Liz Rice - Container Security
Here you can read online Liz Rice - Container Security full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2020, publisher: OReilly Media, Inc., genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
Container Security: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Container Security" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Liz Rice: author's other books
Who wrote Container Security? Find out the surname, the name of the author of the book and a list of all author's works by series.
Container Security — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Container Security" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
by Liz Rice
Copyright 2020 Vertical Shift Ltd. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.
OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .
- Acquisitions Editor: John Devins
- Developmental Editor: Virginia Wilson
- Production Editor: Nan Barber
- Interior Designer: David Futato
- Cover Designer: Karen Montgomery
- Illustrator: Rebecca Demarest
- 2019-12-02: First Early Release
- 2020-02-28: Second Early Release
See http://oreilly.com/catalog/errata.csp?isbn=9781492056706 for release details.
The OReilly logo is a registered trademark of OReilly Media, Inc. Container Security, the cover image, and related trade dress are trademarks of OReilly Media, Inc.
The views expressed in this work are those of the authors, and do not represent the publishers views. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
978-1-492-05670-6
[LSI]
Many organizations are running applications in cloud native environments, using containers and orchestration to facilitate scalability and resilience. If youre a member of the Operations, DevOps or even DevSecOps team setting up these environments for your company, how do you know whether your deployments are secure? If youre a security professional with experience of traditional server- or virtual machine-based systems, how can you adapt your existing knowledge ready for container-based deployments? And as a developer in the cloud native world, what do you need to think about to improve the security of your containerized applications? This book dives into some of the key underlying technologies that containers and cloud native rely on, to leave you better equipped to assess the security risks and potential solutions applicable to your environment, and to help you avoid falling into bad practices that will leave your technology deployments exposed.
In this book you will learn about many of the building block technologies and mechanisms that are commonly used in container-based systems, and how they are constructed in the Linux operating system. Together we will dive deep into the underpinnings of how containers work and how they communicate, so that you are well versed in not just the what of container security, but more importantly the why. My goal in writing it is to help you to better understand whats happening when you deploy containers. I want to encourage you to build mental models that allow you to make your own assessment of potential security risks that could affect your deployments.
This book primarily considers the kind of application containers that many businesses are using these days to run their business applications in systems like Kubernetes and Docker. This is in contrast to system containers such as LXC and LXD from the ). However, the basic mechanisms used to create application and system containers alike are control groups, namespaces and chroot, so this book will give you a solid foundation from which you may wish to explore the differences in approach taken by the different container projects.
Whether you consider yourself a developer, a security professional, an operator or a manager, this book will suit you best if you like to get into the nitty-gritty of how things work, and you enjoy time spent in a Linux terminal.
If you are looking for an instruction manual that gives a step-by-step guide to securing containers, this may not be the book for you. I dont believe there is a one-size-fits-all approach that would work for every application in every environment and every organization. Instead, I want to help you understand what is happening when you run applications in containers, and how different security mechanisms work, so that you can judge the risks for yourself.
As youll find out later in this book, containers are made with a combination of features from the Linux kernel. Securing containers involves using a lot of the same mechanisms as you would use on a Linux host. (I use the term host to cover both virtual machines and bare-metal servers.) I lay out how these mechanisms work, and then show how they apply in containers. If you are an experienced sysadmin, youll be able to skip over some sections to get to the container-specific information.
I assume that you have some basic familiarity with containers, and you have probably at least toyed with Docker or Kubernetes. You will understand terms like pulling a container image from a registry or running a container even if you dont know exactly what is happening under the covers when you take these actions. I dont expect you to know the details of how containers work - at least, not until you have read the book.
Well start in by considering threat model and attack vectors that affect container deployments, and the aspects that differentiate container security from traditional deployment security. The remainder of the book is concerned with helping you build a thorough understanding of containers and these container-specific threats, and how you can defend against them.
Before you can really think about how to secure containers, youll need to know how they work..
In addresses the need to identify container images with known software vulnerabilities.
In .
Then we will turn to the communications between containers. we will see how certificates and other credentials can be safely (or not so safely) passed to containers at runtime.
In we will consider ways in which security tooling can prevent attacks at runtime, taking advantage of the features of containers.
Finally, reviews the top ten security risks published by the Open Web Application Security Project, and considers container-specific approaches for addressing them. Spoiler alert: some of the top security risks are addressed in exactly the same way whether your application is containerized or not.
These days the majority of folks using containers are doing so under the Kubernetes orchestrator. An orchestrator automates the process of running different workloads in a cluster of machines, and there are places in this book where I will assume that you have a basic grasp of this concept. In general, I have tried to stay focused on concepts that act at the level of the underlying containers - the data plane in a Kubernetes deployment.
Because Kubernetes workloads run in containers, this book is relevant to Kubernetes security, but it is not a comprehensive treatment of everything related to securing Kubernetes or cloud native deployments. There are many other concerns around the configuration and use of the control plane components that are outside the scope of this book. If you would like more on this topic, you might be interested in the OReilly Kubernetes Security report (which I co-authored with Michael Hausenblas).
Font size:
Interval:
Bookmark:
Similar books «Container Security»
Look at similar books to Container Security. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Container Security and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.