Learn Kubernetes Security
2020년 07월 09일 출간
- eBook 상품 정보
- 파일 정보 pdf (5.03MB)
- ISBN 9781839212185
- 쪽수 330쪽
- 지원기기 교보eBook App, PC e서재, 리더기, 웹뷰어
-
교보eBook App
듣기(TTS) 가능
TTS 란?텍스트를 음성으로 읽어주는 기술입니다.
- 전자책의 편집 상태에 따라 본문의 흐름과 다르게 텍스트를 읽을 수 있습니다.
- 전자책 화면에 표기된 주석 등을 모두 읽어 줍니다.
- 이미지 형태로 제작된 전자책 (예 : ZIP 파일)은 TTS 기능을 지원하지 않습니다.
- '교보 ebook' 앱을 최신 버전으로 설치해야 이용 가능합니다. (Android v3. 0.26, iOS v3.0.09,PC v1.2 버전 이상)
PDF 필기 Android 가능 (iOS예정)
쿠폰적용가 18,900원
10% 할인 | 5%P 적립이 상품은 배송되지 않는 디지털 상품이며,
교보eBook앱이나 웹뷰어에서 바로 이용가능합니다.
카드&결제 혜택
- 5만원 이상 구매 시 추가 2,000P
- 3만원 이상 구매 시, 등급별 2~4% 추가 최대 416P
- 리뷰 작성 시, e교환권 추가 최대 300원
작품소개
이 상품이 속한 분야
▶Book Description
Kubernetes is an open source orchestration platform for managing containerized applications. Despite widespread adoption of the technology, DevOps engineers might be unaware of the pitfalls of containerized environments. With this comprehensive book, you'll learn how to use the different security integrations available on the Kubernetes platform to safeguard your deployments in a variety of scenarios.
Learn Kubernetes Security starts by taking you through the Kubernetes architecture and the networking model. You'll then learn about the Kubernetes threat model and get to grips with securing clusters. Throughout the book, you'll cover various security aspects such as authentication, authorization, image scanning, and resource monitoring. As you advance, you'll learn about securing cluster components (the kube-apiserver, CoreDNS, and kubelet) and pods (hardening image, security context, and PodSecurityPolicy). With the help of hands-on examples, you'll also learn how to use open source tools such as Anchore, Prometheus, OPA, and Falco to protect your deployments.
By the end of this Kubernetes book, you'll have gained a solid understanding of container security and be able to protect your clusters from cyberattacks and mitigate cybersecurity threats.
▶What You Will Learn
-Understand the basics of Kubernetes architecture and networking
-Gain insights into different security integrations provided by the Kubernetes platform
-Delve into Kubernetes' threat modeling and security domains
-Explore different security configurations from a variety of practical examples
-Get to grips with using and deploying open source tools to protect your deployments
-Discover techniques to mitigate or prevent known Kubernetes hacks
▶Key Features
-Explore a variety of Kubernetes components that help you to prevent cyberattacks
-Perform effective resource management and monitoring with Prometheus and built-in Kubernetes tools
-Learn techniques to prevent attackers from compromising applications and accessing resources for crypto-coin mining
▶Who This Book Is For
This book is for security consultants, cloud administrators, system administrators, and DevOps engineers interested in securing their container deployments. If you're looking to secure your Kubernetes clusters and cloud-based deployments, you'll find this book useful. A basic understanding of cloud computing and containerization is necessary to make the most of this book.
▷Section 1: Introduction to Kubernetes
-Chapter 1: Kubernetes Architecture
-Chapter 2: Kubernetes Networking
-Chapter 3: Threat Modeling
-Chapter 4: Applying the Principle of Least Privilege in Kubernetes
-Chapter 5: Configuring Kubernetes Security Boundaries
▷Section 2: Securing Kubernetes Deployments and Clusters
-Chapter 6: Securing Cluster Components
-Chapter 7: Authentication, Authorization, and Admission Control
-Chapter 8: Securing Kubernetes Pods
-Chapter 9: Image Scanning in DevOps Pipelines
-Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
-Chapter 11: Defense in Depth
▷Section 3: Learning from Mistakes and Pitfalls
-Chapter 12: Analyzing and Detecting Crypto-Mining Attacks
-Chapter 13: Learning from Kubernetes CVEs
▶What this book covers
- Chapter 1, Kubernetes Architecture, introduces the basics of Kubernetes components and Kubernetes objects.
- Chapter 2, Kubernetes Networking, introduces Kubernetes' networking model and dives deep into the communication among microservices.
- Chapter 3, Threat Modeling, discusses important assets, threat actors in Kubernetes, and how to conduct threat modeling for applications deployed in Kubernetes.
- Chapter 4, Applying the Principle of Least Privilege in Kubernetes, discusses the security control mechanisms in Kubernetes that help in implementing the principle of least privilege in two areas: the least privilege of Kubernetes subjects and the least privilege of Kubernetes workloads.
- Chapter 5, Configuring Kubernetes Security Boundaries, discusses the security domains and security boundaries in Kubernetes clusters. Also, it introduces security control mechanisms to strengthen security boundaries.
- Chapter 6, Securing Cluster Components, discusses the sensitive configurations in Kubernetes components, such as kube-apiserver, kubelet, and so on. It introduces the use of kube-bench to help identify misconfigurations in Kubernetes clusters.
- Chapter 7, Authentication, Authorization, and Admission Control, discusses the authentication and authorization mechanisms in Kubernetes. It also introduces popular admission controllers in Kubernetes.
- Chapter 8, Securing Kubernetes Pods, discusses hardening images with CIS Docker Benchmark. It introduces Kubernetes security contexts, Pod Security Policies, and kube-psp-advisor, which helps to generate Pod security policies.
- Chapter 9, Image Scanning in DevOps Pipelines, introduces the basic concepts of container images and vulnerabilities. It also introduces the image scanning tool Anchore Engine and how it can be integrated into DevOps pipelines.
- Chapter 10, Real-Time Monitoring and Resource Management of a Kubernetes Cluster, introduces built-in mechanisms such as resource request/limits and LimitRanger. It also introduces built-in tools like Kubernetes Dashboard and metrics server, and third-party monitoring tools, such as Prometheus and a data visualization tool called Grafana.
- Chapter 11, Defense in Depth, discusses various topics related to defense in depth: Kubernetes auditing, high availability in Kubernetes, secret management, anomaly detection, and forensics.
- Chapter 12, Analyzing and Detecting Crypto-Mining Attacks, introduces the basic concepts of cryptocurrency and crypto mining attacks. It then discusses a few ways to detect crypto mining attacks with open source tools such as Prometheus and Falco.
- Chapter 13, Learning from Kubernetes CVEs, discusses four well-known Kubernetes CVEs and some corresponding mitigation strategies. It also introduces the open source tool kube-hunter, which helps identify known vulnerabilities in Kubernetes.
▶ Preface
The growing complexity and scalability of real-world applications has led to a transition from monolithic architecture to microservices architecture. Kubernetes has become the de facto orchestration platform for deploying microservices. As a developer-friendly platform, Kubernetes enables different configurations to suit different use cases, making it the primary choice among most DevOps engineers. The openness and highly configurable nature of Kubernetes increases its complexity. Increased complexity leads to misconfigurations and security issues, which if exploited, can cause a significant economic impact on an organization. If you are planning to use Kubernetes in your environment, this book is for you.
In this book, you'll learn about how to secure your Kubernetes cluster. We briefly introduce Kubernetes in the first two chapters (we expect you to have a basic understanding of Kubernetes before you begin). We then discuss the default configurations of different Kubernetes components and objects. Default configurations in Kubernetes are often insecure. We discuss different ways to configure your cluster correctly to ensure that it is secure. We dive deep to explore different built-in security mechanisms, such as admission controllers, security contexts, and network policies, that are provided by Kubernetes to help secure your cluster. We also discuss some open source tools that complement the existing toolkits in Kubernetes to improve the security of your cluster. Finally, we look at some real-world examples of attacks and vulnerabilities in Kubernetes clusters and discuss how to harden your cluster to prevent such attacks.
With this book, we hope you will be able to deploy complex applications in your Kubernetes clusters securely. Kubernetes is evolving quickly. With the examples that we provide, we hope you will learn how to reason about the right configurations for your environment.
작가정보
저자(글) Kaizhe Huang
Kaizhe Huang is a security researcher at Sysdig, where he researches how to defend Kubernetes and containers from attacks ranging from web attacks to kernel attacks. Kaizhe is one of the maintainers of Falco, an incubation-level CNCF project, and the original author of multiple open source projects, such as kube-psp-advisor. Before joining Sysdig, as an employee at Stackrox, Kaizhe helped build a detection data pipeline, conducted security research, and innovated detection based on machine learning. Previously, as a senior security engineer at Oracle, he helped build security products: Database Vault, Database Privilege Analyzer, and Database Assessment Tool. Kaizhe holds an MS degree in information security from Carnegie Mellon University.
저자(글) Pranjal Jumde
Pranjal Jumde is a senior security engineer at Brave Inc. In the security industry, he has worked on different aspects of security, such as browser security, OS/kernel security, DevSecOps, web application security, reverse engineering malware, security automation, and the development of security/privacy features. Before joining Brave, as an employee at Stackrox, Pranjal helped in the development of detection and enforcement features for the runtime detection platform. He has also worked at Apple and Adobe, where he worked on the development of features to harden various platforms. Pranjal holds an MS degree in information security from Carnegie Mellon University. He has also presented his research at different conferences, such as ACM CCS and BSides SF/Delhi.
이 상품의 총서
Klover리뷰 (0)
- - e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- - 리워드는 1,000원 이상 eBook, 오디오북, 동영상에 한해 다운로드 완료 후 리뷰 작성 시 익일 제공됩니다.
- - 리워드는 한 상품에 최초 1회만 제공됩니다.
- - sam 이용권 구매 상품 / 선물받은 eBook은 리워드 대상에서 제외됩니다.
- 도서나 타인에 대해 근거 없이 비방을 하거나 타인의 명예를 훼손할 수 있는 리뷰
- 도서와 무관한 내용의 리뷰
- 인신공격이나 욕설, 비속어, 혐오 발언이 개재된 리뷰
- 의성어나 의태어 등 내용의 의미가 없는 리뷰
구매 후 리뷰 작성 시, e교환권 100원 적립
문장수집
- 구매 후 90일 이내에 문장 수집 등록 시 e교환권 100원을 적립해 드립니다.
- e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- 리워드는 1,000원 이상 eBook에 한해 다운로드 완료 후 문장수집 등록 시 제공됩니다.
- 리워드는 한 상품에 최초 1회만 제공됩니다.
- sam 이용권 구매 상품/오디오북·동영상 상품/주문취소/환불 시 리워드 대상에서 제외됩니다.
구매 후 문장수집 작성 시, e교환권 100원 적립
신규가입 혜택 지급이 완료 되었습니다.
바로 사용 가능한 교보e캐시 1,000원 (유효기간 7일)
지금 바로 교보eBook의 다양한 콘텐츠를 이용해 보세요!
- 구매 후 90일 이내 작성 시, e교환권 100원 (최초1회)
- 리워드 제외 상품 : 마이 > 라이브러리 > Klover리뷰 > 리워드 안내 참고
- 콘텐츠 다운로드 또는 바로보기 완료 후 리뷰 작성 시 익일 제공
가장 와 닿는 하나의 키워드를 선택해주세요.
총 5MB 이하로 jpg,jpeg,png 파일만 업로드 가능합니다.
신고 사유를 선택해주세요.
신고 내용은 이용약관 및 정책에 의해 처리됩니다.
허위 신고일 경우, 신고자의 서비스 활동이 제한될 수
있으니 유의하시어 신중하게 신고해주세요.
이 글을 작성한 작성자의 모든 글은 블라인드 처리 됩니다.
구매 후 90일 이내 작성 시, e교환권 100원 적립
eBook 문장수집은 웹에서 직접 타이핑 가능하나, 모바일 앱에서 도서를 열람하여 문장을 드래그하시면 직접 타이핑 하실 필요 없이 보다 편하게 남길 수 있습니다.
차감하실 sam이용권을 선택하세요.
차감하실 sam이용권을 선택하세요.
선물하실 sam이용권을 선택하세요.
-
보유 권수 / 선물할 권수0권 / 1권
-
받는사람 이름받는사람 휴대전화
- 구매한 이용권의 대한 잔여권수를 선물할 수 있습니다.
- 열람권은 1인당 1권씩 선물 가능합니다.
- 선물한 열람권이 ‘미등록’ 상태일 경우에만 ‘열람권 선물내역’화면에서 선물취소 가능합니다.
- 선물한 열람권의 등록유효기간은 14일 입니다.
(상대방이 기한내에 등록하지 않을 경우 소멸됩니다.) - 무제한 이용권일 경우 열람권 선물이 불가합니다.
첫 구매 시 교보e캐시 지급해 드립니다.
- 첫 구매 후 3일 이내 다운로드 시 익일 자동 지급
- 한 ID당 최초 1회 지급 / sam 이용권 제외
- 구글북액션을 통해 교보eBook 구매 이력이 없는 회원 대상
- 교보e캐시 1,000원 지급 (유효기간 지급일로부터 7일)