舉報(bào) 
會(huì)員
Learn Kubernetes Security
Kubernetesisanopensourceorchestrationplatformformanagingcontainerizedapplications.Despitewidespreadadoptionofthetechnology,DevOpsengineersmightbeunawareofthepitfallsofcontainerizedenvironments.Withthiscomprehensivebook,you'lllearnhowtousethedifferentsecurityintegrationsavailableontheKubernetesplatformtosafeguardyourdeploymentsinavarietyofscenarios.LearnKubernetesSecuritystartsbytakingyouthroughtheKubernetesarchitectureandthenetworkingmodel.You'llthenlearnabouttheKubernetesthreatmodelandgettogripswithsecuringclusters.Throughoutthebook,you'llcovervarioussecurityaspectssuchasauthentication,authorization,imagescanning,andresourcemonitoring.Asyouadvance,you'lllearnaboutsecuringclustercomponents(thekube-apiserver,CoreDNS,andkubelet)andpods(hardeningimage,securitycontext,andPodSecurityPolicy).Withthehelpofhands-onexamples,you'llalsolearnhowtouseopensourcetoolssuchasAnchore,Prometheus,OPA,andFalcotoprotectyourdeployments.BytheendofthisKubernetesbook,you'llhavegainedasolidunderstandingofcontainersecurityandbeabletoprotectyourclustersfromcyberattacksandmitigatecybersecuritythreats.
目錄(137章)
倒序
- 封面
- 版權(quán)信息
- Why subscribe?
- Foreword
- Contributors About the authors
- About the reviewer
- Packt is searching for authors like you
- Preface
- Section 1: Introduction to Kubernetes
- Chapter 1: Kubernetes Architecture
- The rise of Docker and the trend of microservices
- Kubernetes components
- Kubernetes objects
- Kubernetes variations
- Kubernetes and cloud providers
- Summary
- Questions
- Further reading
- Chapter 2: Kubernetes Networking
- Overview of the Kubernetes network model
- Communicating inside a pod
- Communicating between pods
- Introducing the Kubernetes service
- Introducing the CNI and CNI plugins
- Summary
- Questions
- Further reading
- Chapter 3: Threat Modeling
- Introduction to threat modeling
- Component interactions
- Threat actors in Kubernetes environments
- Threats in Kubernetes clusters
- Threat modeling application in Kubernetes
- Summary
- Questions
- Further reading
- Chapter 4: Applying the Principle of Least Privilege in Kubernetes
- The principle of least privilege
- Least privilege of Kubernetes subjects
- Least privilege for Kubernetes workloads
- Summary
- Questions
- Further reading
- Chapter 5: Configuring Kubernetes Security Boundaries
- Introduction to security boundaries
- Security boundaries versus trust boundaries
- Kubernetes security domains
- Kubernetes entities as security boundaries
- Security boundaries in the system layer
- Security boundaries in the network layer
- Summary
- Questions
- Further references
- Section 2: Securing Kubernetes Deployments and Clusters
- Chapter 6: Securing Cluster Components
- Securing kube-apiserver
- Securing kubelet
- Securing etcd
- Securing kube-scheduler
- Securing kube-controller-manager
- Securing CoreDNS
- Benchmarking a cluster's security configuration
- Summary
- Questions
- Further reading
- Chapter 7: Authentication Authorization and Admission Control
- Requesting a workflow in Kubernetes
- Kubernetes authentication
- Kubernetes authorization
- Admission controllers
- Introduction to OPA
- Summary
- Questions
- Further reading
- Chapter 8: Securing Kubernetes Pods
- Hardening container images
- Configuring the security attributes of pods
- The power of PodSecurityPolicy
- Summary
- Questions
- Further reading
- Chapter 9: Image Scanning in DevOps Pipelines
- Introducing container images and vulnerabilities
- Scanning images with Anchore Engine
- Integrating image scanning into the CI/CD pipeline
- Summary
- Questions
- Further references
- Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
- Real-time monitoring and management in monolith environments
- Managing resources in Kubernetes
- Monitoring resources in Kubernetes
- Summary
- Questions
- Further references
- Chapter 11: Defense in Depth
- Introducing Kubernetes auditing
- Enabling high availability in a Kubernetes cluster
- Managing secrets with Vault
- Detecting anomalies with Falco
- Conducting forensics with Sysdig Inspect and CRIU
- Summary
- Questions
- Further references
- Section 3: Learning from Mistakes and Pitfalls
- Chapter 12: Analyzing and Detecting Crypto-Mining Attacks
- Analyzing crypto-mining attacks
- Detecting crypto-mining attacks
- Defending against attacks
- Summary
- Questions
- Further reading
- Chapter 13: Learning from Kubernetes CVEs
- The path traversal issue in kubectl cp – CVE-2019-11246
- DoS issues in JSON parsing – CVE-2019-1002100
- A DoS issue in YAML parsing – CVE-2019-11253
- The Privilege escalation issue in role parsing – CVE-2019-11247
- Scanning for known vulnerabilities using kube-hunter
- Summary
- Questions
- Further references
- Assessments
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
- Chapter 12
- Chapter 13
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時(shí)間:2021-06-18 18:32:55
推薦閱讀
- 審計(jì)全流程技術(shù)操作實(shí)務(wù)指南
- 自愿審計(jì)動(dòng)機(jī)與質(zhì)量研究:基于我國(guó)中期財(cái)務(wù)報(bào)告審計(jì)的經(jīng)驗(yàn)證據(jù)
- Pentaho Business Analytics Cookbook
- Magento 2 Cookbook
- 中國(guó)特色社會(huì)主義國(guó)家審計(jì)制度研究
- 項(xiàng)目管理(第二版)
- 大數(shù)據(jù)搜索與挖掘及可視化管理方案 :Elastic Stack 5:Elasticsearch、Logstash、Kibana、X-Pack、Beats (第3版)
- vSphere Design Best Practices
- 2017年度注冊(cè)會(huì)計(jì)師全國(guó)統(tǒng)一考試專用教材(圖解版):審計(jì)
- 內(nèi)審兵法
- 政策建模技術(shù):CGE模型的理論與實(shí)現(xiàn)
- 內(nèi)審人員進(jìn)階之道:內(nèi)部審計(jì)操作實(shí)務(wù)與案例解析
- QlikView for Developers Cookbook
- 財(cái)務(wù)會(huì)計(jì)習(xí)題集
- 審計(jì)實(shí)務(wù)
- Windows Server 2016 Administration Fundamentals
- TIBCO Spotfire for Developers
- PowerShell Troubleshooting Guide
- Mastering Microsoft Dynamics NAV 2016
- QlikView Scripting
- Instant VMware Player for Virtualization
- Microsoft Dynamics AX 2012 R2 Services
- 統(tǒng)計(jì)分析與數(shù)據(jù)解讀
- Getting Started with BizTalk Services
- 審計(jì)教學(xué)案例精選
- Mastering Parallel Programming with R
- Learning Tableau 2020
- 環(huán)境審計(jì)深化甘孜州生態(tài)文明建設(shè)中的運(yùn)行機(jī)制及治理效率研究
- 增值型內(nèi)部審計(jì):提升經(jīng)營(yíng)效率、強(qiáng)化風(fēng)險(xiǎn)管理、促進(jìn)價(jià)值再造
- 21世紀(jì)經(jīng)濟(jì)學(xué)研究生規(guī)劃教材:空間計(jì)量經(jīng)濟(jì)學(xué)
