Читать книгу Cloud Native Security - Chris Binnie - Страница 2
Table of Contents
Оглавление1 Cover
3 Introduction Meeting the Challenge A Few Conventions Companion Download Files How to Contact the Publisher
4 Part I: Container and Orchestrator Security CHAPTER 1: What Is A Container? Common Misconceptions Container Components Kernel Capabilities Other Containers Summary CHAPTER 2: Rootless Runtimes Docker Rootless Mode Running Rootless Podman Summary CHAPTER 3: Container Runtime Protection Running Falco Configuring Rules Summary CHAPTER 4: Forensic Logging Things to Consider Salient Files Breaking the Rules Key Commands The Rules Parsing Rules Monitoring Ordering and Performance Summary CHAPTER 5: Kubernetes Vulnerabilities Mini Kubernetes Options for Using kube-hunter Container Deployment Inside Cluster Tests Minikube vs. kube-hunter Getting a List of Tests Summary CHAPTER 6: Container Image CVEs Understanding CVEs Trivy Exploring Anchore Clair Summary
5 Part II: DevSecOps Tooling CHAPTER 7: Baseline Scanning (or, Zap Your Apps) Where to Find ZAP Baseline Scanning Scanning Nmap's Host Adding Regular Expressions Summary CHAPTER 8: Codifying Security Security Tooling Installation Simple Tests Example Attack Files Summary CHAPTER 9: Kubernetes Compliance Mini Kubernetes Using kube-bench Troubleshooting Automation Summary CHAPTER 10: Securing Your Git Repositories Things to Consider Installing and Running Gitleaks Installing and Running GitRob Summary CHAPTER 11: Automated Host Security Machine Images Idempotency Secure Shell Example Kernel Changes Summary CHAPTER 12: Server Scanning With Nikto Things to Consider Installation Scanning a Second Host Running Options Command-Line Options Evasion Techniques The Main Nikto Configuration File Summary
6 Part III: Cloud Security CHAPTER 13: Monitoring Cloud Operations Host Dashboarding with NetData Cloud Platform Interrogation with Komiser Summary CHAPTER 14: Cloud Guardianship Installing Cloud Custodian More Complex Policies IAM Policies S3 Data at Rest Generating Alerts Summary CHAPTER 15: Cloud Auditing Runtime, Host, and Cloud Testing with Lunar AWS Auditing with Cloud Reports CIS Benchmarks and AWS Auditing with Prowler Summary CHAPTER 16: AWS Cloud Storage Buckets Native Security Settings Automated S3 Attacks Storage Hunting Summary
7 Part IV: Advanced Kubernetes and Runtime Security CHAPTER 17: Kubernetes External Attacks The Kubernetes Network Footprint Attacking the API Server Attacking etcd Attacking the Kubelet Summary CHAPTER 18: Kubernetes Authorization with RBAC Kubernetes Authorization Mechanisms RBAC Overview RBAC Gotchas Auditing RBAC Summary CHAPTER 19: Network Hardening Container Network Overview Restricting Traffic in Kubernetes Clusters CNI Network Policy Extensions Summary CHAPTER 20: Workload Hardening Using Security Context in Manifests Mandatory Workload Security PodSecurityPolicy PSP Alternatives Summary
8 Index
