Hacking Kubernetes: Threat-Driven Analysis and Defense
暫譯: 駭客攻擊 Kubernetes:威脅驅動的分析與防禦
Martin, Andrew, Hausenblas, Michael
買這商品的人也買了...
-
Linux 驅動程式, 3/e (Linux Device Drivers, 3/e)$980$774 -
Fuzzing: Brute Force Vulnerability Discovery (Paperback)$2,220$2,109 -
Linux Kernel Hacks 改善效能、提昇開發效率及節能的技巧與工具$680$537 -
The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback)$1,800$1,764 -
Arduino 官方正版 Genuino 101$1,700$1,700 -
Node.js 物聯網裝置開發 (Node.JS for Embedded Systems: Using Web Technologies to Build Connected Devices)$480$379 -
Advanced API Security: The Definitive Guide to API Security, 2/e$1,710$1,625 -
Raspberry Pi 3 Model B+ (UK製)$4,620$4,389 -
$1,785Learning CoreDNS : Configuring DNS for Cloud Native Environments (Paperback) -
$534物聯網滲透測試 (Iot Penetration Testing Cookbook) -
$1,150Kubernetes Best Practices: Blueprints for Building Successful Applications on Kubernetes -
$1,320Deep Learning with JavaScript: Neural Networks in Tensorflow.Js -
$505從實踐中學習 Windows 滲透測試 -
$2,052Threat Modeling: A Practical Guide for Development Teams (Paperback) -
$709網絡安全與攻防策略:現代威脅應對之道(原書第2版) -
Cloud Native Security$1,400$1,330 -
移動終端漏洞挖掘技術$359$341 -
嵌入式 Linux 作業系統實務$340$333 -
Go 黑帽子 : 滲透測試編程之道$594$564 -
$2,338Software Architecture: The Hard Parts: Modern Trade-Off Analyses for Distributed Architectures (Paperback) -
The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks (Paperback)$1,860$1,767 -
物聯網安全實戰$474$450 -
$1,784Istio in Action -
Ansible: Up and Running: Automating Configuration Management and Deployment the Easy Way, 3/e (Paperback)$2,195$2,079 -
OpenTelemetry 入門指南:建立全面可觀測性架構(iThome鐵人賽系列書)【軟精裝】$750$585
商品描述
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack.
This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.
- Understand where your Kubernetes system is vulnerable with threat modelling techniques
- Focus on pods, from configurations to attacks and defenses
- Secure your cluster and workload traffic
- Define and enforce policy with RBAC, OPA, and Kyverno
- Dive deep into sandboxing and isolation techniques
- Learn how to detect and mitigate supply chain attacks
- Explore filesystems, volumes, and sensitive information at rest
- Discover what can go wrong when running multitenant workloads in a cluster
- Learn what you can do if someone breaks in despite you having controls in place
商品描述(中文翻譯)
想要安全地運行您的 Kubernetes 工作負載嗎?這本實用的書籍提供了一個基於威脅的 Kubernetes 安全指南。每一章都檢視特定組件的架構和潛在的預設設定,然後回顧現有的高知名度攻擊和歷史上的常見漏洞與暴露(Common Vulnerabilities and Exposures, CVEs)。作者 Andrew Martin 和 Michael Hausenblas 分享最佳實踐配置,幫助您從可能的攻擊角度加固叢集。
本書從一個使用內建預設的基本 Kubernetes 安裝開始。您將檢視一個運行任意工作負載的分散式系統的抽象威脅模型,然後深入評估安全 Kubernetes 系統的每個組件。
- 了解您的 Kubernetes 系統在哪裡存在漏洞,使用威脅建模技術
- 專注於 pods,從配置到攻擊和防禦
- 保護您的叢集和工作負載流量
- 使用 RBAC、OPA 和 Kyverno 定義和執行政策
- 深入探討沙箱和隔離技術
- 學習如何檢測和減輕供應鏈攻擊
- 探索檔案系統、卷和靜態敏感資訊
- 發現在叢集中運行多租戶工作負載時可能出現的問題
- 學習如果有人突破控制措施,您可以採取什麼行動
作者簡介
Andrew Martin is CEO of ControlPlane.
Michael Hausenblas is Product Developer Advocate Amazon Web Service.
作者簡介(中文翻譯)
安德魯·馬丁(Andrew Martin)是 ControlPlane 的執行長。
邁克爾·豪森布拉斯(Michael Hausenblas)是亞馬遜網路服務(Amazon Web Service)的產品開發倡導者。
