As AWS (Amazon Web Services) is used by many companies worldwide, keeping cloud security by following safety measures are most important. Amazon Virtual Private Cloud (VPC) is a virtual network that enables you to launch AWS resources in a logically isolated section of the AWS Cloud. Ensuring the security of your VPC is paramount to protect your cloud-based infrastructure and applications. You can launch AWS resources in a logically isolated virtual network that you've defined.

Features of Amazon VPC: Creation of Virtual Private Clouds (VPCs), addition of subnets, IP addressing (IPv4 and IPv6), routing with route tables, gateways (internet and VPC endpoints), VPC peering connections, Traffic Mirroring, Transit Gateways for centralized routing, VPC Flow Logs for capturing IP traffic details, and VPN connections to link VPCs with on-premises networks using AWS Virtual Private Network (AWS VPN).

Safe Practices to keep Amazon VPC secure:

By incorporating these practices and leveraging the associated AWS services, you can establish a robust and secure foundation for your Virtual Private Cloud on AWS. Regularly review and update these configurations to adapt to evolving security requirements and best practices:

1. Multiple Availability Zones:

   When creating subnets for your VPC to host your application, it's crucial to distribute them across multiple Availability Zones. Availability Zones are isolated data centers within an AWS Region, each with its own power, networking, and connectivity. This design ensures high availability, fault tolerance, and scalability for your production applications. In the event of a failure in one Availability Zone, your application can seamlessly operate from resources in another, enhancing overall resilience. For more detailed information on setting up Amazon VPC across multiple Availability Zones, refer to the official Amazon VPC documentation.

2. Security Groups for EC2 Instances:

   Security Groups act as virtual firewalls at the instance level. They control inbound and outbound traffic to EC2 instances in your subnets. By configuring security groups, you can specify allowed traffic based on protocols, ports, and source/destination IP addresses. This provides a fine-grained control mechanism to enhance the security posture of your instances. For more details on setting up and managing security groups, consult the AWS Security Groups documentation.

3. Network ACLs for Subnet Traffic Control:

   Network Access Control Lists (NACLs) operate at the subnet level, allowing you to control inbound and outbound traffic. NACLs are stateless and use numbered rules to filter traffic. They offer an additional layer of security for your VPC, complementing the security groups associated with EC2 instances. Refer to the Control traffic to subnets using network ACLs documentation for comprehensive information on configuring and managing network ACLs.

4. IAM for Access Management:

   AWS Identity and Access Management (IAM) plays a critical role in managing access to resources within your VPC. With IAM, you can control access for federated identities, users, and roles. This granular control allows you to define who can access specific AWS resources, including those within your VPC. For detailed guidance on implementing IAM for VPC access management, consult the Identity and access management for Amazon VPC documentation.

5. VPC Flow Logs for Monitoring:

   VPC Flow Logs provide detailed insights into IP traffic going to and from your VPC, subnets, or network interfaces. By enabling VPC Flow Logs, you can monitor and analyze network traffic patterns, aiding in security analysis, troubleshooting, and compliance monitoring. To set up and configure VPC Flow Logs, refer to the VPC Flow Logs documentation.

6. Network Access Analyzer for Security Audits:

   AWS Network Access Analyzer is a tool that helps identify unintended network access to resources in your VPCs. It enables you to perform security audits and ensures that your network configurations align with your security policies. For detailed instructions on using Network Access Analyzer, refer to the Network Access Analyzer Guide.

7. AWS Network Firewall for Traffic Filtering:

   AWS Network Firewall is a managed service that allows you to monitor and protect your VPC by filtering inbound and outbound traffic. It provides an additional layer of security by inspecting and controlling traffic based on defined rules. For detailed information on setting up and configuring AWS Network Firewall, refer to the AWS Network Firewall Guide.

Thank you for reading this article, I hope this helps!

References:

• AWS Docs: https://docs.aws.amazon.com/vpc/latest/userguide/security.html

• https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html

AWS (Amazon Web Services) is a very popular cloud platform used by many of the enterprise software companies to manage, deploy and release their applications across cloud. In fact, I also use AWS daily at my work.

AWS has a service named AWS WAF (Web Application Firewall) which helps a user to protect against common web exploits and bots that that can affect availability, compromise security, or consume excessive resources. It also lets you monitor the HTTP(s) requests that are forwarded to your protected web application resources.

How AWS WAF works?

AWS WAF can control how protected resources respond to HTTP(S) web requests. This can be done by defining a web access control list (ACL) and then associating it with one or more web application resources that you want to protect. The associated resources forward incoming requests to AWS WAF for inspection by the web ACL.

In your web ACL, you create rules to define traffic patterns to look for in requests and to specify the actions to take on matching requests. It provides us with the following action choices for resource protection:

• Allow the requests to go to the protected resource for processing and response.

• Block the requests.

• Count the requests.

• Run CAPTCHA or challenge checks against requests to verify human users and standard browser use.

Components of AWS WAF :

The following are the central components of AWS WAF:

• Web ACLs – You use a web access control list (ACL) to protect a set of AWS resources. You create a web ACL and define its protection strategy by adding rules. Rules define criteria for inspecting web requests and they specify the action to take on requests that match their criteria. You also set a default action for the web ACL that indicates whether to block or allow through any requests that the rules haven't already blocked or allowed. For more information about web ACLs, see WAF Web access control lists (web ACLs).

  A web ACL is an AWS WAF resource.

• Rules – Each rule contains a statement that defines the inspection criteria, and an action to take if a web request meets the criteria. When a web request meets the criteria, that's a match. You can configure rules to block matching requests, allow them through, count them, or run bot controls against them that use CAPTCHA puzzles or silent client browser challenges. For more information about rules, see AWS WAF rules.

  A rule is not an AWS WAF resource. It only exists in the context of a web ACL or rule group.

• Rule groups – You can define rules directly inside a web ACL or in reusable rule groups. AWS Managed Rules and AWS Marketplace sellers provide managed rule groups for your use. You can also define your own rule groups. For more information about rule groups, see AWS WAF Rule groups.

  A rule group is an AWS WAF resource.

AWS WAF Bot Control:

With Bot Control, you have the capability to effortlessly monitor, block, or impose rate limits on various types of bots, including scrapers, scanners, crawlers, status monitors, and search engines. When employing the targeted inspection level within the rule group, there is also the option to issue challenges to bots that do not self-identify, thereby increasing the difficulty and cost for malicious bots attempting to exploit your website. You can secure your applications by utilizing the Bot Control managed rule group independently or in conjunction with other AWS Managed Rules rule groups and your customized AWS WAF rules.

For more information about the Bot Control managed rule group, see AWS WAF Bot Control rule group.

AWS WAF Fraud Control account creation fraud prevention (ACFP):

Account creation fraud is an online illegal activity in which an attacker tries to create one or more fake accounts. Attackers use fake accounts for fraudulent activities such as abusing promotional and sign up bonuses, impersonating someone, and cyberattacks like phishing. The presence of fake accounts can negatively impact your business by damaging your reputation with customers and exposure to financial fraud. AWS WAF offers this feature in the AWS Managed Rules rule group AWSManagedRulesACFPRuleSet with companion application integration SDKs.

ACFP protects your account sign-up pages by monitoring account sign-up requests for anomalous activity and by automatically blocking suspicious requests. The rule group uses request identifiers, behavioral analysis, and machine learning to detect fraudulent requests.

• Request inspection – ACFP gives you visibility and control over anomalous account creation attempts and attempts that use stolen credentials, to prevent the creation of fraudulent accounts.

• Response inspection – For CloudFront distributions, in addition to inspecting incoming account creation requests, the ACFP rule group inspects your application's responses to account creation attempts, to track success and failure rates.

AWS WAF Fraud Control account takeover prevention (ATP):

Account takeover is an online illegal activity in which an attacker gains unauthorized access to a person's account. The attacker might do this in a number of ways, such as using stolen credentials or guessing the victim's password through a series of attempts. When the attacker gains access, they might steal money, information, or services from the victim. AWS WAF offers this feature in the AWS Managed Rules rule group AWSManagedRulesATPRuleSet and companion application integration SDKs.

The ATP managed rule group labels and manages requests that might be part of malicious account takeover attempts. The rule group does this by inspecting login attempts that clients send to your application's login endpoint.

• Request inspection – ATP gives you visibility and control over anomalous login attempts and login attempts that use stolen credentials, to prevent account takeovers that might lead to fraudulent activity.

• Response inspection – For CloudFront distributions, in addition to inspecting incoming login requests, the ATP rule group inspects your application's responses to login attempts, to track success and failure rates.

AWS WAF can protect these resources:

• Amazon CloudFront distributions:

  AWS WAF web ACL can be associated with a CloudFront distribution using the AWS WAF console or APIs. You can also associate a web ACL with a CloudFront distribution when you create or update the distribution itself. To configure an association in AWS CloudFormation, you must use the CloudFront distribution configuration

• Regional resources:

  You can protect regional resources in all Regions where AWS WAF is available. You can use AWS WAF to protect the following regional resource types:

  • Amazon API Gateway REST API

  • Application Load Balancer

  • AWS AppSync GraphQL API

  • Amazon Cognito user pool

  • AWS App Runner service

  • AWS Verified Access instance

• Restrictions on multiple resource associations:

  single web ACL can be associated with one or more AWS resources, with the following restrictions:

  • You can associate each AWS resource with only one web ACL. The relationship between web ACL and AWS resources is one-to-many.

  • You can associate a web ACL with one or more CloudFront distributions. You cannot associate a web ACL that you have associated with a CloudFront distribution with any other AWS resource type.

References:

• AWS Docs: https://docs.aws.amazon.com/waf/latest/developerguide/how-aws-waf-works.html

• Cover image: https://stepstocloud.com/what-is-aws-waf/

Cryptocurrency has been a popular topic of conversation for a good number of years, but in the most recent years, its awareness has skyrocketed. What was formerly an alternative investment that was only available to speculators is now being publicly considered a feasible choice for a piece of the portfolio of every investor, even in retirement funds. This includes the possibility of investing in cryptocurrencies.

Ways to store Cryptocurrency:

1. Paper Wallets:

Cold storage is the typical category for paper wallets. It's a real duplicate of your public and private keys, such as a printout on paper. There is a good chance that you'll feel safe with one of them. Money may be transferred from a paper wallet to a digital one using a software client or a QR code scan.

2. Online Wallets:

Online wallets, by an understanding of the term, are hot. With a cloud wallet, your money is always within reach, regardless of where you are or what device you're using. They're quite handy, but they keep your private keys online, where they're vulnerable to hackers.

3. Desktop Wallets:

Desktop wallet software may be installed on a desktop computer, laptop, tablet, or mobile phone. It's safe to say that their money is in high demand. Desktop and mobile wallets are both quite safe, but you still need to take precautions to avoid getting infected.

4. Hardware Wallets:

Hardware wallets store your private keys on an external device like a USB. They're completely ice cold and safe there. Further, they may also pay through the internet. Some hardware wallets may be accessed through a web interface and can store a variety of different cryptocurrencies.

Ways to save Cryptocurrency Wallets from attackers:

1. Multi-Signature(multisig) in wallets:

When a user wishes to transfer money from their crypto wallet, they must first generate and sign a transaction. The signature essentially signifies the user's confirmation as the owner of the money, as well as ownership of keys to manage the assets. Most importantly, the signature suggests the user's permission for the transaction. For signing transactions, most cryptocurrency wallets need just one signature. A "multisig" wallet, on the other hand, is significantly different since it is shared by two or more users, and transactions with the wallet need signatures from all users.

2. Backup wallet regularly:

To prevent losing your whole bitcoin holdings, it's important to make frequent backups. The only way to get the money out of a digital wallet if the computer fails is if you have a history of backups. If you want to be safe, you should copy all of your wallet.dat files and then disperse those copies to several safe places (like on a USB, on the hard drive, and on CDs). Additionally, ensure that the backup has a secure password.

3. Use 2FA Authentication:

Always use two-factor authentication to protect your online accounts. Always choose software or hardware 2FA tools over SMS if available. Two-factor authentication (2FA) is an additional security measure used to verify the identity of account login requests. As a first step, a user must provide their login credentials. When this happens, they won't be granted access right once but will have to provide further information.

4. Update Software regularly:

Update your software regularly. If your bitcoin wallet is using outdated software, you might be an easy target for hackers. Keeping your bitcoins safer is a priority, which is why you should always use the most recent version of wallet software. When using the most recent software, you have a better chance of avoiding a major crisis due to the wallet's increased security.

5. Beware of Phishing methods:

Phishing is a kind of social engineering assault that is often used to obtain user information, such as login passwords and credit card details. It happens when an attacker, acting as a trustworthy entity, dupes a victim into opening an email, instant message, or text message. Next, a dangerous link is deceived into being clicked by the recipient. This may cause malware to be installed on the recipient's computer, a ransomware assault to lock it down, or the disclosure of private data.

Project Overview: Pidgin's primary use case is that it acts as a messaging client for multiple chat networks. This project proposal aims to ease the account creation/edit process through an assistant that uses a GtkAssistant based flow and creating gtk widgets for each page.

Project Goals: The present account creation process seems a bit intimidating to the non-technical users, so this project idea would focus on making the account adding process easier for everyone. This assistant would help users to add their accounts into pidgin with the protocol of their choice. This assistant would have multiple pages made up of gtk widgets which would guide a user in adding their account. Introducing this feature would attract more users to add their accounts in Pidgin with ease.

Page 1 of the Account Assistant (Protocol Page):

File Structure:

Page 2 & Page 3 Wireframes: (Shown to Mentor in the last Google meet)

Page 2 of Account Assistant (Account adding page):

XML file UI of the second page of assistant made using Glade

How I got started with Open Source?

It was in the month of October 2019, when I went to a local meetup of Hacktoberfest at Chennai where I met Mr. Anirudh S (who was a GSoC’11 student for Wordpress). He introduced me to Open Source for the first time and also cleared my doubts regarding that, he also motivated me to contribute to Open Source organisations, solving issues and trying something new with the code.

After that I contributed to various organisations like LBRY, UNO Platform and more, though they were small edits in the documentation, but they were good to start and getting familiarity with the Open Source.

After few months, I contributed to GatsbyJs as a translator for German language, I even got a invite to join the organisation as a part of Maintaining Team until they revoke the program after August 2020.

After that I participated in GirlScript Summer of Code, contributed to Ovuli, an app to track the menstrual cycle in women, and also mentored students in StudentCodein (3-month Open Source program)

Journey to GSoC

I wanted to participate in GSoC since 2020, but I didn't get a chance to do so. So, I wanted to participate in Google Summer of Code anyhow, because it is one of the excellent opportunity to learn from, work and contribute to the huge Open Source projects which can have a enormous impact on the community and the users.

I joined a Open Source Community named "HypnOS" maintained by Sahil Jha, Ayush Bhardwaj and Kaushlendra. This community helped me a lot with my questions, doubts, and also the proposal review.

In the month of February 2021, I got accepted as an Open Source Fellow at HackIllinois Fellowship, where I contributed to LLVM Compiler Infrastucture under the mentorship of Michael Kruse (maintainer of Polly).

I contributed to the Polly, which is polyhedral loop optimiser for LLVM, and became an Outstanding Contributor to that project, whom were announced during the closing ceremony of Fellowship.

I was interested in linux, so I choose to contribute into the GNOME Foundation, I saw a variety of projects at GNOME, some are written in C, Vala, Rust, and more. I only have knowledge about C language and also started learning about GTK, then I contributed to Nautilus(File Manager of GNOME), and was making myself familiar to Nautilus's code base.

i wanted to participate into GSoC with GNOME as org and Nautilus as the project, but when the project list for GSoC was released, Nautilus was not in the list.

I kept on searching for the organisations with C and GTK as the tech stack and finally found Pidgin on the GSoC org page.

My Experience with Pidgin & Community

Pidgin is an universal chat client app which was first released during the late 1990's, written in C & GTK. It is available for Linux, Windows, FreeBSD, and MacOS.

I joined the Pidgin Discord community having around 1k members, where I met Gary Kramlich who is my mentor for GSoC, also the lead developer at Pidgin and other community members as well.

I indulged into the development of Pidgin with the Contributing guide, which also requires a user to install lots of dependencies to build and run the project manually on their system.

The community members and the core developers helped me a lot with building Pidgin at my locally on my system.

I also learnt the development of GTK widgets here, with the help from the community devs at Pidgin.

Google Summer of Code Acceptance

On May 17, 11:12 PM IST, I received this email that my proposal was accepted. I was so excited as it happened to be dream come true moment for me :D

My GSoC Project: Pidgin Account Assistant

My project this summer is to build an Account Assistant to improve the current on boarding process for Pidgin users.

I chose this project because there is a huge impact attached with it. The current account adding process is quite intimidating to the users of non-tech background and they face difficulties while adding their account. I hope to solve the problem this summer.

Thanks for reading!

Well lets talk about adding fingerprint(Touch ID) security in your mobile app.

In this tutorial, we'll be using the react-native-fingerprint-scanner package for securing our mobile app. You can visit here for npm package.

Step 1: Enable Fingerprint in your mobile device:

1. For iOS:

• Tap Settings > Touch ID & Passcode, then enter your passcode.
• Tap Add a Fingerprint and hold your device as you normally would when touching the Touch ID sensor.

2. For Android Phones:

• Samsung: Navigate to Settings, then tap Biometrics and security, and then tap Fingerprints.
• OnePlus: Navigating to the Security & lockscreen menu, locate the Fingerprint list subheading
• Motorola: Touch Settings > Security & Location, and touch Fingerprint.

Step 2: Installing the package:

npm i react-native-fingerprint-scanner

OR

yarn add react-native-fingerprint-scanner

Linking the library to app:

• For RN >= 0.60:

$ cd ios && pod install

• For RN < 0.60, use react-native link to add the library to your project:

$ react-native link react-native-fingerprint-scanner

Step 3: Adding app permission:

• Android:

In your AndroidManifest.xml: (API level 28+)

<uses-permission android:name="android.permission.USE_BIOMETRIC" />

• iOS:

In your Info.plist:

<key>NSFaceIDUsageDescription</key>
<string>$(PRODUCT_NAME) requires FaceID access to allows you quick and secure access.</string>

Make sure the following versions are all correct in android/app/build.gradle

// API v29 enables FaceId
android {
    compileSdkVersion 29
    buildToolsVersion "29.0.2"
...
    defaultConfig {
      targetSdkVersion 29

Step 4: Testing the code in app using fingerprint

You can test the fingerprint(Touch ID) by following code.

• iOS:

import React, { Component } from 'react';
import PropTypes from 'prop-types';
import { AlertIOS } from 'react-native';
import FingerprintScanner from 'react-native-fingerprint-scanner';

class FingerprintPopup extends Component {

  componentDidMount() {
    FingerprintScanner
      .authenticate({ description: 'Scan your fingerprint on the device scanner to continue' })
      .then(() => {
        this.props.handlePopupDismissed();
        AlertIOS.alert('Authenticated successfully');
      })
      .catch((error) => {
        this.props.handlePopupDismissed();
        AlertIOS.alert(error.message);
      });
  }

  render() {
    return false;
  }
}

FingerprintPopup.propTypes = {
  handlePopupDismissed: PropTypes.func.isRequired,
};

export default FingerprintPopup;

• Android:

import React, { Component } from 'react';
import PropTypes from 'prop-types';
import {
  Alert,
  Image,
  Text,
  TouchableOpacity,
  View,
  ViewPropTypes,
  Platform,
} from 'react-native';

import FingerprintScanner from 'react-native-fingerprint-scanner';
import styles from './FingerprintPopup.component.styles';
import ShakingText from './ShakingText.component';


// - this example component supports both the
//   legacy device-specific (Android < v23) and
//   current (Android >= 23) biometric APIs
// - your lib and implementation may not need both
class BiometricPopup extends Component {
  constructor(props) {
    super(props);
    this.state = {
      errorMessageLegacy: undefined,
      biometricLegacy: undefined
    };

    this.description = null;
  }

  componentDidMount() {
    if (this.requiresLegacyAuthentication()) {
      this.authLegacy();
    } else {
      this.authCurrent();
    }
  }

  componentWillUnmount = () => {
    FingerprintScanner.release();
  }

  requiresLegacyAuthentication() {
    return Platform.Version < 23;
  }

  authCurrent() {
    FingerprintScanner
      .authenticate({ title: 'Log in with Biometrics' })
      .then(() => {
        this.props.onAuthenticate();
      });
  }

  authLegacy() {
    FingerprintScanner
      .authenticate({ onAttempt: this.handleAuthenticationAttemptedLegacy })
      .then(() => {
        this.props.handlePopupDismissedLegacy();
        Alert.alert('Fingerprint Authentication', 'Authenticated successfully');
      })
      .catch((error) => {
        this.setState({ errorMessageLegacy: error.message, biometricLegacy: error.biometric });
        this.description.shake();
      });
  }

  handleAuthenticationAttemptedLegacy = (error) => {
    this.setState({ errorMessageLegacy: error.message });
    this.description.shake();
  };

  renderLegacy() {
    const { errorMessageLegacy, biometricLegacy } = this.state;
    const { style, handlePopupDismissedLegacy } = this.props;

    return (
      <View style={styles.container}>
        <View style={[styles.contentContainer, style]}>

          <Image
            style={styles.logo}
            source={require('./assets/finger_print.png')}
          />

          <Text style={styles.heading}>
            Biometric{'\n'}Authentication
          </Text>
          <ShakingText
            ref={(instance) => { this.description = instance; }}
            style={styles.description(!!errorMessageLegacy)}>
            {errorMessageLegacy || `Scan your ${biometricLegacy} on the\ndevice scanner to continue`}
          </ShakingText>

          <TouchableOpacity
            style={styles.buttonContainer}
            onPress={handlePopupDismissedLegacy}
          >
            <Text style={styles.buttonText}>
              BACK TO MAIN
            </Text>
          </TouchableOpacity>

        </View>
      </View>
    );
  }


  render = () => {
    if (this.requiresLegacyAuthentication()) {
      return this.renderLegacy();
    }

    // current API UI provided by native BiometricPrompt
    return null;
  }
}

BiometricPopup.propTypes = {
  onAuthenticate: PropTypes.func.isRequired,
  handlePopupDismissedLegacy: PropTypes.func,
  style: ViewPropTypes.style,
};

export default BiometricPopup;

• Screenshot: Taken from the docs

Step 5: Using the appropriate APIs:

• For iOS & Android (common): isSensorAvailable(): Starts Fingerprint authentication on iOS

  • Returns a Promise<string>
  • biometryType: String - The type of biometric authentication supported by the device.
    1. iOS: biometryType = 'Touch ID', 'Face ID'
    2. Android: biometryType = 'Biometrics'
  • error: FingerprintScannerError { name, message, biometric } - The name and message of failure and the biometric type in use.

componentDidMount() {
  FingerprintScanner
    .isSensorAvailable()
    .then(biometryType => this.setState({ biometryType }))
    .catch(error => this.setState({ errorMessage: error.message }));
}

• For iOS: authenticate({ description, fallbackEnabled })

  • Returns a Promise
  • description: String - the string to explain the request for user authentication.
  • fallbackEnabled: Boolean - default to true, whether to display fallback button (e.g. Enter Password).

componentDidMount() {
  FingerprintScanner
    .authenticate({ description: 'Scan your fingerprint on the device scanner to continue' })
    .then(() => {
      this.props.handlePopupDismissed();
      AlertIOS.alert('Authenticated successfully');
    })
    .catch((error) => {
      this.props.handlePopupDismissed();
      AlertIOS.alert(error.message);
    });
}

• For Android:

• authenticate({ title="Log In", subTitle, description, cancelButton="Cancel", onAttempt=() => (null) }): Starts Fingerprint authentication

  • Returns a Promise
  • title: String the title text to display in the native Android popup
  • subTitle: String the sub title text to display in the native Android popup
  • description: String the description text to display in the native Android popup
  • cancelButton: String the cancel button text to display in the native Android popup
  • onAttempt: Function - a callback function when users are trying to scan their fingerprint but failed.

componentDidMount() {
  if (requiresLegacyAuthentication()) {
    authLegacy();
  } else {
    authCurrent();
  }
}

componentWillUnmount = () => {
  FingerprintScanner.release();
}

requiresLegacyAuthentication() {
  return Platform.Version < 23;
}

authCurrent() {
  FingerprintScanner
    .authenticate({ title: 'Log in with Biometrics' })
    .then(() => {
      this.props.onAuthenticate();
    });
}

authLegacy() {
  FingerprintScanner
    .authenticate({ onAttempt: this.handleAuthenticationAttemptedLegacy })
    .then(() => {
      this.props.handlePopupDismissedLegacy();
      Alert.alert('Fingerprint Authentication', 'Authenticated successfully');
    })
    .catch((error) => {
      this.setState({ errorMessageLegacy: error.message, biometricLegacy: error.biometric });
      this.description.shake();
    });
}

handleAuthenticationAttemptedLegacy = (error) => {
  this.setState({ errorMessageLegacy: error.message });
  this.description.shake();
};

1. release(): Stops fingerprint scanner listener, cancels native prompt if visible.

   • Returns a Void

componentWillUnmount() {
  FingerprintScanner.release();
}

By reading this blog, I'm pretty sure that you'll be able to implement Fingerprint(Touch ID) in your React Native app. If you face any error while implementing, you can always have a look at docs here .

Cover GIF Credits: Gfycat

A Kubernetes cluster is a set of nodes that run containerized applications. Containerizing applications packages an app with its dependences and some necessary services. They are more lightweight and flexible than virtual machines. In this way, Kubernetes clusters allow for applications to be more easily developed, moved and managed.

Kubernetes clusters allow containers to run across multiple machines and environments: virtual, physical, cloud-based, and on-premises. Kubernetes containers are not restricted to a specific operating system, unlike virtual machines. Instead, they are able to share operating systems and run anywhere.

Controlling access to the Kubernetes API:

As Kubernetes is entirely API driven, controlling and limiting who can access the cluster and what actions they are allowed to perform is the first line of defense.

• Using the Transport Layer Security (TLS) for all API traffic:

The default encryption of the API for Kubernetes is done through the TLS, some components and installation methods may enable local ports over HTTP and administrators should familiarize themselves with the settings of each component to identify potentially unsecured traffic.

• API Authentication:

API authentication that gives applications with the ability to communicate with API server to provide access. When a user logs into the system, it requests authentication in the form of a token. All API clients must be authenticated, even those that are part of the infrastructure like nodes, proxies, the scheduler, and volume plugins.

Limiting resource usage on a cluster:

When several users or teams share a cluster with a fixed number of nodes, there is a concern that one team could use more than its fair share of resources.

Resource quotas are a tool for administrators to address this concern.

A resource quota, defined by a ResourceQuota object, provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that namespace.

Limiting ranges would prevent users from requesting unreasonably high or low values for commonly reserved resources like memory, or to provide default limits when none are specified.

Restricting network access:

The attack on the Cluster through a network could be an external one, for this purpose, we need network policies .

The network policies for a namespace allows application authors to restrict which pods in other namespaces may access pods and ports within their namespaces. Many of the supported Kubernetes networking providers now respect network policy.

Enabling audit logging:

Audit logger records actions taken by the API for later analysis in the event of a compromise. It is recommended to enable audit logging and archive the audit file on a secure server.

Summary:

Securing Kubernetes is not a easy task, one should know how to use different tools and techniques to secure the Kubernetes Cluster.

Kubernetes documentation provides more information on how to secure clusters. Most of the content of this blog is taken from the official Kubernetes docs.

Auth0: Auth0 secures more than 100 million logins each day. Auth0 provides the simplicity, extensibility, and expertise to scale and protect identities in any application, for any audience. Also, auth0 is the first identity management platform for application builders, and the only identity solution needed for custom-built applications.

Now, let's move further to the integration part.

Step 1: Create an Application in the Auth0 Dashboard

Go to the Auth0 Dashboard and Create an Application

Give a name to your app and select the app. type

Select React Native from the listed Technologies

Step 2: Configure the App with Auth0

Go to the Application Settings section in the Auth0 Dashboard

Get the Client ID and Domain from the panel

Step 2: Installing Dependencies

Install the dependencies of the React Native Auth0 module.

Yarn:

$ yarn add react-native-auth0

npm:

$ npm install react-native-auth0

Provide a way for users to log in. You can do this with the Auth0 hosted login page.

The login page looks similar to the image below.

Step 3: Integrate Auth0 into your app

Go to android/app/src/main/AndroidManifest.xml, and make sure that the activity you are going to receive the authentication on has a launch mode value of singleTask and that it declares the following intent filter.

<intent-filter>
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data
        android:host="MY_DOMAIN"
        android:pathPrefix="/android/${applicationId}/callback"
        android:scheme="${applicationId}" />
</intent-filter>

So the MainActivity looks like this:

Step 4: Configure Callback URLs:

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.

The callback URL for your app must be added to the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.

callback URL:

$ {YOUR_APP_PACKAGE_NAME}://{MY_DOMAIN}/android/{YOUR_APP_PACKAGE_NAME}/callback

Remember to replace {YOUR_APP_PACKAGE_NAME} and {MY_DOMAIN} with your actual application's package name and Domain.

Step 5: Configure logout URL:

A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the returnTo query parameter.

The logout URL for your app must be added to the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.

logout URL:

$ {YOUR_APP_PACKAGE_NAME}://{MY_DOMAIN}/android/{YOUR_APP_PACKAGE_NAME}/callback

Remember to replace {YOUR_APP_PACKAGE_NAME} and {MY_DOMAIN} with your actual application's package name and Domain.

Step 6: Add authentication with Auth0 in your app:

First, import the Auth0 module and create a new Auth0 instance.

$ import Auth0 from 'react-native-auth0';
$ const auth0 = new Auth0({ domain: 'MY_DOMAIN', clientId: 'CLIENT_ID' });

Then present the hosted login screen, like this:

Upon successful authentication the user's credentials will be returned, containing an access_token, an id_token and an expires_in value.

Step 6: Log the user out:

To log the user out, redirect them to the Auth0 log out endpoint by calling clearSession. This will remove their session from the authorization server. After this happens, remove the Access Token from the state.

auth0.webAuth
    .clearSession({})
    .then(success => {
        Alert.alert(
            'Logged out!'
        );
        this.setState({ accessToken: null });
    })
    .catch(error => {
        console.log('Log out cancelled');
    });

Thanks a lot for reaching here and reading this blog. If you face any difficulties you can always have a look at the Auth0 documentation.