Getting container visibility and security for docker networking can be a challenge even for a pure container based application stack, or cluster. For most enterprises this challenge can be even tougher when trying to secure a hybrid environment with both container and non-container applications. Many enterprises are in the midst of migration projects to a microservices based architecture with containers. …
By Gary Duan Kubernetes 1.7 was recently released. The highlights of the release include much improved security features. Here’s a summary from the Kubernetes blog: At-a-glance, security enhancements in this release include encrypted secrets, network policy for pod-to-pod communication, node authorizer to limit kubelet access and client / server TLS certificate rotation. Security is often cited as one of the …
Integrate and Automate Security in Your Build, Ship, & Run Processes As enterprises move quickly to deploy containers and microservices with a continuous integration and delivery (CI/CD) pipeline, security often becomes an afterthought. DevOps and security teams should also strive to achieve continuous container security in the pipeline. The starting point for container security is during the Build phase, making …
The recently discovered ‘Stack Clash’ vulnerability in Linux-based systems is another critical security issue like Dirty Cow, but can the stack clash vulnerability affect containers, and what could an attacker do? The short answer is yes, an attacker could exploit the vulnerability to gain root privileges within a container, but not necessarily be able to break out from the container. …
Also is the First to Implement Distributed Security Auditing for Kubernetes 1.6 Deployments [UPDATE]: NeuVector open source tool and product now supports Kubernetes 1.7 and the newly release 1.8 CIS benchmark By Gary Duan The Center for Internet Security (CIS) recently released the Kubernetes CIS Benchmark for Kubernetes 1.6 security auditing. Many companies planning deployments or already in production will …