Book description
To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions.
Author Liz Rice, Chief Open Source Officer at Isovalent, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.
- Explore attack vectors that affect container deployments
- Dive into the Linux constructs that underpin containers
- Examine measures for hardening containers
- Understand how misconfigurations can compromise container isolation
- Learn best practices for building container images
- Identify container images that have known software vulnerabilities
- Leverage secure connections between containers
- Use security tooling to prevent attacks on your deployment
Publisher resources
Table of contents
- Preface
- 1. Container Security Threats
- 2. Linux System Calls, Permissions, and Capabilities
- 3. Control Groups
-
4. Container Isolation
- Linux Namespaces
- Isolating the Hostname
- Isolating Process IDs
- Changing the Root Directory
- Combine Namespacing and Changing the Root
- Mount Namespace
- Network Namespace
- User Namespace
- Inter-process Communications Namespace
- Cgroup Namespace
- Container Processes from the Host Perspective
- Container Host Machines
- Summary
- 5. Virtual Machines
- 6. Container Images
-
7. Software Vulnerabilities in Images
- Vulnerability Research
- Vulnerabilities, Patches, and Distributions
- Application-Level Vulnerabilities
- Vulnerability Risk Management
- Vulnerability Scanning
- Installed Packages
- Container Image Scanning
- Scanning Tools
- Scanning in the CI/CD Pipeline
- Prevent Vulnerable Images from Running
- Zero-Day Vulnerabilities
- Summary
- 8. Strengthening Container Isolation
- 9. Breaking Container Isolation
- 10. Container Network Security
- 11. Securely Connecting Components with TLS
- 12. Passing Secrets to Containers
- 13. Container Runtime Protection
- 14. Containers and the OWASP Top 10
- Conclusions
- Security Checklist
- Index
Product information
- Title: Container Security
- Author(s):
- Release date: April 2020
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492056706
You might also like
book
Security Observability with eBPF
Kubernetes has become the de facto cloud operating system, making it a rich target for both …
book
Security as Code
DevOps engineers, developers, and security engineers have ever-changing roles to play in today's cloud native world. …
book
Practical Cloud Security
With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and …
book
Mastering Linux Security and Hardening - Second Edition
A comprehensive guide to securing your Linux system against cyberattacks and intruders Key Features Deliver a …