Cloud Native Security

Name: Cloud Native Security
Brand: Wiley-Scrivener
Price: 25.99 EUR
Availability: OnlineOnly

Chris Binnie Rory McCune(Author)

Wiley-Scrivener (Publisher)

1st Edition

Published on 17. June 2021

336 pages

E-Book

PDF with Adobe-DRM

System requirements

978-1-119-82453-4 (ISBN)

€25.99incl. 7% vat

System requirements

for PDF with Adobe-DRM

E-Book Single Licence

Available for download

Description

More details

Other editions

Persons

Content

Cover
Title Page
Copyright Page
About the Authors
About the Technical Editor
Contents at a Glance
Contents
Introduction
Meeting the Challenge
What Does This Book Cover?
A Few Conventions
Companion Download Files
How to Contact the Publisher
Part I Container and Orchestrator Security
Chapter 1 What Is A Container?
Common Misconceptions
Container Components
Kernel Capabilities
Other Containers
Summary
Chapter 2 Rootless Runtimes
Docker Rootless Mode
Installing Rootless Mode
Running Rootless Podman
Setting Up Podman
Summary
Chapter 3 Container Runtime Protection
Running Falco
Configuring Rules
Changing Rules
Macros
Lists
Getting Your Priorities Right
Tagging Rulesets
Outputting Alerts
Summary
Chapter 4 Forensic Logging
Things to Consider
Salient Files
Breaking the Rules
Key Commands
The Rules
Parsing Rules
Monitoring
Ordering and Performance
Summary
Chapter 5 Kubernetes Vulnerabilities
Mini Kubernetes
Options for Using kube-hunter
Deployment Methods
Scanning Approaches
Hunting Modes
Container Deployment
Inside Cluster Tests
Minikube vs. kube-hunter
Getting a List of Tests
Summary
Chapter 6 Container Image CVEs
Understanding CVEs
Trivy
Getting Started
Exploring Anchore
Clair
Secure Registries
Summary
Part II DevSecOps Tooling
Chapter 7 Baseline Scanning (or, Zap Your Apps)
Where to Find ZAP
Baseline Scanning
Scanning Nmap's Host
Adding Regular Expressions
Summary
Chapter 8 Codifying Security
Security Tooling
Installation
Simple Tests
Example Attack Files
Summary
Chapter 9 Kubernetes Compliance
Mini Kubernetes
Using kube-bench
Troubleshooting
Automation
Summary
Chapter 10 Securing Your Git Repositories
Things to Consider
Installing and Running Gitleaks
Installing and Running GitRob
Summary
Chapter 11 Automated Host Security
Machine Images
Idempotency
Secure Shell Example
Kernel Changes
Summary
Chapter 12 Server Scanning With Nikto
Things to Consider
Installation
Scanning a Second Host
Running Options
Command-Line Options
Evasion Techniques
The Main Nikto Configuration File
Summary
Part III Cloud Security
Chapter 13 Monitoring Cloud Operations
Host Dashboarding with NetData
Installing Netdata
Host Installation
Container Installation
Collectors
Uninstalling Host Packages
Cloud Platform Interrogation with Komiser
Installation Options
Summary
Chapter 14 Cloud Guardianship
Installing Cloud Custodian
Wrapper Installation
Python Installation
EC2 Interaction
More Complex Policies
IAM Policies
S3 Data at Rest
Generating Alerts
Summary
Chapter 15 Cloud Auditing
Runtime, Host, and Cloud Testing with Lunar
Installing to a Bash Default Shell
Execution
Cloud Auditing Against Benchmarks
AWS Auditing with Cloud Reports
Generating Reports
EC2 Auditing
CIS Benchmarks and AWS Auditing with Prowler
Summary
Chapter 16 AWS Cloud Storage
Buckets
Native Security Settings
Automated S3 Attacks
Storage Hunting
Summary
Part IV Advanced Kubernetes and Runtime Security
Chapter 17 Kubernetes External Attacks
The Kubernetes Network Footprint
Attacking the API Server
API Server Information Discovery
Avoiding API Server Information Disclosure
Exploiting Misconfigured API Servers
Preventing Unauthenticated Access to the API Server
Attacking etcd
etcd Information Discovery
Exploiting Misconfigured etcd Servers
Preventing Unauthorized etcd Access
Attacking the Kubelet
Kubelet Information Discovery
Exploiting Misconfigured Kubelets
Preventing Unauthenticated Kubelet Access
Summary
Chapter 18 Kubernetes Authorizationwith RBAC
Kubernetes Authorization Mechanisms
RBAC Overview
RBAC Gotchas
Avoid the cluster-admin Role
Built-In Users and Groups Can Be Dangerous
Read-Only Can Be Dangerous
Create Pod Is Dangerous
Kubernetes Rights Can Be Transient
Other Dangerous Objects
Auditing RBAC
Using kubectl
Additional Tooling
Rakkess
kubectl-who-can
Rback
Summary
Chapter 19 Network Hardening
Container Network Overview
Node IP Addresses
Pod IP Addresses
Service IP Addresses
Restricting Traffic in Kubernetes Clusters
Setting Up a Cluster with Network Policies
Getting Started
Allowing Access
Egress Restrictions
Network Policy Restrictions
CNI Network Policy Extensions
Cilium
Calico
Summary
Chapter 20 Workload Hardening
Using Security Context in Manifests
General Approach
allowPrivilegeEscalation
Capabilities
privileged
readOnlyRootFilesystem
seccompProfile
Mandatory Workload Security
Pod Security Standards
PodSecurityPolicy
Setting Up PSPs
Setting Up PSPs
PSPs and RBAC
PSP Alternatives
Open Policy Agent
Installation
Enforcement Actions
Kyverno
Installation
Operation
Summary
Index
EULA

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Cloud Native Security

Description

More details

Other editions

Additional editions

Persons

Content

System requirements