舉報 
會員
Learn Kubernetes Security
Kubernetesisanopensourceorchestrationplatformformanagingcontainerizedapplications.Despitewidespreadadoptionofthetechnology,DevOpsengineersmightbeunawareofthepitfallsofcontainerizedenvironments.Withthiscomprehensivebook,you'lllearnhowtousethedifferentsecurityintegrationsavailableontheKubernetesplatformtosafeguardyourdeploymentsinavarietyofscenarios.LearnKubernetesSecuritystartsbytakingyouthroughtheKubernetesarchitectureandthenetworkingmodel.You'llthenlearnabouttheKubernetesthreatmodelandgettogripswithsecuringclusters.Throughoutthebook,you'llcovervarioussecurityaspectssuchasauthentication,authorization,imagescanning,andresourcemonitoring.Asyouadvance,you'lllearnaboutsecuringclustercomponents(thekube-apiserver,CoreDNS,andkubelet)andpods(hardeningimage,securitycontext,andPodSecurityPolicy).Withthehelpofhands-onexamples,you'llalsolearnhowtouseopensourcetoolssuchasAnchore,Prometheus,OPA,andFalcotoprotectyourdeployments.BytheendofthisKubernetesbook,you'llhavegainedasolidunderstandingofcontainersecurityandbeabletoprotectyourclustersfromcyberattacksandmitigatecybersecuritythreats.
目錄(137章)
倒序
- 封面
- 版權信息
- Why subscribe?
- Foreword
- Contributors About the authors
- About the reviewer
- Packt is searching for authors like you
- Preface
- Section 1: Introduction to Kubernetes
- Chapter 1: Kubernetes Architecture
- The rise of Docker and the trend of microservices
- Kubernetes components
- Kubernetes objects
- Kubernetes variations
- Kubernetes and cloud providers
- Summary
- Questions
- Further reading
- Chapter 2: Kubernetes Networking
- Overview of the Kubernetes network model
- Communicating inside a pod
- Communicating between pods
- Introducing the Kubernetes service
- Introducing the CNI and CNI plugins
- Summary
- Questions
- Further reading
- Chapter 3: Threat Modeling
- Introduction to threat modeling
- Component interactions
- Threat actors in Kubernetes environments
- Threats in Kubernetes clusters
- Threat modeling application in Kubernetes
- Summary
- Questions
- Further reading
- Chapter 4: Applying the Principle of Least Privilege in Kubernetes
- The principle of least privilege
- Least privilege of Kubernetes subjects
- Least privilege for Kubernetes workloads
- Summary
- Questions
- Further reading
- Chapter 5: Configuring Kubernetes Security Boundaries
- Introduction to security boundaries
- Security boundaries versus trust boundaries
- Kubernetes security domains
- Kubernetes entities as security boundaries
- Security boundaries in the system layer
- Security boundaries in the network layer
- Summary
- Questions
- Further references
- Section 2: Securing Kubernetes Deployments and Clusters
- Chapter 6: Securing Cluster Components
- Securing kube-apiserver
- Securing kubelet
- Securing etcd
- Securing kube-scheduler
- Securing kube-controller-manager
- Securing CoreDNS
- Benchmarking a cluster's security configuration
- Summary
- Questions
- Further reading
- Chapter 7: Authentication Authorization and Admission Control
- Requesting a workflow in Kubernetes
- Kubernetes authentication
- Kubernetes authorization
- Admission controllers
- Introduction to OPA
- Summary
- Questions
- Further reading
- Chapter 8: Securing Kubernetes Pods
- Hardening container images
- Configuring the security attributes of pods
- The power of PodSecurityPolicy
- Summary
- Questions
- Further reading
- Chapter 9: Image Scanning in DevOps Pipelines
- Introducing container images and vulnerabilities
- Scanning images with Anchore Engine
- Integrating image scanning into the CI/CD pipeline
- Summary
- Questions
- Further references
- Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
- Real-time monitoring and management in monolith environments
- Managing resources in Kubernetes
- Monitoring resources in Kubernetes
- Summary
- Questions
- Further references
- Chapter 11: Defense in Depth
- Introducing Kubernetes auditing
- Enabling high availability in a Kubernetes cluster
- Managing secrets with Vault
- Detecting anomalies with Falco
- Conducting forensics with Sysdig Inspect and CRIU
- Summary
- Questions
- Further references
- Section 3: Learning from Mistakes and Pitfalls
- Chapter 12: Analyzing and Detecting Crypto-Mining Attacks
- Analyzing crypto-mining attacks
- Detecting crypto-mining attacks
- Defending against attacks
- Summary
- Questions
- Further reading
- Chapter 13: Learning from Kubernetes CVEs
- The path traversal issue in kubectl cp – CVE-2019-11246
- DoS issues in JSON parsing – CVE-2019-1002100
- A DoS issue in YAML parsing – CVE-2019-11253
- The Privilege escalation issue in role parsing – CVE-2019-11247
- Scanning for known vulnerabilities using kube-hunter
- Summary
- Questions
- Further references
- Assessments
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
- Chapter 12
- Chapter 13
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-18 18:32:55
推薦閱讀
- 審計學
- 審計學基礎
- Splunk:Enterprise Operational Intelligence Delivered
- 項目管理(第二版)
- 大數據搜索與挖掘及可視化管理方案 :Elastic Stack 5:Elasticsearch、Logstash、Kibana、X-Pack、Beats (第3版)
- 非線性經濟關系的建模
- Team Foundation Server 2013 Customization
- 審計基礎
- Salesforce Essentials for Administrators
- 審計全流程實操從入門到精通
- Minitab Cookbook
- Getting Started with Microsoft Lync Server 2013
- Implementing VMware Horizon 7.7
- Learn Power Query
- 中國國內生產總值核算問題研究
- Oracle Enterprise Manager 12c Administration Cookbook
- 審計學
- 中國重點經濟領域統計分析
- 審計學
- QlikView Scripting
- Instant VMware Player for Virtualization
- 內部審計:讓虛假數字無處藏身
- Learn Kubernetes Security
- 數量經濟研究(2019年第10卷/第3期)
- HP Vertica Essentials
- 企業內部審計實務詳解:審計程序+實戰技法+案例解析
- 統計學大師之路:喬治·博克斯回憶錄
- Implementing Citrix XenServer Quickstarter
- From Voices to Results:Voice of Customer Questions,Tools and Analysis
- 國民經濟核算理論與中國實踐
