Cloud Native Security
Description
Loading Description...
More Details
Format
Language
English
ISBN
1119782244, 9781119782247, 9781394176847, 1394176848, 9781119824534, 1119824532
UPC
10.1002/9781394176847
Notes
Description
Explore the latest and most comprehensive guide to securing your Cloud Native technology stack Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates. The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You'll also learn about: Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates Securing the most popular container orchestrator, Kubernetes Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.
Local note
O'Reilly,O'Reilly Online Learning: Academic/Public Library Edition
Also in this Series
Checking series information...
Reviews from GoodReads
Loading GoodReads Reviews.
Citations
APA Citation, 7th Edition (style guide)
Binnie, C., & McCune, R. (2021). Cloud Native Security . John Wiley & Sons.
Chicago / Turabian - Author Date Citation, 17th Edition (style guide)Binnie, Chris and Rory, McCune. 2021. Cloud Native Security. Hoboken, NJ: John Wiley & Sons.
Chicago / Turabian - Humanities (Notes and Bibliography) Citation, 17th Edition (style guide)Binnie, Chris and Rory, McCune. Cloud Native Security Hoboken, NJ: John Wiley & Sons, 2021.
Harvard Citation (style guide)Binnie, C. and McCune, R. (2021). Cloud native security. Hoboken, NJ: John Wiley & Sons.
MLA Citation, 9th Edition (style guide)Binnie, Chris,, and Rory McCune. Cloud Native Security John Wiley & Sons, 2021.
Note! Citations contain only title, author, edition, publisher, and year published. Citations should be used as a guideline and should be double checked for accuracy. Citation formats are based on standards as of August 2021.
Staff View
Grouped Work ID
346667ac-7ce0-1542-0c42-b4f58220f125-eng
Grouping Information
| Grouped Work ID | 346667ac-7ce0-1542-0c42-b4f58220f125-eng |
|---|---|
| Full title | cloud native security |
| Author | binnie chris |
| Grouping Category | book |
| Last Update | 2025-01-24 12:33:29PM |
| Last Indexed | 2025-02-07 03:07:46AM |
Book Cover Information
| Image Source | contentCafe |
|---|---|
| First Loaded | Jan 20, 2025 |
| Last Used | Feb 5, 2025 |
Marc Record
| First Detected | Dec 16, 2024 11:17:04 PM |
|---|---|
| Last File Modification Time | Dec 17, 2024 08:16:51 AM |
| Suppressed | Record had no items |
MARC Record
| LEADER | 09332cam a2200589 i 4500 | ||
|---|---|---|---|
| 001 | on1257548643 | ||
| 003 | OCoLC | ||
| 005 | 20241217081440.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 210625s2021 njua o 000 0 eng d | ||
| 015 | |a GBC1J7387|2 bnb | ||
| 016 | 7 | |a 020364892|2 Uk | |
| 020 | |a 1119782244|q (electronic book) | ||
| 020 | |a 9781119782247|q (electronic bk.) | ||
| 020 | |a 9781394176847|q (electronic bk.) | ||
| 020 | |a 1394176848|q (electronic bk.) | ||
| 020 | |a 9781119824534|q (electronic bk.) | ||
| 020 | |a 1119824532|q (electronic bk.) | ||
| 024 | 7 | |a 10.1002/9781394176847|2 doi | |
| 035 | |a (OCoLC)1257548643 | ||
| 037 | |a 9781119782247|b Wiley | ||
| 037 | |a 9932135|b IEEE | ||
| 040 | |a YDX|b eng|e rda|e pn|c YDX|d YDX|d YDXIT|d OCLCO|d N$T|d TOH|d WAU|d UKMGB|d UKAHL|d OCLCQ|d OCLCO|d IEEEE|d OCLCQ|d OL$|d OCLCF|d OCLCO|d OCLCL | ||
| 049 | |a MAIN | ||
| 050 | 4 | |a QA76.585|b .B55 2021 | |
| 072 | 7 | |a COM|x 053000|2 bisacsh | |
| 072 | 7 | |a COM|x 091000|2 bisacsh | |
| 082 | 0 | 4 | |a 004.6782|2 23 |
| 100 | 1 | |a Binnie, Chris,|e author. | |
| 245 | 1 | 0 | |a Cloud Native Security /|c Chris Binnie, Rory McCune. |
| 264 | 1 | |a Hoboken, NJ :|b John Wiley & Sons,|c [2021] | |
| 300 | |a 1 online resource (xxiv, 307 pages) :|b illustrations | ||
| 336 | |a text|b txt|2 rdacontent | ||
| 337 | |a computer|b c|2 rdamedia | ||
| 338 | |a online resource|b cr|2 rdacarrier | ||
| 505 | 0 | |a Introduction xix -- Part I Container and Orchestrator Security 1 -- Chapter 1 What is a Container? 3 -- Common Misconceptions 4 -- Container Components 6 -- Kernel Capabilities 7 -- Other Containers 13 -- Summary 14 -- Chapter 2 Rootless Runtimes 17 -- Docker Rootless Mode 18 -- Installing Rootless Mode 20 -- Running Rootless Podman 25 -- Setting Up Podman 26 -- Summary 31 -- Chapter 3 Container Runtime Protection 33 -- Running Falco 34 -- Configuring Rules 38 -- Changing Rules 39 -- Macros 41 -- Lists 41 -- Getting Your Priorities Right 41 -- Tagging Rulesets 42 -- Outputting Alerts 42 -- Summary 43 -- Chapter 4 Forensic Logging 45 -- Things to Consider 46 -- Salient Files 47 -- Breaking the Rules 49 -- Key Commands 52 -- The Rules 52 -- Parsing Rules 54 -- Monitoring 58 -- Ordering and Performance 62 -- Summary 63 -- Chapter 5 Kubernetes Vulnerabilities 65 -- Mini Kubernetes 66 -- Options for Using kube-hunter 68 -- Deployment Methods 68 -- Scanning Approaches 69 -- Hunting Modes 69 -- Container Deployment 70 -- Inside Cluster Tests 71 -- Minikube vs. kube-hunter 74 -- Getting a List of Tests 76 -- Summary 77 -- Chapter 6 Container Image CVEs 79 -- Understanding CVEs 80 -- Trivy 82 -- Getting Started 83 -- Exploring Anchore 88 -- Clair 96 -- Secure Registries 97 -- Summary 101 -- Part II DevSecOps Tooling 103 -- Chapter 7 Baseline Scanning (or, Zap Your Apps) 105 -- Where to Find ZAP 106 -- Baseline Scanning 107 -- Scanning Nmap's Host 113 -- Adding Regular Expressions 114 -- Summary 116 -- Chapter 8 Codifying Security 117 -- Security Tooling 117 -- Installation 118 -- Simple Tests 122 -- Example Attack Files 124 -- Summary 127 -- Chapter 9 Kubernetes Compliance 129 -- Mini Kubernetes 130 -- Using kube-bench 133 -- Troubleshooting 138 -- Automation 139 -- Summary 140 -- Chapter 10 Securing Your Git Repositories 141 -- Things to Consider 142 -- Installing and Running Gitleaks 144 -- Installing and Running GitRob 149 -- Summary 151 -- Chapter 11 Automated Host Security 153 -- Machine Images 155 -- Idempotency 156 -- Secure Shell Example 158 -- Kernel Changes 162 -- Summary 163 -- Chapter 12 Server Scanning With Nikto 165 -- Things to Consider 165 -- Installation 166 -- Scanning a Second Host 170 -- Running Options 171 -- Command-Line Options 172 -- Evasion Techniques 172 -- The Main Nikto Configuration File 175 -- Summary 176 -- Part III Cloud Security 177 -- Chapter 13 Monitoring Cloud Operations 179 -- Host Dashboarding with NetData 180 -- Installing Netdata 180 -- Host Installation 180 -- Container Installation 183 -- Collectors 186 -- Uninstalling Host Packages 186 -- Cloud Platform Interrogation with Komiser 186 -- Installation Options 190 -- Summary 191 -- Chapter 14 Cloud Guardianship 193 -- Installing Cloud Custodian 193 -- Wrapper Installation 194 -- Python Installation 195 -- EC2 Interaction 196 -- More Complex Policies 201 -- IAM Policies 202 -- S3 Data at Rest 202 -- Generating Alerts 203 -- Summary 205 -- Chapter 15 Cloud Auditing 207 -- Runtime, Host, and Cloud Testing with Lunar 207 -- Installing to a Bash Default Shell 209 -- Execution 209 -- Cloud Auditing Against Benchmarks 213 -- AWS Auditing with Cloud Reports 215 -- Generating Reports 217 -- EC2 Auditing 219 -- CIS Benchmarks and AWS Auditing with Prowler 220 -- Summary 223 -- Chapter 16 AWS Cloud Storage 225 -- Buckets 226 -- Native Security Settings 229 -- Automated S3 Attacks 231 -- Storage Hunting 234 -- Summary 236 -- Part IV Advanced Kubernetes and Runtime Security 239 -- Chapter 17 Kubernetes External Attacks 241 -- The Kubernetes Network Footprint 242 -- Attacking the API Server 243 -- API Server Information Discovery 243 -- Avoiding API Server Information Disclosure 244 -- Exploiting Misconfigured API Servers 245 -- Preventing Unauthenticated Access to the API Server 246 -- Attacking etcd 246 -- etcd Information Discovery 246 -- Exploiting Misconfigured etcd Servers 246 -- Preventing Unauthorized etcd Access 247 -- Attacking the Kubelet 248 -- Kubelet Information Discovery 248 -- Exploiting Misconfigured Kubelets 249 -- Preventing Unauthenticated Kubelet Access 250 -- Summary 250 -- Chapter 18 Kubernetes Authorization with RBAC 251 -- Kubernetes Authorization Mechanisms 251 -- RBAC Overview 252 -- RBAC Gotchas 253 -- Avoid the cluster-admin Role 253 -- Built-In Users and Groups Can Be Dangerous 254 -- Read-Only Can Be Dangerous 254 -- Create Pod is Dangerous 256 -- Kubernetes Rights Can Be Transient 257 -- Other Dangerous Objects 258 -- Auditing RBAC 258 -- Using kubectl 258 -- Additional Tooling 259 -- Rakkess 259 -- kubectl-who-can 261 -- Rback 261 -- Summary 262 -- Chapter 19 Network Hardening 265 -- Container Network Overview 265 -- Node IP Addresses 266 -- Pod IP Addresses 266 -- Service IP Addresses 267 -- Restricting Traffic in Kubernetes Clusters 267 -- Setting Up a Cluster with Network Policies 268 -- Getting Started 268 -- Allowing Access 271 -- Egress Restrictions 273 -- Network Policy Restrictions 274 -- CNI Network Policy Extensions 275 -- Cilium 275 -- Calico 276 -- Summary 278 -- Chapter 20 Workload Hardening 279 -- Using Security Context in Manifests 279 -- General Approach 280 -- allowPrivilegeEscalation 280 -- Capabilities 281 -- privileged 283 -- readOnlyRootFilesystem 283 -- seccompProfile 283 -- Mandatory Workload Security 285 -- Pod Security Standards 285 -- PodSecurityPolicy 286 -- Setting Up PSPs 286 -- Setting Up PSPs 288 -- PSPs and RBAC 289 -- PSP Alternatives 291 -- Open Policy Agent 292 -- Installation 292 -- Enforcement Actions 295 -- Kyverno 295 -- Installation 296 -- Operation 296 -- Summary 298 -- Index 299. | |
| 520 | |a Explore the latest and most comprehensive guide to securing your Cloud Native technology stack Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates. The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You'll also learn about: Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates Securing the most popular container orchestrator, Kubernetes Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policies Perfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges. | ||
| 588 | 0 | |a Online resource; title from digital title page (viewed on July 26, 2021). | |
| 590 | |a O'Reilly|b O'Reilly Online Learning: Academic/Public Library Edition | ||
| 650 | 0 | |a Cloud computing|x Security measures. | |
| 700 | 1 | |a McCune, Rory,|e author. | |
| 758 | |i has work:|a Cloud Native Security (Text)|1 https://id.oclc.org/worldcat/entity/E39PD3y7y3R6xxhvvBCmMKGbkC|4 https://id.oclc.org/worldcat/ontology/hasWork | ||
| 776 | 0 | 8 | |i Print version:|z 1119782236|z 9781119782230|w (OCoLC)1227269649 |
| 856 | 4 | 0 | |u https://library.access.arlingtonva.us/login?url=https://learning.oreilly.com/library/view/~/9781119782230/?ar|x O'Reilly|z eBook |
| 938 | |a Askews and Holts Library Services|b ASKH|n AH38937416 | ||
| 938 | |a Askews and Holts Library Services|b ASKH|n AH38857832 | ||
| 938 | |a EBSCOhost|b EBSC|n 2953984 | ||
| 938 | |a YBP Library Services|b YANK|n 302284231 | ||
| 938 | |a YBP Library Services|b YANK|n 17550590 | ||
| 994 | |a 92|b VIA | ||
| 999 | |c 357658|d 357658 | ||