November 2022
Intermediate to advanced
50 pages
1h 2m
English
Content preview from Zero Trust Architecture in Kubernetes
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 6. Monitor All Access
We mentioned that authenticating users and machines at as many points as possible, regardless of whether they originated internal or external to your network, is key to a zero trust environment. Zero trust means nothing is trusted by default. Today’s cloud and hybrid cloud networks have no easily definable security perimeter, and it’s better for security in general to authenticate accounts as frequently as possible.
Now that it’s common wisdom in the tech industry (based on my peer interactions) that zero trust, when implemented properly, is a superior security model, it makes me imagine the havoc that the traditional perimeter security model facilitated for decades. “Ah ha, I breached through the DMZ and network perimeter with this decryption key some developer left stored in cleartext in a database! That’s right. I am the company’s network administrator. Let’s make some interesting changes to the .htaccess file on this web app’s Apache server...” Often, just one successful authentication exploit was all it took. Actually, let’s shift to the present tense. There are still lots of traditional perimeter security networks running today. Legacy tech can often be difficult to replace. That’s why Fortran programmers are paid so well.
One authentication vector at a perimeter is woefully insufficient. But in zero trust, we get rid of the perimeter concept and challenge users to authenticate (or present proof of authentication) every time they access anything. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.