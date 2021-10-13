Book description
Running cloud native workloads on Kubernetes can be challenging: keeping them secure is even more so. Kubernetes' complexity offers malicious in-house users and external attackers alike a large assortment of attack vectors. Hacking Kubernetes reviews defaults and threat models and shows how to protect against attacks.
Securing your workloads is both essential and urgent, so this invaluable hands-on guide is available to you in this early release edition before it's available to the general public. It covers topics critical for cloud native security, detailing how to:
- Preface
- 1. Introduction
-
2. Pod-Level Resources
- Defaults
- Threat Model
- Anatomy of the Attack
- Kubernetes Workloads: Apps in a Pod
- What’s a Pod?
- Understanding Containers
- Pod Configuration and Threats
- Using the Security Context Correctly
- Into the Eye of the Storm
- Conclusion
- 3. Container Runtime Isolation
-
4. Applications and Supply Chain
- Defaults
- Threat Model
- The Supply Chain
- CNCF Security Technical Advisory Group
- Captain Hashjack Attacks a Supply Chain
- Container Image Build Supply Chains
- The State of Your Container Supply Chains
- Signing Builds and Metadata
- Infrastructure Supply Chain
- Types of Supply Chain Attack
- Defending Against SUNBURST
- Conclusion
-
5. Networking
- Defaults
- Threat Model
- Traffic Flow Control
- Service Meshes
- eBPF
- Conclusion
-
6. Storage
- Defaults
- Threat Model
- Volumes and Datastores
- Sensitive Information at Rest
- Storage
- Conclusion
-
7. Hard Multitenancy
- Defaults
- Threat Model
- Namespaced resources
- Soft Multitenancy
- Hard Multitenancy
- Control plane
- Data plane
- Cluster isolation architecture
- Cluster support services and tooling environments
- Security monitoring and visibility
- Conclusion
-
8. Policy
- Types of Policies
- Defaults
- Threat Model
- Common Expectations
- Authentication and Authorization
- Role-Based Access Control (RBAC)
- Generic Policy Engines
- Conclusion
- 9. Intrusion Detection
- 10. Organizations
- A. A Pod-Level Attack
- B. Resources
- Index
- Title: Hacking Kubernetes
- Author(s):
- Release date: October 2021
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492081739
