Hacking Kubernetes: Threat-Driven Analysis and Defense
Martin, Andrew, Hausenblas, Michael
- 出版商: O'Reilly
- 出版日期: 2021-11-16
- 定價: $2,270
- 售價: 9.5 折 $2,157
- 貴賓價: 9.0 折 $2,043
- 語言: 英文
- 頁數: 314
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1492081736
- ISBN-13: 9781492081739
-
相關分類:
Kubernetes、駭客 Hack
立即出貨 (庫存=1)
買這商品的人也買了...
-
$980$774 -
$2,200$2,090 -
$680$537 -
$1,710The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback)
-
$1,700$1,700 -
$480$379 -
$1,700$1,615 -
$4,620$4,389 -
$2,100$1,995 -
$454物聯網滲透測試 (Iot Penetration Testing Cookbook)
-
$1,150Kubernetes Best Practices: Blueprints for Building Successful Applications on Kubernetes
-
$1,650$1,568 -
$594$564 -
$2,052Threat Modeling: A Practical Guide for Development Teams (Paperback)
-
$834$792 -
$1,400$1,330 -
$359$341 -
$340$333 -
$594$564 -
$2,475Software Architecture: The Hard Parts: Modern Trade-Off Analyses for Distributed Architectures (Paperback)
-
$1,850$1,758 -
$403物聯網安全實戰
-
$2,230$2,119 -
$2,195$2,079 -
$750$585
相關主題
商品描述
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack.
This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.
- Understand where your Kubernetes system is vulnerable with threat modelling techniques
- Focus on pods, from configurations to attacks and defenses
- Secure your cluster and workload traffic
- Define and enforce policy with RBAC, OPA, and Kyverno
- Dive deep into sandboxing and isolation techniques
- Learn how to detect and mitigate supply chain attacks
- Explore filesystems, volumes, and sensitive information at rest
- Discover what can go wrong when running multitenant workloads in a cluster
- Learn what you can do if someone breaks in despite you having controls in place
商品描述(中文翻譯)
想要安全且可靠地運行您的 Kubernetes 工作負載嗎?這本實用書提供了一個基於威脅的 Kubernetes 安全指南。每一章節都會檢視特定組件的架構和潛在的預設設定,並回顧現有的知名攻擊和歷史上的常見漏洞和曝光(CVE)。作者 Andrew Martin 和 Michael Hausenblas 分享了最佳實踐配置,以幫助您從可能的攻擊角度加固集群。
本書以內建預設值的原始 Kubernetes 安裝開始。您將檢視一個抽象的威脅模型,該模型描述了運行任意工作負載的分散系統,然後詳細評估安全 Kubernetes 系統的每個組件。
- 使用威脅建模技術了解您的 Kubernetes 系統存在的漏洞
- 專注於 Pod,從配置到攻擊和防禦
- 保護您的集群和工作負載流量
- 使用 RBAC、OPA 和 Kyverno 定義和執行策略
- 深入研究沙箱和隔離技術
- 學習如何檢測和緩解供應鏈攻擊
- 探索文件系統、卷和靜態敏感信息
- 了解在集群中運行多租戶工作負載時可能出現的問題
- 學習如果有人侵入系統,即使您已經有控制措施,您還可以做些什麼
作者簡介
Andrew Martin is CEO of ControlPlane.
Michael Hausenblas is Product Developer Advocate Amazon Web Service.
作者簡介(中文翻譯)
Andrew Martin 是 ControlPlane 的 CEO。
Michael Hausenblas 是 Amazon Web Service 的產品開發者倡導者。