Cloud Native Security. Chris Binnie
Чтение книги онлайн.
Читать онлайн книгу Cloud Native Security - Chris Binnie страница 2
![Cloud Native Security - Chris Binnie Cloud Native Security - Chris Binnie](/cover_pre965199.jpg)
6 Part III: Cloud Security CHAPTER 13: Monitoring Cloud Operations Host Dashboarding with NetData Cloud Platform Interrogation with Komiser Summary CHAPTER 14: Cloud Guardianship Installing Cloud Custodian More Complex Policies IAM Policies S3 Data at Rest Generating Alerts Summary CHAPTER 15: Cloud Auditing Runtime, Host, and Cloud Testing with Lunar AWS Auditing with Cloud Reports CIS Benchmarks and AWS Auditing with Prowler Summary CHAPTER 16: AWS Cloud Storage Buckets Native Security Settings Automated S3 Attacks Storage Hunting Summary
7 Part IV: Advanced Kubernetes and Runtime Security CHAPTER 17: Kubernetes External Attacks The Kubernetes Network Footprint Attacking the API Server Attacking etcd Attacking the Kubelet Summary CHAPTER 18: Kubernetes Authorization with RBAC Kubernetes Authorization Mechanisms RBAC Overview RBAC Gotchas Auditing RBAC Summary CHAPTER 19: Network Hardening Container Network Overview Restricting Traffic in Kubernetes Clusters CNI Network Policy Extensions Summary CHAPTER 20: Workload Hardening Using Security Context in Manifests Mandatory Workload Security PodSecurityPolicy PSP Alternatives Summary
8 Index
List of Tables
1 Chapter 1Table 1.1: Common Container Components
2 Chapter 2Table 2.1: Rootless Mode Limitations and Restrictions
3 Chapter 4Table 4.1: Actions for auditd
When Disks Are Filling Up RapidlyTable 4.2: The Different Permissions You Can ApplyTable 4.3: List Options Available for fork
and clone
SyscallsTable 4.4: Options for audit_set_failure
4 Chapter 5Table 5.1: Deployment Methods for kube-hunter
Table 5.2: Scanning Options That You Can Try in kube-hunter
Table 5.3: Hunting Modes in kube-hunter
5 Chapter 6Table 6.1: Policy Matching Criteria That Anchore Can Use Within Its PoliciesTable 6.2: The Policies Available from the Policy Hub
6 Chapter 7Table 7.1: ZAP Builds Available via Docker
7 Chapter 8Table 8.1: Using Tags in Gauntlt to Get More or Less Results
8 Chapter 12Table 12.1: Interactive Options for Nikto While It's RunningTable 12.2: IDS Evasion Capabilities Courtesy of LibwhiskerTable 12.3: Nikto Offers “Mutation” Technique Options, TooTable 12.4: Tuning Options Within Nikto
9 Chapter 15Table 15.1: The Many Areas of Coverage That Lunar Offers
10 Chapter