Still doesn’t protect you against hardware based backdoors, or other types of backdoors like memory injection or supply chain, to get data on the fly
> When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel
Any info what’s the period of time doing so? Do you provision them every day, week? An hour maybe? The more the period the less chance of some attack vectors.
> When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel
Any info what’s the period of time doing so? Do you provision them every day, week? An hour maybe? The more the period the less chance of some attack vectors.