Klienditugi: 7440010 (E-R 10-18)

Abi | Registreeri | Logi sisse

E-raamat: Container Security: Fundamental Technology Concepts that Protect Containerized Applications

4.54/5 (322 hinnangut Goodreads-ist)

Liz Rice

Formaat: 200 pages
Ilmumisaeg: 06-Apr-2020
Kirjastus: O'Reilly Media
Keel: eng
ISBN-13: 9781492056676

Teised raamatud teemal:

Computer security

Formaat - PDF+DRM
Hind: 40,37 €*
* hind on lõplik, st. muud allahindlused enam ei rakendu
Lisa ostukorvi
Lisa soovinimekirja
See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.

Formaat: 200 pages
Ilmumisaeg: 06-Apr-2020
Kirjastus: O'Reilly Media
Keel: eng
ISBN-13: 9781492056676

Teised raamatud teemal:

Computer security

DRM piirangud

Kopeerimine (copy/paste):

ei ole lubatud
Printimine:

ei ole lubatud
Kasutamine:

Digitaalõiguste kaitse (DRM)
Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

Vajalik tarkvara
Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

Seda e-raamatut ei saa lugeda Amazon Kindle's.

"This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions. Author Liz Rice, VP of open source engineering at Aqua Security, looks at how the building blocks commonly used in container-based systems are constructed in Linux."

To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions.

Author Liz Rice, VP of open source engineering at Aqua Security, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You&;ll understand what&;s happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you&;re ready to get started.

Explore attack vectors that affect container deployments
Dive into the Linux constructs that underpin containers
Examine measures for hardening containers
Understand how misconfigurations can compromise container isolation
Learn best practices for building container images
Identify container images that have known software vulnerabilities
Leverage secure connections between containers
Use security tooling to prevent attacks on your deployment

Preface

1 Container Security Threats

(12)

Risks, Threats, and Mitigations

(1)

Container Threat Model

(3)

Security Boundaries

(1)

Multitenancy

(3)

Shared Machines

(1)

Virtualization

(1)

Container Multitenancy

(1)

Container Instances

(1)

Security Principles

(2)

Least Privilege

(1)

Defense in Depth

(1)

Reducing the Attack Surface

(1)

Limiting the Blast Radius

(1)

Segregation of Duties

(1)

Applying Security Principles with Containers

(1)

Summary

(1)

2 Linux System Calls, Permissions, and Capabilities

(10)

System Calls

(1)

File Permissions

(5)

Setuid and setgid

(3)

Linux Capabilities

(2)

Privilege Escalation

(1)

Summary

(1)

3 Control Groups

(8)

Cgroup Hierarchies

(1)

Creating Cgroups

(2)

Setting Resource Limits

(1)

Assigning a Process to a Cgroup

(1)

Docker Using Cgroups

(1)

Cgroups V2

(1)

Summary

(1)

4 Container Isolation

(24)

Linux Namespaces

(1)

Isolating the Hostname

(2)

Isolating Process IDs

(3)

Changing the Root Directory

(3)

Combine Namespacing and Changing the Root

(1)

Mount Namespace

(1)

Network Namespace

(2)

User Namespace

(3)

User Namespace Restrictions in Docker

(1)

Inter-process Communications Namespace

(1)

Cgroup Namespace

(1)

Container Processes from the Host Perspective

(2)

Container Host Machines

(1)

Summary

(2)

5 Virtual Machines

(10)

Booting Up a Machine

(2)

Enter the VMM

(2)

Type 1 VMMs, or Hypervisors

(1)

Type 2 VMM

(1)

Kernel-Based Virtual Machines

(1)

Trap-and-Emulate

(1)

Handling Non-Virtualizable Instructions

(1)

Process Isolation and Security

(1)

Disadvantages of Virtual Machines

(1)

Container Isolation Compared to VM Isolation

(1)

Summary

(2)

6 Container Images

(18)

Root Filesystem and Image Configuration

(1)

Overriding Config at Runtime

(1)

OCI Standards

(1)

Image Configuration

(1)

Building Images

(3)

The Dangers of docker build

(1)

Daemonless Builds

(1)

Image Layers

(2)

Storing Images

(1)

Identifying Images

(2)

Image Security

(1)

Build-Time Security

(3)

Provenance of the Dockerfile

(1)

Dockerfile Best Practices for Security

(2)

Attacks on the Build Machine

(1)

Image Storage Security

(1)

Running Your Own Registry

(1)

Signing Images

(1)

Image Deployment Security

(2)

Deploying the Right Image

(1)

Malicious Deployment Definition

(1)

Admission Control

(1)

GitOps and Deployment Security

(1)

Summary

(2)

7 Software Vulnerabilities in Images

(12)

Vulnerability Research

(1)

Vulnerabilities, Patches, and Distributions

(1)

Application-Level Vulnerabilities

(1)

Vulnerability Risk Management

(1)

Vulnerability Scanning

(1)

Installed Packages

(1)

Container Image Scanning

(2)

Immutable Containers

(1)

Regular Scanning

(1)

Scanning Tools

(2)

Sources of Information

(1)

Out-of-Date Sources

(1)

Won't Fix Vulnerabilities

(1)

Subpackage Vulnerabilities

(1)

Package Name Differences

(1)

Additional Scanning Features

(1)

Scanner Errors

(1)

Scanning in the CI/CD Pipeline

(2)

Prevent Vulnerable Images from Running

(1)

Zero-Day Vulnerabilities

(1)

Summary

(1)

8 Strengthening Container Isolation

(10)

Seccomp

(2)

AppArmor

(1)

SELinux

(2)

Gvisor

100

(2)

Kata Containers

102

(1)

Firecracker

103

(1)

Unikernels

103

(1)

Summary

104

(1)

9 Breaking Container Isolation

105

(12)

Containers Run as Root by Default

105

(6)

Override the User ID

106

(1)

Root Requirement Inside Containers

107

(2)

Rootless Containers

109

(2)

The --privileged Flag and Capabilities

111

(2)

Mounting Sensitive Directories

113

(1)

Mounting the Docker Socket

114

(1)

Sharing Namespaces Between a Container and Its Host

115

(1)

Sidecar Containers

115

(1)

Summary

116

(1)

10 Container Network Security

117

(14)

Container Firewalls

117

(2)

OSI Networking Model

119

(1)

Sending an IP Packet

120

(1)

IP Addresses for Containers

121

(1)

Network Isolation

122

(1)

Layer 3/4 Routing and Rules

123

(2)

Iptables

123

(2)

IPVS

125

(1)

Network Policies

125

(4)

Network Policy Solutions

127

(1)

Network Policy Best Practices

128

(1)

Service Mesh

129

(1)

Summary

130

(1)

11 Securely Connecting Components with TLS

131

(10)

Secure Connections

131

(1)

X.509 Certificates

132

(4)

Public/Private Key Pairs

133

(1)

Certificate Authorities

134

(2)

Certificate Signing Requests

136

(1)

TLS Connections

136

(2)

Secure Connections Between Containers

138

(1)

Certificate Revocation

138

(1)

Summary

139

(2)

12 Passing Secrets to Containers

141

(8)

Secret Properties

141

(1)

Getting Information into a Container

142

(3)

Storing the Secret in the Container Image

143

(1)

Passing the Secret Over the Network

144

(1)

Passing Secrets in Environment Variables

144

(1)

Passing Secrets Through Files

145

(1)

Kubernetes Secrets

145

(1)

Secrets Are Accessible by Root

146

(2)

Summary

148

(1)

13 Container Runtime Protection

149

(8)

Container Image Profiles

149

(6)

Network Traffic Profiles

150

(1)

Executable Profiles

150

(2)

File Access Profiles

152

(1)

User ID Profiles

152

(1)

Other Runtime Profiles

153

(1)

Container Security Tools

153

(2)

Drift Prevention

155

(1)

Summary

156

(1)

14 Containers and the OWASP Top 10

157

(6)

Injection

157

(1)

Broken Authentication

157

(1)

Sensitive Data Exposure

158

(1)

XML External Entities

158

(1)

Broken Access Control

158

(1)

Security Misconfiguration

159

(1)

Cross-Site Scripting XSS

159

(1)

Insecure Deserialization

159

(1)

Using Components with Known Vulnerabilities

160

(1)

Insufficient Logging and Monitoring

160

(1)

Summary

161

(2)

Conclusions

163

(2)

Appendix. Security Checklist

165

(2)

Index

167

Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter, kube-bench and manifesto. She was Co-Chair of the CNCF's KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle.

Lisainfo e-raamatute kohta

Püsilink: https://www.kriso.ee/db/97814920566762e.html

Märksõnad:

E-raamat: Container Security: Fundamental Technology Concepts that Protect Containerized Applications

DRM piirangud

Kopeerimine (copy/paste):

Printimine:

Kasutamine:

Konto & seaded

Otsing

Otsingu andmebaas

Filtreeri tulemusi

Teemad E-raamatute teemad

Vali ostukorv