Hacking Kubernetes: Threat-Driven Analysis and Defense


Hacking Kubernetes: Threat-Driven Analysis and Defense
Author: Andrew Martin and Michael Hausenblas
Publisher finelybook 出版社:‏ O’Reilly Media; (November 2, 2021)
Language 语言: English
Print Length 页数: 314 pages
ISBN-10: 1492081736
ISBN-13: 9781492081739

Book Description


Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component’s architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack.
This book begins with a vanilla Kubernetes installation with built-in defaults. You’ll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.
Understand where your Kubernetes system is vulnerable with threat modelling techniques
Focus on pods, from configurations to attacks and defenses
Secure your cluster and workload traffic
Define and enforce policy with RBAC, OPA, and Kyverno
Dive deep into sandboxing and isolation techniques
Learn how to detect and mitigate supply chain attacks
Explore filesystems, volumes, and sensitive information at rest
Discover what can go wrong when running multitenant workloads in a cluster
Learn what you can do if someone breaks in despite you having controls in place
From the Preface
Welcome to Hacking Kubernetes, a book for Kubernetes practitioners who want to run their workloads securely and safely. At time of writing, Kubernetes has been around for some six years, give or take. There are over one hundred certified Kubernetes offerings available, such as distributions and managed services. With an increasing number of organizations deciding to move their workloads to Kubernetes, we thought we’d share our experiences in this space, to help make your workloads more secure and safe to deploy and operate. Thank you for joining us on this journey, and we hope you have as much fun reading this book and applying what you learn as we had writing it.
In this preface, we will paint a picture of our intended audience, talk about why we wrote the book, and explain how we think you should go about using it by providing a quick content guide. We will also go over some administrative details like Kubernetes versions and conventions used.
To get most out of the book, we assume that you either have a DevOps role, are a Kubernetes platform person, a cloud native architect, a site reliability engineer (SRE), or something related to being a chief information security officer (CISO). We further assume that you’re interested in being hands-on—while we discuss threats and defenses in principle, we try our best to demonstrate them at the same time and point you to tools that can help you.
At this point we also want to make sure you understand that the book you’re reading is targeting advanced topics. We assume that you’re already familiar with Kubernetes, and specifically Kubernetes security topics, at least on a surface level. In other words, we don’t go into much detail about how things work, but summarize or recap important concepts or mechanisms on a per-chapter basis. In particular, we assume that you understand what containers are for and how they run in Kubernetes.
How To Use This Book
This book is a threat-based guide to security in Kubernetes, using a vanilla Kubernetes installation with its (built-in) defaults as a starting point. We’ll kick off discussions with an abstract threat model of a distributed system running arbitrary workloads and progress to a detailed assessment of each component of a secure Kubernetes system.
In each chapter, we examine a component’s architecture and potential default settings and review high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). We also demonstrate attacks and share best-practice configuration in order to demonstrate hardening clusters from possible angles of attack.
About the Author
Andrew Martin is CEO of ControlPlane.
Michael Hausenblas is Product Developer Advocate Amazon Web Service.

下载地址 Download解决验证以访问链接!
打赏
未经允许不得转载:finelybook » Hacking Kubernetes: Threat-Driven Analysis and Defense

评论 抢沙发

觉得文章有用就打赏一下

您的打赏,我们将继续给力更多优质内容

支付宝扫一扫

微信扫一扫