Hub by providing credentials encoded in base64.
\nIf you don't want to use your Docker Hub password, you can set up an access token and provide that in the Password field instead.
\nvar authConfig = types.AuthConfig{\nUsername: "Your Docker Hub Username",\nPassword: "Your Docker Hub Password or Access Token",\nServerAddress: "https://index.docker.io/v1/",\n}\nauthConfigBytes, _ := json.Marshal(authConfig)\nauthConfigEncoded := base64.URLEncoding.EncodeToString(authConfigBytes)Now, call the ImagePush function in the Go SDK, along with your encoded credentials:
\nopts := types.ImagePushOptions{RegistryAuth: authConfigEncoded}\nrd, err := dockerClient.ImagePush(ctx, dockerRegistryUserID + "/node-hello", opts)Together, this looks like:
\nfunc imagePush(dockerClient *client.Client) error {\n\tctx, cancel := context.WithTimeout(context.Background(), time.Second*120)\n\tdefer cancel()\n\n\tauthConfigBytes, _ := json.Marshal(authConfig)\n\tauthConfigEncoded := base64.URLEncoding.EncodeToString(authConfigBytes)\n\n\ttag := dockerRegistryUserID + "/node-hello"\n\topts := types.ImagePushOptions{RegistryAuth: authConfigEncoded}\n\trd, err := dockerClient.ImagePush(ctx, tag, opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdefer rd.Close()\n\n\terr = print(rd)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}The equivalent Docker CLI command (after docker login) would be:
\ndocker push <dockerRegistryUserID>/node-helloIstio is an Open Source service mesh (developed in partnership between teams from Google, IBM, and Lyft), providing a dedicated infrastructure layer for creating service-to-service communication that is safe, fast, and reliable. Having such a fanatical communication layer can provide various advantages, like providing observability into communications, providing secure connections, or automating retries and backoff for failed requests.
\nA service mesh also often has more complex operational requirements, like A/B testing, canary rollouts, rate limiting, access control, and end-to-end authentication.
\nIstio does this by adding a sidecar proxy which intercepts all network communication between microservices, then configures and manages Istio using its control plane functionality, which incorporates:
\nAn Istio service mesh is logically split into a data plane and a control plane.
\nThe data plane is composed of Envoy proxy deployed as sidecars. Envoy itself is an L7 proxy and communication bus designed for modern microservices-based architecture. These proxies intercept and control all network communication between microservices. They also collect and report telemetry on all mesh traffic.
\nThe control plane manages and configures the proxies to route traffic.
\n![\"Istio](\"https://istio.io/latest/docs/ops/deployment/architecture/arch.webp\")
Istio Pilot manages and configures all the Envoy proxy instances deployed. It takes the rules for traffic behavior provided by the control plane and converts them into configurations applied by Envoy.
\nResponsible for controlling the authentication and identity management between services. Allow developers to build a zero-trust network based on service identity.
\nResponsible for enforcing access control and usage policies across the service mesh and collects telemetry data from the Envoy proxy and other services.
\nIt is the basic feature of Istio, which facilitates the routing between services. Istio simplifies the configuration of service-level properties like circuit breakers, timeouts, and retries.\nAll traffic that your mesh services send and receive (data plane traffic) is proxied through Envoy, making it easy to direct and control traffic around your mesh without making any changes to your services.
\nFor discovering all the services in the ecosystem, Istio connects to the Service discovery System and populates its service registry. The Envoy sidecar proxy then uses this registry to route traffic to the correct service.
\nHere are a few resources you can add for your deployment apart from the basic service discovery and load balancing:
\nVirtual services play a key role in making Istio's traffic management flexible and powerful. They do this by strongly decoupling where clients send their requests from the destination workloads that actually implement them.
\nSo, instead of sending requests directly to a service data plane, you send traffic through this virtual service. Using virtual service, you can route requests to different versions of the same service or different hostnames based on particular endpoints. This helps us to do various other things like A/B testing or doing canary rollouts.
A typical example:
\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: bookinfo\nspec:\n hosts:\n - bookinfo.com\n http:\n - match:\n - uri:\n prefix: /reviews\n route:\n - destination:\n host: reviews <-- Resolves to reviews.<namespace>.svc.cluster.local\n - match:\n - uri:\n prefix: /ratings\n route:\n - destination:\n host: ratingsWe use destination rules to configure what happens to traffic for that destination. Destination rules are applied after virtual service routing rules are evaluated, so they apply to the traffic's real destination.
\nUsing destination rules, we specify the subsets of the service using labels, which are then used by the virtual service to route requests to a particular subset. In addition to that, we can also customize traffic policy, load balancing policy, connection pool settings, mTLS, etc.
apiVersion: networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n name: my-destination-rule\nspec:\n host: my-svc\n trafficPolicy:\n loadBalancer:\n simple: RANDOM\n subsets:\n #### This will work only if we have defined version label in the deployment\n - name: v1\n labels:\n version: v1\n - name: v2\n labels:\n version: v2\n trafficPolicy:\n loadBalancer:\n simple: ROUND_ROBIN\n - name: v3\n labels:\n version: v3Here we have defined destination rule for service my-svc and defined subsets and traffic policy global and per subset.
\nIt is used to manage inbound and outbound traffic for your mesh, letting you specify which traffic you want to enter or leave the mesh. Gateway configurations are applied to standalone Envoy proxies running at the edge of the mesh, rather than sidecar Envoy proxies running alongside your service workloads. Using this, we can expose our services to the internet.
\nA typical example would be:
\napiVersion: networking.istio.io/v1alpha3\nkind: Gateway\nmetadata:\n name: my-svc-gateway\n namespace: test\nspec:\n selector:\n istio: ingressgateway\n servers:\n - port:\n number: 80\n name: http\n protocol: HTTP\n hosts:\n - my-svc.example.comistio: ingressgateway is the gateway which is enabled by default after installation. We can create our custom gateway. Here, the hosts my-svc.example.com will resolve to the load balancer provided by the Istio by default. To use this gateway, one has to add config in the virtual service like for example:
\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: my-svc\nspec:\n hosts:\n - my-svc\n - my-svc.example.com <-- The host should match\n gateways: <--- gateway config\n - my-svc-gateway\n http:\n - route:\n - destination:\n host: my-svc.test.svc.cluster.local\n port:\n number: 80 This feature provides network configuration dynamically at runtime, which includes retries, fault injection, circuit breakers, and timeouts.
\nThis object is used to add an external service as part of the service mesh, including a service running in a VM or other K8s cluster in case of multi-cluster installation.
\nA typical example would be connecting a service to a database cluster that is not part of the mesh.
\napiVersion: networking.istio.io/v1alpha3\nkind: ServiceEntry\nmetadata:\n name: elasticsearch\n namespace: test\nspec:\n hosts:\n - elasticsearch.elasticsearch.svc.cluster.local\n location: MESH_INTERNAL\n ports:\n - name: https\n number: 9200\n protocol: TCP\n resolution: DNSThe Service Entry should be in the same namespace as that of the calling service. This is helpful, especially in the case where the service is not exposed to a public endpoint and can be accessed using internal service DNS like the above example.
\nIstio provides security features that will help us to establish a zero-trust network. Istio enables security by default and provides various authentication and authorization policy to regulate security.
\nFor example:
\napiVersion: security.istio.io/v1beta1\nkind: PeerAuthentication\nmetadata:\n name: dsl-es\n namespace: pdp-test\nspec:\n selector:\n matchLabels:\n app: dsl-es\n mtls:\n mode: STRICTHere we define a peer authentication object for a service labeled my-svc, which tells that any service that needs to talk to my-svc will communicate using mtls. The service will accept only TLS connection. By default, Istio enables PERMISSIVE mode, which accepts both plaintext and encrypted communication.
\nWe can define peer authentication on the mesh, namespace, and pod level.
\nThat is all for the introduction to Istio. In the next part, we will look at installing Istio and configuring services to use Istio.
\n","frontmatter":{"date":"December 07, 2020","updated_date":null,"description":"This post will give a high-level introduction to Istio and its related concepts and terminologies.","title":"Istio Service Mesh: A Beginners Guide","tags":["Istio","Service Mesh"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/d8ff8c7b29395837a840c4013f351290/58556/Istio.webp","srcSet":"/static/d8ff8c7b29395837a840c4013f351290/61e93/Istio.webp 200w,\n/static/d8ff8c7b29395837a840c4013f351290/1f5c5/Istio.webp 400w,\n/static/d8ff8c7b29395837a840c4013f351290/58556/Istio.webp 800w,\n/static/d8ff8c7b29395837a840c4013f351290/210c1/Istio.webp 900w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Piyush Kumar","github":"kpiyush17","avatar":null}}}},{"node":{"excerpt":"It is fine when you and the rest of your team are working on different files. But sometimes, multiple people simultaneously work on the same…","fields":{"slug":"/engineering/git-pull-force/"},"html":"It is fine when you and the rest of your team are working on different files. But sometimes, multiple people simultaneously work on the same files, and that's where the problems arise.
\nJust a Note: git pull = git fetch + git merge
In this scenario, when you have local changes in your system and you pull the latest contribution, you got this error.
\nerror: your local changes to the following files would be overwritten by merge: readme.md\nplease commit your changes or stash them before you merge.\nAborting...
git stash (stash the local changes clean the workspace)\ngit pull (pull the latest changes from remote )\ngit stash apply (apply the latest stash)
-----------(or)---------------
\ngit fetch (fetch the local machine folder)\ngit stash (stash the local changes clean the workspace)\ngit merge '@{u}' (merge the changes from local folder to workspace folder)\ngit stash pop (apply the latest stash )
By default, the stash changes will become staged. If you want to unstage them, use git restore --staged (git ver > 2.25.0).
git reset --hard HEAD (reset to the head means remove all local changes)\ngit pull (get the latest changes)
-----------(or)---------------
\ngit fetch (fetch the local machine folder)\ngit reset --hard HEAD (reset to the head means remove all local changes)\ngit merge '@{u}' (merge the changes from the local folder to workspace folder)
Now you must be thinking, what is git pull --force then?
it feels like it would help to overwrite local changes. instead, it fetches forcefully but does not merge forcefully (git pull --force = git fetch --force + git merge).
Like git push, git fetch allows us to specify which local and remote branch we want to work on. git fetch origin/ft-1:my-ft means the changes in the ft-1 branch from the remote repository will end up visible on the local branch my-ft. When such kind of operation modifies the existing history, it is not allowed by the Git without an explicit --force parameter.
In September 2020, the Republican members of the Senate Commerce Committee, Science, and Transportation (“the Committee”) introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act (\"the Safe Data Act\"). The committee was chaired by Roger Wicker and co-sponsored by several other Republicans in the Senate.
\nSenator Wicker had a working staff discussion draft version called the United States Consumer Data Privacy Act of 2019 last November. The Safe Data Act follows the footprints of the 2019 draft but makes a few essential improvements regarding the privacy, cybersecurity, and compliance risks of citizens in the United States.
\nSo, let's help you catch up on this new federal privacy law—what it covers and what businesses have to do to stay compliant.
\nThe Safe Data Act combines three previously introduced privacy protection bills viz.
\nAmericans would have a greater choice of control over their data. In particular, the law would create rights to transparency, access, deletion, correction, and portability for consumers. Additionally, businesses would require to make a baseline level of data security, including opt-in consent for the process and transfer of sensitive data.
\n![\"alt_text\"](\"/742ce938d39507eb9ea11541d71bd4b5/safe-data-act.webp\" "\\"safe-data-act\\"")
Image source: [iapp]
\nNeedless-to-say, you must understand the risk profile of any partner before you allow them near your sensitive consumer data.
\nIf passed, the Federal Trade Commission would enforce the Safe Data Act by prioritizing it over existing state privacy laws such as the CCPA. It is expected to pass through the 117th Congress in January 2021.
\nThe Safe Data Act resembles two of the most stringent existing privacy regulations to date, the E.U.'s GDPR and California's CCPA.
\nSome key provisions include:
\nMoving on, when a new legislation is about to come into force, the first step every business should take is to establish a compliance checklist that covers the requirements of that particular law.
\nHere's how you can adopt the best risk management practices to ensure that your business is ready for compliance.
\n![\"protect-your-consumer-privacy-with-loginradius\"](\"/fbfc34de9459269451038e671fed5c3e/protect-your-consumer-privacy-with-loginradius.webp\")
![\"WP-The-CCPA-and-Customer-Identity-Reaping-the-Benefits-of-Compliance\"](\"/4f72764a5d3e6b2a92b10f84bd5dc58f/WP-The-CCPA-and-Customer-Identity-Reaping-the-Benefits-of-Compliance.webp\")
In a bid to ensure businesses the highest level of protection, the LoginRadius consumer identity and access management (CIAM) platform adheres to the major regulatory and privacy regulations around the world.
\nIt is in your businesses' best interest to comply with privacy regulations, like the Safe Data Act. Not only does it help you dodge off data breaches and cyber attacks, but it also confirms businesses that they can trust you with their confidential consumer data—and that's priceless!
\n
Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},"pageContext":{"limit":6,"skip":654,"currentPage":110,"type":"///","numPages":164,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}