container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf ·...
Transcript of container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf ·...
![Page 1: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/1.jpg)
![Page 2: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/2.jpg)
container-solutions.com | @containersoluti
Microservices– asecuritynightmare?
GOTOBerlin-Dec2,2015MaximilianSchöfmannContainerSolutionsSwitzerland
![Page 3: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/3.jpg)
![Page 4: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/4.jpg)
Autonomy
Security
![Page 5: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/5.jpg)
microservices…
small,hencemanyservices
talkingoverthenetwork
builtwithdifferenttechnologies
byautonomousteamswithend-to-endresponsibility
doingDevOpsandContinuousDelivery
usingcontainers
![Page 6: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/6.jpg)
![Page 7: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/7.jpg)
many small services
![Page 8: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/8.jpg)
![Page 9: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/9.jpg)
talking overthenetwork
![Page 10: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/10.jpg)
Java7(1.7.0_03)
![Page 11: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/11.jpg)
built with differenttechnologies
nodejs0.9
Ruby2.1
Java7
Go1.4
Java8
![Page 12: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/12.jpg)
![Page 13: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/13.jpg)
by autonomousteams with end-to-endresponsibility
![Page 14: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/14.jpg)
(ISC)2®
![Page 15: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/15.jpg)
doing DevOps
OWASP??
![Page 16: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/16.jpg)
Specification
Implementation Validation
![Page 17: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/17.jpg)
and ContinuousDelivery
![Page 18: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/18.jpg)
![Page 19: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/19.jpg)
using containers
![Page 20: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/20.jpg)
using containers
XENHypervisor-10^5LOC
LinuxKernel-10^7LOC
![Page 21: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/21.jpg)
![Page 22: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/22.jpg)
many small services
![Page 23: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/23.jpg)
talking overthenetwork
payment_data
(stateless)
cat_ pictures
(stateless)
user_db
![Page 24: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/24.jpg)
talking overthenetwork
payment_data
(stateless)
cat_ pictures
(stateless)
user_db
![Page 25: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/25.jpg)
Authentication: Basic Authtalking overthenetwork
Authorization: Basic c21hcnRhc3MuLi4uCg==
![Page 26: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/26.jpg)
Authentication: Client certificatestalking overthenetwork
![Page 27: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/27.jpg)
Authentication: API Keys
X-My-API-Key: YWxsIHVyIGJhc2UgYXJlIGJlbG9uZ3MgMiAgdXMK
talking overthenetwork
![Page 28: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/28.jpg)
Authentication: HMAC
Authorization: AWS FOOBR7EXAMPLE:frJIUN8h81ADYpKg=
talking overthenetwork
![Page 29: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/29.jpg)
Secrets management
vaultproject.io square.github.io/keywhiz
talking overthenetwork
![Page 30: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/30.jpg)
Single-Sign-Ontalking overthenetwork
SAML
![Page 31: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/31.jpg)
Single-Sign-Ontalking overthenetwork
client SSO service
authenticate
token
requestwithtoken
verify
sendresponse
![Page 32: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/32.jpg)
Single-Sign-Ontalking overthenetwork
client SSO service
authenticate
token
requestwithtoken
verifysendresponse
![Page 33: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/33.jpg)
Authorizationtalking overthenetwork
![Page 34: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/34.jpg)
Authorizationtalking overthenetwork
{ "iss":"[email protected]", “scope”:”https://www.googleapis.com/auth/bigquery", "aud":"https://www.googleapis.com/oauth2/v3/token", "exp":1328554385, "iat":1328550785 }
![Page 35: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/35.jpg)
ID Tokenstalking overthenetwork
{ "sub" : "bob", "email" : "[email protected]", "name" : "Bob Example”, “exp" : 1328672194, "https://mycorp.tld/groups": ["admin", "publisher"] }
![Page 36: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/36.jpg)
Translating ID Tokenstalking overthenetwork
dumbtoken Gateway JWT ServiceA
ServiceB
ServiceC
JWT
JWT
![Page 37: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/37.jpg)
The Confused Deputytalking overthenetwork
![Page 38: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/38.jpg)
API Gatewaystalking overthenetwork
APIG
atew
ay
•Accesscontrol•Ratelimiting•HTTPStermination ...
![Page 39: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/39.jpg)
API Gatewaystalking overthenetwork
APIG
atew
ay
WAF PaymentSvc.
![Page 40: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/40.jpg)
built withdifferenttechnologies
![Page 41: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/41.jpg)
by autonomousteams with end-to-endresponsibility
![Page 42: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/42.jpg)
Trustby autonomousteams with end-to-endresponsibility
IdeafromA.T.KearnyAnalysis
Accountability Expertise
Autonomy&Entrepreneurship
Collaboration&Support
Trust
![Page 43: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/43.jpg)
Definition of Done
“It’s not done, before it’s fast!”
by autonomousteams with end-to-endresponsibility
![Page 44: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/44.jpg)
Definition of Done
“It’s not done, before it’s secure!”
by autonomousteams with end-to-endresponsibility
![Page 45: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/45.jpg)
Rugged Software Manifesto
ruggedsoftware.org
by autonomousteams with end-to-endresponsibility
![Page 46: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/46.jpg)
doing DevOps
SecDevOps?
SecOps?
DevSec?
![Page 47: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/47.jpg)
doing DevOps
SecDevOps
=
Mindset+Tooling
![Page 48: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/48.jpg)
and ContinuousDelivery
![Page 49: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/49.jpg)
Test pyramid
UnitTests
ServiceTests
UItests
fasterfeed
back
from“SucceedingwithAgile”(MikeCohn)
confiden
ce
and continuousdelivery
![Page 50: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/50.jpg)
Security-Test pyramid
staticcodeanalysis
Vulnerabilityscanning
E2Esecuritytests
fasterfeed
back
confiden
ce
and continuousdelivery
![Page 51: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/51.jpg)
BDD styleand continuousdelivery
continuumsecurity.net/bdd-intro.html
![Page 52: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/52.jpg)
using containers
BSDJails2000
2001Virtuozzo
Linux-VServer
SolarisZones2004
LXC2008
2013Docker
rkt2014
1982chroot
2007cgroups
![Page 53: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/53.jpg)
Defense in depth
paymentservice
instance#2
docsuploadservice
instance#1
paymentservice
instance#1
catpictureservice
instance#1
memegeneratorinstance#1
bookmarkmanager
instance#1
using containers
![Page 54: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/54.jpg)
Freeze & replace
paymentservice
instance#2
docsuploadservice
instance#1
paymentservice
instance#1
catpictureservice
instance#1
memegeneratorinstance#1
bookmarkmanager
instance#1
using containers
paymentservice
instance#1
![Page 55: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/55.jpg)
Freeze & replace
paymentservice
instance#2
docsuploadservice
instance#1
paymentservice
instance#3
catpictureservice
instance#1
memegeneratorinstance#1
bookmarkmanager
instance#1
using containers
![Page 56: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/56.jpg)
Docker securityusing containers
tinyurl.com/docker-security
•read-onlycontainers•minimalbaseimages•dropcapabilities•verifysignedimages•traditionalhardening(AppArmor,SELinux…)
...
![Page 57: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/57.jpg)
Scan images for vulnerabilitiesusing containers
Clair(CoreOS)Nautilus(DockerInc.)
![Page 58: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/58.jpg)
Secure deploymentsusing containers
Dockerdaemon-“justHTTP”
•TLS•Authentication•Authorisation•Logging&Auditing
scprsync
git
![Page 59: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/59.jpg)
Summary
small,distributedservicescanlimittheimpactofbreaches
isolateserviceswithdifferentsecurityrequirements
usestandardmechanismsforauth, butmakesuretheyarescalable
consideranAPIgateway, butdon'toverusethispattern
![Page 60: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/60.jpg)
Summary
monoculturescandoharm
embraceruggedsoftwareprinciples
accountabilityensuressecurityisbuiltin, notboltedon
investinautomationandtooling aroundsecuritytoolsandsecuritytesting
![Page 61: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/61.jpg)
Summary
usecontainersasadditionallineofdefense
usecontainersasimmutableinfrastructure
ifyouneedto,usecontainerstodoforensics
secureyourcontainerhoststhoroughly
scanimagescentrallyforvulnerabilities
abolishobsoletedeploymentmethods
![Page 62: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/62.jpg)
Nightmare?
![Page 63: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/63.jpg)
Image References (all CC-BY or public domain)Pumpkin:https://www.flickr.com/photos/wwarby/5144858705BillGates:https://c2.staticflickr.com/8/7331/16335705267_b6e9d9b223.jpgAnarchySymbol: https://pixabay.com/p-32917/Sandwich:https://upload.wikimedia.org/wikipedia/commons/6/6a/Peanut-Butter-Jelly-Sandwich.pngWasp: https://pixabay.com/p-538470Whack-a-mole:https://c1.staticflickr.com/9/8484/8195620894_4b68d7df76_b.jpgRustycontainer:https://www.flickr.com/photos/annspan/3912153466Server: https://upload.wikimedia.org/wikipedia/commons/0/0c/Chassis-Plans-3U.jpgRuggedvehicle:https://c1.staticflickr.com/5/4036/4669861882_742023ed7a_b.jpgCertificate:https://pixabay.com/p-576790ConfusedDeputy: https://en.wikipedia.org/wiki/Confused_deputy_problemAphid:https://en.wikipedia.org/wiki/Aphid#/media/File:Acyrthosiphon_pisum_(pea_aphid)-PLoS.jpg
![Page 64: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/64.jpg)
container-solutions.com | @containersoluti
container-solutions.com
![Page 65: container-solutions.com | @containersolutigotocon.com/dl/...MicroservicesASecurityNightmare.pdf · Microservices – a security ... (stateless) cat_ pictures ... • Authentication](https://reader034.fdocuments.in/reader034/viewer/2022051507/5a723b437f8b9abb538d5d27/html5/thumbnails/65.jpg)