Cover image for Cloud Native Security

Cloud Native Security

Release Date: 2021/08/01
ISBN: 9781119782230
Topic:
0%
23
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Explore the latest and most comprehensive guide to securing your Cloud Native technology stack 

Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today’s Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates. 

The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You’ll also learn about: 

  • Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines 
  • Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates 
  • Securing the most popular container orchestrator, Kubernetes 
  • Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies 

Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges. 

Table of Contents

  1. Cover
  2. Title Page
  3. Introduction
    1. Meeting the Challenge
    2. A Few Conventions
    3. Companion Download Files
    4. How to Contact the Publisher
  4. Part I: Container and Orchestrator Security
    1. CHAPTER 1: What Is A Container?
    2. Common Misconceptions
    3. Container Components
    4. Kernel Capabilities
    5. Other Containers
    6. Summary
    7. CHAPTER 2: Rootless Runtimes
    8. Docker Rootless Mode
    9. Running Rootless Podman
    10. Summary
    11. CHAPTER 3: Container Runtime Protection
    12. Running Falco
    13. Configuring Rules
    14. Summary
    15. CHAPTER 4: Forensic Logging
    16. Things to Consider
    17. Salient Files
    18. Breaking the Rules
    19. Key Commands
    20. The Rules
    21. Parsing Rules
    22. Monitoring
    23. Ordering and Performance
    24. Summary
    25. CHAPTER 5: Kubernetes Vulnerabilities
    26. Mini Kubernetes
    27. Options for Using kube-hunter
    28. Container Deployment
    29. Inside Cluster Tests
    30. Minikube vs. kube-hunter
    31. Getting a List of Tests
    32. Summary
    33. CHAPTER 6: Container Image CVEs
    34. Understanding CVEs
    35. Trivy
    36. Exploring Anchore
    37. Clair
    38. Summary
  5. Part II: DevSecOps Tooling
    1. CHAPTER 7: Baseline Scanning (or, Zap Your Apps)
    2. Where to Find ZAP
    3. Baseline Scanning
    4. Scanning Nmap's Host
    5. Adding Regular Expressions
    6. Summary
    7. CHAPTER 8: Codifying Security
    8. Security Tooling
    9. Installation
    10. Simple Tests
    11. Example Attack Files
    12. Summary
    13. CHAPTER 9: Kubernetes Compliance
    14. Mini Kubernetes
    15. Using kube-bench
    16. Troubleshooting
    17. Automation
    18. Summary
    19. CHAPTER 10: Securing Your Git Repositories
    20. Things to Consider
    21. Installing and Running Gitleaks
    22. Installing and Running GitRob
    23. Summary
    24. CHAPTER 11: Automated Host Security
    25. Machine Images
    26. Idempotency
    27. Secure Shell Example
    28. Kernel Changes
    29. Summary
    30. CHAPTER 12: Server Scanning With Nikto
    31. Things to Consider
    32. Installation
    33. Scanning a Second Host
    34. Running Options
    35. Command-Line Options
    36. Evasion Techniques
    37. The Main Nikto Configuration File
    38. Summary
  6. Part III: Cloud Security
    1. CHAPTER 13: Monitoring Cloud Operations
    2. Host Dashboarding with NetData
    3. Cloud Platform Interrogation with Komiser
    4. Summary
    5. CHAPTER 14: Cloud Guardianship
    6. Installing Cloud Custodian
    7. More Complex Policies
    8. IAM Policies
    9. S3 Data at Rest
    10. Generating Alerts
    11. Summary
    12. CHAPTER 15: Cloud Auditing
    13. Runtime, Host, and Cloud Testing with Lunar
    14. AWS Auditing with Cloud Reports
    15. CIS Benchmarks and AWS Auditing with Prowler
    16. Summary
    17. CHAPTER 16: AWS Cloud Storage
    18. Buckets
    19. Native Security Settings
    20. Automated S3 Attacks
    21. Storage Hunting
    22. Summary
  7. Part IV: Advanced Kubernetes and Runtime Security
    1. CHAPTER 17: Kubernetes External Attacks
    2. The Kubernetes Network Footprint
    3. Attacking the API Server
    4. Attacking etcd
    5. Attacking the Kubelet
    6. Summary
    7. CHAPTER 18: Kubernetes Authorization with RBAC
    8. Kubernetes Authorization Mechanisms
    9. RBAC Overview
    10. RBAC Gotchas
    11. Auditing RBAC
    12. Summary
    13. CHAPTER 19: Network Hardening
    14. Container Network Overview
    15. Restricting Traffic in Kubernetes Clusters
    16. CNI Network Policy Extensions
    17. Summary
    18. CHAPTER 20: Workload Hardening
    19. Using Security Context in Manifests
    20. Mandatory Workload Security
    21. PodSecurityPolicy
    22. PSP Alternatives
    23. Summary
  8. Index
  9. Copyright
  10. About the Authors
  11. About the Technical Editor
  12. End User License Agreement
3.17.154.171