Andrew Martin - Hacking Kubernetes: Threat-Driven Analysis and Defense
Here you can read online Andrew Martin - Hacking Kubernetes: Threat-Driven Analysis and Defense full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2021, publisher: OReilly Media, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Hacking Kubernetes: Threat-Driven Analysis and Defense
- Author:
- Publisher:OReilly Media
- Genre:
- Year:2021
- Rating:4 / 5
- Favourites:Add to favourites
- Your mark:
Hacking Kubernetes: Threat-Driven Analysis and Defense: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Hacking Kubernetes: Threat-Driven Analysis and Defense" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular components architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack.
This book begins with a vanilla Kubernetes installation with built-in defaults. Youll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.
- Understand where your Kubernetes system is vulnerable with threat modelling techniques
- Focus on pods, from configurations to attacks and defenses
- Secure your cluster and workload traffic
- Define and enforce policy with RBAC, OPA, and Kyverno
- Dive deep into sandboxing and isolation techniques
- Learn how to detect and mitigate supply chain attacks
- Explore filesystems, volumes, and sensitive information at rest
- Discover what can go wrong when running multitenant workloads in a cluster
- Learn what you can do if someone breaks in despite you having controls in place
Andrew Martin: author's other books
Who wrote Hacking Kubernetes: Threat-Driven Analysis and Defense? Find out the surname, the name of the author of the book and a list of all author's works by series.
Hacking Kubernetes: Threat-Driven Analysis and Defense — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Hacking Kubernetes: Threat-Driven Analysis and Defense" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
by Andrew Martin and Michael Hausenblas
Copyright 2022 Andrew Martin and Michael Hausenblas. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .
- Acquisitions Editor: John Devins
- Development Editor: Angela Rufino
- Production Editor: Beth Kelly
- Copyeditor: Kim Cofer
- Proofreader: Justin Billing
- Indexer: nSight, Inc.
- Interior Designer: David Futato
- Cover Designer: Karen Montgomery
- Illustrator: Kate Dullea
- October 2021: First Edition
- 2021-10-13: First Release
See http://oreilly.com/catalog/errata.csp?isbn=9781492081739 for release details.
The OReilly logo is a registered trademark of OReilly Media, Inc. Hacking Kubernetes, the cover image, and related trade dress are trademarks of OReilly Media, Inc.
The views expressed in this work are those of the authors, and do not represent the publishers views. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
978-1-492-08173-9
[LSI]
Welcome to Hacking Kubernetes, a book for Kubernetes practitioners who wantto run their workloads securely and safely. At time of writing, Kubernetes hasbeen around for some six years, give or take. There are over one hundredcertified Kubernetes offeringsavailable, such as distributions and managed services. With an increasing numberof organizations deciding to move their workloads to Kubernetes, we thoughtwed share our experiences in this space, to help make your workloads more secureand safe to deploy and operate. Thank you for joining us on this journey, and we hope you have as much fun reading this book and applying what you learn as we had writing it.
In this preface, we will paint a picture of our intended audience, talk aboutwhy we wrote the book, and explain how we think you should go about using it byproviding a quick content guide. We will also go over someadministrative details like Kubernetes versions and conventions used.
To get most out of the book, we assume that you either have a DevOps role,are a Kubernetes platform person, a cloud native architect, a site reliabilityengineer (SRE), or something related to being a chief information security officer (CISO).We further assume that youre interested in being hands-onwhile we discussthreats and defenses in principle, we try our best to demonstrate them at thesame time and point you to tools that can help you.
At this point we also want to make sure you understand that the book yourereading is targeting advanced topics. We assume that youre alreadyfamiliar with Kubernetes, and specifically Kubernetes security topics, at least ona surface level. In other words, we dont go into much detail about how thingswork, but summarize or recap important concepts or mechanisms on a per-chapterbasis.
We wrote this book with Blue and Red Teams in mind. It goes without saying thatwhat we share here is to be used exclusively for defending your own Kubernetescluster and workloads.
In particular, we assume that you understand what containers are for and howthey run in Kubernetes. If you are not yet familiar with these topics, werecommend that you do some preliminary reading. The following are books wesuggest consulting:
Kubernetes: Up and Running by Brendan Burns, Kelsey Hightower, and Joe Beda (OReilly)
Managing Kubernetes by Brendan Burns and Craig Tracey (OReilly)
Kubernetes Security by Liz Rice and Michael Hausenblas (OReilly)
Container Security by Liz Rice (OReilly)
Cloud Native Security by Chris Binnie and Rory McCune (Wiley)
Now that we have made clear what this book aims to achieve and who will,in our view, benefit from it, lets move on to a different topic: the authors.
Based on our combined 10+ years of hands-on experience designing,running, attacking, and defending Kubernetes-based workloads and clusters,we, the authors, want to equip you, the cloud native security practitioner,with what you need to be successful in your job.
Security is often illuminated by the light of past mistakes, and both of us have been learning (and making mistakes in!) Kubernetes security for a while now.We wanted to be sure that what we thought we understood about the subject was true,so we wrote a book to verify our suspicions through a shared lens.
We have both served in different companies and roles, given training sessions,published material from tooling to blog posts, and we have sharedlessons learned on the topic in various public speaking engagements. Much of what motivates us hereand the examples we use are rooted in our experiences in our day-to-day jobs and/or things we observed at our clients companies.
This book is a threat-based guide to security in Kubernetes, using a vanillaKubernetes installation with its (built-in) defaults as a starting point.Well kick off discussions with an abstract threat model of a distributedsystem running arbitrary workloads and progress to a detailed assessmentof each component of a secure Kubernetes system.
In each chapter, we examine a components architecture and potential defaultsettings and review high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). We also demonstrateattacks and share best-practice configuration in order to demonstrate hardeningclusters from possible angles of attack.
In order to aid you in navigating the book, heres a quick rundown on thechapter level:
In we set the scene, introducing our main antagonist and also whatthreat modeling is.
then focuses on pods, from configurations toattacks to defenses.
Next up, in , we switch gears and dive deepinto sandboxing and isolation techniques.
then covers supply chain attacks and what youcan do to detect and mitigate them.
In we then review networking defaults and how to secureyour cluster and workload traffic.
Then, in we shift our focus to aspects of persistence, lookingat filesystems, volumes, and sensitive information at rest.
covers the topic of running workloads for multitenants in a cluster and what can go wrong with this.
Next up is , where we review different kinds of policiesin use, discuss access controlspecifically role-based access control (RBAC)andgeneric policy solutions such as Open Policy Agent (OPA).
Font size:
Interval:
Bookmark:
Similar books «Hacking Kubernetes: Threat-Driven Analysis and Defense»
Look at similar books to Hacking Kubernetes: Threat-Driven Analysis and Defense. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Hacking Kubernetes: Threat-Driven Analysis and Defense and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.