Hacking Kubernetes: Threat-Driven Analysis and Defense

Martin, Andrew, Hausenblas, Michael

  • 出版商: O'Reilly
  • 出版日期: 2021-11-16
  • 定價: $2,270
  • 售價: 9.5$2,157
  • 貴賓價: 9.0$2,043
  • 語言: 英文
  • 頁數: 314
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1492081736
  • ISBN-13: 9781492081739
  • 相關分類: Kubernetes駭客 Hack
  • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack.

This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.

  • Understand where your Kubernetes system is vulnerable with threat modelling techniques
  • Focus on pods, from configurations to attacks and defenses
  • Secure your cluster and workload traffic
  • Define and enforce policy with RBAC, OPA, and Kyverno
  • Dive deep into sandboxing and isolation techniques
  • Learn how to detect and mitigate supply chain attacks
  • Explore filesystems, volumes, and sensitive information at rest
  • Discover what can go wrong when running multitenant workloads in a cluster
  • Learn what you can do if someone breaks in despite you having controls in place

商品描述(中文翻譯)

想要安全且可靠地運行您的 Kubernetes 工作負載嗎?這本實用書提供了一個基於威脅的 Kubernetes 安全指南。每一章節都會檢視特定組件的架構和潛在的預設設定,並回顧現有的知名攻擊和歷史上的常見漏洞和曝光(CVE)。作者 Andrew Martin 和 Michael Hausenblas 分享了最佳實踐配置,以幫助您從可能的攻擊角度加固集群。

本書以內建預設值的原始 Kubernetes 安裝開始。您將檢視一個抽象的威脅模型,該模型描述了運行任意工作負載的分散系統,然後詳細評估安全 Kubernetes 系統的每個組件。

- 使用威脅建模技術了解您的 Kubernetes 系統存在的漏洞
- 專注於 Pod,從配置到攻擊和防禦
- 保護您的集群和工作負載流量
- 使用 RBAC、OPA 和 Kyverno 定義和執行策略
- 深入研究沙箱和隔離技術
- 學習如何檢測和緩解供應鏈攻擊
- 探索文件系統、卷和靜態敏感信息
- 了解在集群中運行多租戶工作負載時可能出現的問題
- 學習如果有人侵入系統,即使您已經有控制措施,您還可以做些什麼

作者簡介

Andrew Martin is CEO of ControlPlane.

Michael Hausenblas is Product Developer Advocate Amazon Web Service.

作者簡介(中文翻譯)

Andrew Martin 是 ControlPlane 的 CEO。

Michael Hausenblas 是 Amazon Web Service 的產品開發者倡導者。