Hacking Kubernetes: Threat-Driven Analysis and Defense
Martin, Andrew, Hausenblas, Michael
- 出版商: O'Reilly
- 出版日期: 2021-11-16
- 定價: $2,270
- 售價: 9.5 折 $2,157
- 貴賓價: 9.0 折 $2,043
- 語言: 英文
- 頁數: 314
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1492081736
- ISBN-13: 9781492081739
-
相關分類:
Kubernetes、駭客 Hack
立即出貨 (庫存=1)
買這商品的人也買了...
-
Linux 驅動程式, 3/e (Linux Device Drivers, 3/e)$980$774 -
Fuzzing: Brute Force Vulnerability Discovery (Paperback)$2,200$2,090 -
Linux Kernel Hacks 改善效能、提昇開發效率及節能的技巧與工具$680$537 -
$1,710The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback) -
Arduino 官方正版 Genuino 101$1,700$1,700 -
Node.js 物聯網裝置開發 (Node.JS for Embedded Systems: Using Web Technologies to Build Connected Devices)$480$379 -
Advanced API Security: The Definitive Guide to API Security, 2/e$1,330$1,260 -
Raspberry Pi 3 Model B+ (UK製)$4,620$4,389 -
$1,890Learning CoreDNS : Configuring DNS for Cloud Native Environments (Paperback) -
$454物聯網滲透測試 (Iot Penetration Testing Cookbook) -
$1,150Kubernetes Best Practices: Blueprints for Building Successful Applications on Kubernetes -
$1,568Deep Learning with JavaScript: Neural Networks in Tensorflow.Js -
$505從實踐中學習 Windows 滲透測試 -
$1,584Threat Modeling: A Practical Guide for Development Teams (Paperback) -
$709網絡安全與攻防策略:現代威脅應對之道(原書第2版) -
$1,330Cloud Native Security -
$305移動終端漏洞挖掘技術 -
嵌入式 Linux 作業系統實務$340$323 -
$1,840Multithreaded JavaScript: Concurrency Beyond the Event Loop -
Go 黑帽子 : 滲透測試編程之道$594$564 -
$2,160Software Architecture: The Hard Parts: Modern Trade-Off Analyses for Distributed Architectures (Paperback) -
$1,663The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks (Paperback) -
物聯網安全實戰$474$450 -
$2,007Istio in Action -
Ansible: Up and Running: Automating Configuration Management and Deployment the Easy Way, 3/e (Paperback)$2,195$2,079
商品描述
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack.
This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.
- Understand where your Kubernetes system is vulnerable with threat modelling techniques
- Focus on pods, from configurations to attacks and defenses
- Secure your cluster and workload traffic
- Define and enforce policy with RBAC, OPA, and Kyverno
- Dive deep into sandboxing and isolation techniques
- Learn how to detect and mitigate supply chain attacks
- Explore filesystems, volumes, and sensitive information at rest
- Discover what can go wrong when running multitenant workloads in a cluster
- Learn what you can do if someone breaks in despite you having controls in place
商品描述(中文翻譯)
想要安全且可靠地運行您的 Kubernetes 工作負載嗎?這本實用書提供了一個基於威脅的 Kubernetes 安全指南。每一章節都會檢視特定組件的架構和潛在的預設設定,並回顧現有的知名攻擊和歷史上的常見漏洞和曝光(CVE)。作者 Andrew Martin 和 Michael Hausenblas 分享了最佳實踐配置,以幫助您從可能的攻擊角度加固集群。
本書以內建預設值的原始 Kubernetes 安裝開始。您將檢視一個抽象的威脅模型,該模型描述了運行任意工作負載的分散系統,然後詳細評估安全 Kubernetes 系統的每個組件。
- 使用威脅建模技術了解您的 Kubernetes 系統存在的漏洞
- 專注於 Pod,從配置到攻擊和防禦
- 保護您的集群和工作負載流量
- 使用 RBAC、OPA 和 Kyverno 定義和執行策略
- 深入研究沙箱和隔離技術
- 學習如何檢測和緩解供應鏈攻擊
- 探索文件系統、卷和靜態敏感信息
- 了解在集群中運行多租戶工作負載時可能出現的問題
- 學習如果有人侵入系統,即使您已經有控制措施,您還可以做些什麼
作者簡介
Andrew Martin is CEO of ControlPlane.
Michael Hausenblas is Product Developer Advocate Amazon Web Service.
作者簡介(中文翻譯)
Andrew Martin 是 ControlPlane 的 CEO。
Michael Hausenblas 是 Amazon Web Service 的產品開發者倡導者。
