How to Use Nginx, LetsEncrypt and Certbot for Secure Access to MinIO
Learn how to secure, load balance and scale your MinIO instances with Nginx, LetsEncrypt and Certbot.
Read moreLearn how to secure, load balance and scale your MinIO instances with Nginx, LetsEncrypt and Certbot.
Read moreEncrypting network traffic is low-hanging fruit when securing IT infrastructure. MinIO follows a pragmatic approach when it comes to TLS. It has to be secure, it has to be performant and it has to be simple. Things that matter In almost all cases, there are just a couple of things we need to take into consideration: * The TLS version. * The
Read moreLXD is a next generation system container and virtual machine manager for Linux systems from Canonical Ltd. LXD lets you manage your containers with a simple command line tool or via a REST API. LXMIN (lex-min) is a simple backup and restore tool for LXD instances (containers or virtual machines) using MinIO object storage. It provides both a command line
Read moreLearn how Reed-Solomon erasure coding provides data protection for distributed object storage at scale.
Read moreLearn how to add external TLS certificates to MinIO tenants and access them using SNI.
Read moreIn 2022, every business must take precautions to protect against the serious threat of ransomware. In 2020 and 2021, we saw an increase in the number and severity of ransomware attacks, and 2022 promises to continue this fearsome trend. According to BlackFog [https://www.blackfog.com/2021-ransomware-attack-report/], in 2021 there was a record total of 292 reported ransomware attacks. Of
Read moreDecommissioning hardware is an important component of the storage lifecycle - and MinIO has you covered.
Read moreLearn how to secure data in transit, data at-rest and establish role-based access control policies in the first of a series of blog posts about securing MinIO.
Read moreAn overview of erasure coding, BitRot protection, encryption, immutability and versioning.
Read moreLearn how MinIO uses identity access management to protect objects stored across clouds.
Read moreTwo days ago, on Sep. 08, research teams from Germany and Israel published a joint research paper [https://raccoon-attack.com/RacoonAttack.pdf] describing another TLS timing attack - called Raccoon. This attack targets all TLS versions up to 1.2. The new attack [https://raccoon-attack.com/] exploits a timing side-channel during the TLS handshake when the Diffie-Hellman (DH) key exchange
Read moreMinIO supports a complete object locking framework offering both Legal Hold and Retention (with Governance and Compliance modes). Object Locking functionality is a requirement for many regulated industries from financial services to healthcare. Lifecycle management is an increasingly critical element in the data ecosystem. Data is the primary asset in most organizations at this point - more so than the
Read moreKES is a stateless and distributed key-management system for high-performance applications. We built KES as the bridge between modern applications - running as containers on Kubernetes - and centralized KMS solutions. Therefore, KES has been designed to be simple, scalable and secure by default.
Read moreSoftware isn't usually described as bombproof. Particularly the type of software that is responsible for large analytic jobs or machine learning workloads. The words “finicky”, “complex” or in the case of good marketing “professional grade” (meaning you need years of study and multiple certifications) are more common. Bombproof software, however, is one of the many benefits associated with
Read moreUnderstanding compression and the risks it presents in the compression-ratio side channel.
Read moreFixed possibility of authentication bypass against MinIO server Admin API
Read moreIntroduction Encrypting network traffic is becoming the default. There are standardized protocols like SSH and TLS as well as projects like Let’s Encrypt to protect data sent over the network. TLS for example takes a data stream, chunks the stream into messages and encrypts every message before sending it through the network. TLS ensures that each message is encrypted
Read moreIn this post, I explain how to use NGINX and NGINX Plus as a reverse proxy and load balancer for MinIO servers.
Read more