CHF25.75
Download steht sofort bereit
Explore the latest and most comprehensive guide to securing your Cloud Native technology stack
Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates.
The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You'll also learn about:
Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines
Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates
Securing the most popular container orchestrator, Kubernetes
Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies
Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.
Autorentext
CHRIS BINNIE is a Technical Consultant who has worked for almost 25 years with critical Linux systems in banking and government, both on-premise and in the cloud. He has written two Linux books, has written for Linux and ADMIN magazines and has five years of experience in DevOps security consultancy roles.
RORY MCCUNE has over 20 years of experience in the Information and IT security arenas. His professional focus is on container, cloud, and application security and he is an author of the CIS Benchmarks for Docker and Kubernetes and has authored and delivered container security training at conferences around the world.
Klappentext
DISCOVER A COMPREHENSIVE GUIDE TO SECURING YOUR CLOUD NATIVE TECH STACK
In Cloud Native Security, accomplished IT security professionals and authors Chris Binnie and Rory McCune deliver a detailed treatment of how to minimize the attack surfaces found on today's Cloud Native infrastructure. Incorporating hands-on examples, the book teaches you to mitigate threats and eliminate areas of concern that tend to lead to security compromises. The book contains the information that security professionals need to know in order to operate secure, hardened and therefore reliable Cloud Native estates.
Beginning with accessible and easy-to-understand content about Linux containers and container runtime protection, the book moves on to more advanced subjects, like complex attacks on Kubernetes. You'll learn about forensic logging and Kubernetes vulnerabilities, Common Vulnerability and Exploit scanning tools (CVEs), baseline scans, how to codify security, and how to scan popular code repositories for vulnerabilities.
You'll also discover how to use Configuration Management tools like Ansible to enforce security controls and help mitigate against attackers gaining a foothold and create predictable, reliable, and secure hosts. Finally, topics like network policies, pod hardening, and Kubernetes Role Based Access Control (RBAC) functionality are all covered in extensive depth.
Perfect for DevOps engineers, platform engineers, security professionals, and students, Cloud Native Security will earn a place in the libraries of all professionals who need to improve their understanding of modern security vulnerabilities and challenges.
The book delivers thorough and comprehensive explanations of:
Inhalt
Introduction xix
Part I Container and Orchestrator Security 1
Chapter 1 What is a Container? 3
Common Misconceptions 4
Container Components 6
Kernel Capabilities 7
Other Containers 13
Summary 14
Chapter 2 Rootless Runtimes 17
Docker Rootless Mode 18
Installing Rootless Mode 20
Running Rootless Podman 25
Setting Up Podman 26
Summary 31
Chapter 3 Container Runtime Protection 33
Running Falco 34
Configuring Rules 38
Changing Rules 39
Macros 41
Lists 41
Getting Your Priorities Right 41
Tagging Rulesets 42
Outputting Alerts 42
Summary 43
Chapter 4 Forensic Logging 45
Things to Consider 46
Salient Files 47
Breaking the Rules 49
Key Commands 52
The Rules 52
Parsing Rules 54
Monitoring 58
Ordering and Performance 62
Summary 63
Chapter 5 Kubernetes Vulnerabilities 65
Mini Kubernetes 66
Options for Using kube-hunter 68
Deployment Methods 68
Scanning Approaches 69
Hunting Modes 69
Container Deployment 70
Inside Cluster Tests 71
Minikube vs. kube-hunter 74
Getting a List of Tests 76
Summary 77
Chapter 6 Container Image CVEs 79
Understanding CVEs 80
Trivy 82
Getting Started 83
Exploring Anchore 88
Clair 96
Secure Registries 97
Summary 101
Part II DevSecOps Tooling 103
Chapter 7 Baseline Scanning (or, Zap Your Apps) 105
Where to Find ZAP 106
Baseline Scanning 107
Scanning Nmap's Host 113
Adding Regular Expressions 114
Summary 116
Chapter 8 Codifying Security 117
Security Tooling 117
Installation 118
Simple Tests 122
Example Attack Files 124
Summary 127
Chapter 9 Kubernetes Compliance 129
Mini Kubernetes 130
Using kube-bench 133
Troubleshooting 138
Automation 139
Summary 140
Chapter 10 Securing Your Git Repositories 141
Things to Consider 142
Installing and Running Gitleaks 144
Installing and Running GitRob 149
Summary 151
Chapter 11 Automated Host Security 153
Machine Images 155
Idempotency 156
Secure Shell Example 158
Kernel Changes 162
Summary 163
Chapter 12 Server Scanning With Nikto 165
Things to Consider 165
Installation 166
Scanning a Second Host 170
Running Options 171
Command-Line Options 172
Evasion Techniques 172
The Main Nikto Configuration File 175
Summary 176
Part III Cloud Security 177
Chapter 13 Monitoring Cloud Operations 179
Host Dashboarding with NetData 180
Installing Netdata 180
Host Installation 180
Container Installation 183
Collectors 186
Uninstalling Host Packages 186
Cloud Platform Interrogation with Komiser 186
Installation Options 190
Summary 191
Chapter 14 Cloud Guardianship 193
Installing Cloud Custodian 193
Wrapper Installation 194
Python Installation 195
EC2 Interaction 196 More Complex Policie...