Cloud Native Security
- Length: 336 pages
- Edition: 1
- Language: English
- Publisher: Wiley
- Publication Date: 2021-07-21
- ISBN-10: 1119782236
- ISBN-13: 9781119782230
- Sales Rank: #9517164 (See Top 100 Books)
Explore the latest and most comprehensive guide to securing your Cloud Native technology stack
Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today’s Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates.
The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You’ll also learn about:
- Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines
- Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates
- Securing the most popular container orchestrator, Kubernetes
- Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies
Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.
Cover Table of Contents Title Page Introduction Meeting the Challenge A Few Conventions Companion Download Files How to Contact the Publisher Part I: Container and Orchestrator Security CHAPTER 1: What Is A Container? Common Misconceptions Container Components Kernel Capabilities Other Containers Summary CHAPTER 2: Rootless Runtimes Docker Rootless Mode Running Rootless Podman Summary CHAPTER 3: Container Runtime Protection Running Falco Configuring Rules Summary CHAPTER 4: Forensic Logging Things to Consider Salient Files Breaking the Rules Key Commands The Rules Parsing Rules Monitoring Ordering and Performance Summary CHAPTER 5: Kubernetes Vulnerabilities Mini Kubernetes Options for Using kube-hunter Container Deployment Inside Cluster Tests Minikube vs. kube-hunter Getting a List of Tests Summary CHAPTER 6: Container Image CVEs Understanding CVEs Trivy Exploring Anchore Clair Summary Part II: DevSecOps Tooling CHAPTER 7: Baseline Scanning (or, Zap Your Apps) Where to Find ZAP Baseline Scanning Scanning Nmap's Host Adding Regular Expressions Summary CHAPTER 8: Codifying Security Security Tooling Installation Simple Tests Example Attack Files Summary CHAPTER 9: Kubernetes Compliance Mini Kubernetes Using kube-bench Troubleshooting Automation Summary CHAPTER 10: Securing Your Git Repositories Things to Consider Installing and Running Gitleaks Installing and Running GitRob Summary CHAPTER 11: Automated Host Security Machine Images Idempotency Secure Shell Example Kernel Changes Summary CHAPTER 12: Server Scanning With Nikto Things to Consider Installation Scanning a Second Host Running Options Command-Line Options Evasion Techniques The Main Nikto Configuration File Summary Part III: Cloud Security CHAPTER 13: Monitoring Cloud Operations Host Dashboarding with NetData Cloud Platform Interrogation with Komiser Summary CHAPTER 14: Cloud Guardianship Installing Cloud Custodian More Complex Policies IAM Policies S3 Data at Rest Generating Alerts Summary CHAPTER 15: Cloud Auditing Runtime, Host, and Cloud Testing with Lunar AWS Auditing with Cloud Reports CIS Benchmarks and AWS Auditing with Prowler Summary CHAPTER 16: AWS Cloud Storage Buckets Native Security Settings Automated S3 Attacks Storage Hunting Summary Part IV: Advanced Kubernetes and Runtime Security CHAPTER 17: Kubernetes External Attacks The Kubernetes Network Footprint Attacking the API Server Attacking etcd Attacking the Kubelet Summary CHAPTER 18: Kubernetes Authorization with RBAC Kubernetes Authorization Mechanisms RBAC Overview RBAC Gotchas Auditing RBAC Summary CHAPTER 19: Network Hardening Container Network Overview Restricting Traffic in Kubernetes Clusters CNI Network Policy Extensions Summary CHAPTER 20: Workload Hardening Using Security Context in Manifests Mandatory Workload Security PodSecurityPolicy PSP Alternatives Summary Index Copyright About the Authors About the Technical Editor End User License Agreement
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.