Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security in Containers and Cluster Using 5 factor sec model Naeem -…
Security in Containers
and Cluster
Using
5 factor sec
model
Naeem
Secure Design &
Code Principals
Security req at par
with functional req
Sec stories are prioritizes
Design
Least Access Prevelige
Defence in Deptj
Minimize attach surface
Separation Of Duties
Thread Modelling
Code:
Static Code Analysis
S/w Composition analysis
SAST is static application security testing
for analyzing code for security bugs.
DAST is dynamic application security testing
for testing an application at runtime.
Secure images and Registries
Images:
Start with trusted base image
Have least components
to reduce surface attack.
Unnecessary components make
an image more vulnerable
to security attacks.
Grant min previlege
Image scanning after
every build
Registry
Image Signing using TUF and Notary.
Use public and private keys
TLS to be used while pushing and pulling the image
Use Immutable tags
Secure Container
& Host
Secure Host
Secure Container
Never create Priveleged Container
eg: docker run --privileged <imgName>
Types of
container n/w
Host
Brigde
Allows container on
same host to communicate
None:
UnderLay
OverLay
Secure Apps in K8s
Secure k8s Cluster