TL;DR This article explores how we can reverse engineer Docker images by examining the internals of how Docker images store data, how to use tools to examine the different aspects of the image, and how we can create tools like Dedockify to leverage the Python Docker API to create...
...
Kubernetes supports over 30 Admission Controllers. Subsequent to Authorization and Authentication, Admission Controllers are the final step in a 3-step process before Kubernetes persists the resource in etcd (a consistent and highly-available key value store used as Kubernetes’ backing store for all cluster data). Some relevant Admission Controllers to secure...
...
Authorization Modes Kubernetes supports the following authorization modes: Attribute-Based Access Control: An authorizer through which access rights are granted to users through policies combining attributes (resources attributes, user attributes, objects, etc.)Node Authorization: A special-purpose authorizer that grants permissions to kubelets based on the pods they are scheduled to run...
...
There are 3 steps that Kubernetes uses to enforce security access and permissions - Authentication, Authorization and Admission. In this article we are going to consider Authentication first. The Authentication, Authorization and Admission Control ProcessThe first thing in Authentication is Identity. IdentityKubernetes assumes that 'users' are managed outside of Kubernetes:...
...
TL;DR This article explores modern honeypots that leverage containerization by walking through the design of a high-interaction honeypot that can use arbitrary Docker containers to lure malicious attacks. Photo by Clint Patterson / Unsplash Introduction While honeypots have been around for a very long time, this article will attempt to...
...
IntroductionAt their 2018 annual Re:Invent conference, AWS announced an exciting new product called "Firecracker" that is quickly setting the cloud-native ecosystem on fire. Firecracker is a Virtual Machine Manager (VMM) exclusively designed for running transient and short-lived processes. In other words, it is optimized for running functions and serverless...
...
Secure Computing Mode, also known as Seccomp, is a Linux kernel feature that improves several security features to help run Docker in a more secure environment. It is more like a sandbox environment that not only acts as a firewall for syscalls but also enables you to restrict the actions...
...
Kiam came into existence in order to solve 2 major problems in kube2iam. They were: # Data races under load condition # Prefetch credentials to reduce start latency and improve reliability...
...
In this topic, we will consider some of the key capabilities of trusted repositories and container registries. We will cover secure authentication, scanning and signing of content as necessary practices that ensure a secure Kubernetes environment. In order to establish a deployment of Kubernetes cluster and application workloads into that...
...
IntroductionOne of the major benefits of using containers for application, and Kubernetes for their orchestration, is that you can get the most out of the underlying virtual machines. This however, gives rise to a unique problem of managing access for PODs to various AWS services. For example: A Kubernetes node...
...