How to Protect Your Infrastructure Against the Basic Attacker (opens in new tab)

(blog.mailgun.com)

7 pointsjrodom10y ago3 comments

3 comments

3 comments · 2 top-level

bifrost10y ago· 1 in thread

I think it should be pointed out that automatic upgrades tend to break things and potentially introduce new security vulnerabilites when updates haven't been QAed properly. Its good advice for the average user, but bad advice for environments where things need to be change controlled. It can also cause alerts in certain host based intrusion detection systems if not coordinated so its really best to be wary of that.

russjones10y ago

This is a good point. That's why we recommend either a robust CI/CD system (with good test coverage) or manually applying updates to a staging environment where you can test if the updates broke anything end-to-end before you roll them out to customers.

russjones10y ago

Author of the post here, happy to answer any questions or provide more details about our recommendations.

j / k navigate · click thread line to collapse