book

Cloud Native Security

Name: Cloud Native Security
ISBN: 9781119782230

by Chris Binnie, Rory McCune

August 2021

Intermediate to advanced

336 pages

8h 4m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Introduction
Meeting the ChallengeA Few ConventionsCompanion Download FilesHow to Contact the Publisher
Part I: Container and Orchestrator Security
CHAPTER 1: What Is A Container?
Common MisconceptionsContainer ComponentsKernel CapabilitiesOther ContainersSummary
CHAPTER 2: Rootless Runtimes
Docker Rootless ModeRunning Rootless PodmanSummary
CHAPTER 3: Container Runtime Protection
Running FalcoConfiguring RulesSummary
CHAPTER 4: Forensic Logging
Things to ConsiderSalient FilesBreaking the RulesKey CommandsThe RulesParsing RulesMonitoringOrdering and PerformanceSummary
CHAPTER 5: Kubernetes Vulnerabilities
Mini KubernetesOptions for Using kube-hunterContainer DeploymentInside Cluster TestsMinikube vs. kube-hunterGetting a List of TestsSummary
CHAPTER 6: Container Image CVEs
Understanding CVEsTrivyExploring AnchoreClairSummary

Part II: DevSecOps Tooling
CHAPTER 7: Baseline Scanning (or, Zap Your Apps)
Where to Find ZAPBaseline ScanningScanning Nmap's HostAdding Regular ExpressionsSummary
CHAPTER 8: Codifying Security
Security ToolingInstallationSimple TestsExample Attack FilesSummary
CHAPTER 9: Kubernetes Compliance
Mini KubernetesUsing kube-benchTroubleshootingAutomationSummary
CHAPTER 10: Securing Your Git Repositories
Things to ConsiderInstalling and Running GitleaksInstalling and Running GitRobSummary
CHAPTER 11: Automated Host Security
Machine ImagesIdempotencySecure Shell ExampleKernel ChangesSummary
CHAPTER 12: Server Scanning With Nikto
Things to ConsiderInstallationScanning a Second HostRunning OptionsCommand-Line OptionsEvasion TechniquesThe Main Nikto Configuration FileSummary
Part III: Cloud Security
CHAPTER 13: Monitoring Cloud Operations
Host Dashboarding with NetDataCloud Platform Interrogation with KomiserSummary
CHAPTER 14: Cloud Guardianship
Installing Cloud CustodianMore Complex PoliciesIAM PoliciesS3 Data at RestGenerating AlertsSummary
CHAPTER 15: Cloud Auditing
Runtime, Host, and Cloud Testing with LunarAWS Auditing with Cloud ReportsCIS Benchmarks and AWS Auditing with ProwlerSummary
CHAPTER 16: AWS Cloud Storage
BucketsNative Security SettingsAutomated S3 AttacksStorage HuntingSummary
Part IV: Advanced Kubernetes and Runtime Security
CHAPTER 17: Kubernetes External Attacks
The Kubernetes Network FootprintAttacking the API ServerAttacking etcdAttacking the KubeletSummary
CHAPTER 18: Kubernetes Authorization with RBAC
Kubernetes Authorization MechanismsRBAC OverviewRBAC GotchasAuditing RBACSummary
CHAPTER 19: Network Hardening
Container Network OverviewRestricting Traffic in Kubernetes ClustersCNI Network Policy ExtensionsSummary
CHAPTER 20: Workload Hardening
Using Security Context in ManifestsMandatory Workload SecurityPodSecurityPolicyPSP AlternativesSummary
Index
Copyright
About the Authors
About the Technical Editor
End User License Agreement

Overview

Explore the latest and most comprehensive guide to securing your Cloud Native technology stack

Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today’s Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates.

The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You’ll also learn about:

Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines
Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates
Securing the most popular container orchestrator, Kubernetes
Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies

Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119782230Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills