Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 06_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Kubernetes Vs. Docker...

Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Kubernetes Vs. Docker Kubernetes Deployment = Docker is open source software that can be installed on any host to build, deploy, and run containerized applications on a single operating system = When Docker is installed on multiple hosts with different operating SRR systems, you can use Kubernetes to manage these Docker hosts 999 999 7] * Docker * Docker = Kubernetes is a container orchestration platform that automates the process of creating, managing, updating, scaling, and destroying containers ’ 99 ‘ * Docker ‘ = Kubernetes can be coupled with any containerization technology such i as Docker, Rkt, RunC, and cri-o AL L LA LL &Docker " Docker A A ; Kubernetes and Docker run = Both Dockers and Kubernetes are based on microservices architecture, and together to build and run built using the Go programming language to deploy small, lightweight containerized applications binaries, and YAML files for specifying application configurations and stacks Copyright © by uncil All Rights Reserved. Reproductionis Strictly Prohibited. Kubernetes Vs. Docker As discussed above, Docker is an open-source software that can be installed on any host to build, deploy, and run containerized applications on a single operating system. Containerization isolates running applications from other services and applications running on the host OS. Kubernetes is a container orchestration platform that automates the process of creating, managing, updating, scaling, and destroying containers. Both Dockers and Kubernetes are based on microservices architecture, they are built using the Go programming language to deploy small lightweight binaries, and use the YAML file for specifying application configurations and stacks. When Kubernetes and Docker are coupled together, they provide efficient management and deployment of containers in a distributed architecture. When Docker is installed on multiple hosts with different operating systems, you can use Kubernetes to manage these Docker hosts through container provisioning, load balancing, failover and scaling, and security. Module 10 Page 1269 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing - - A 0500 - - P09 0999 * LL ¥ 1. &Docker * * Docker Docker Kubernetes and Docker run together to build and run containerized applications Figure 10.13: Kubernetes deployment Module 10 Page 1270 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Container Security Challenges © 66 6 6O 06 Inflow of vulnerable Large attack Lack of visibility Compromising DevOps speed source code surface secrets © o6 6 O Noisy neighboring Container breakout = Network-based Bypassing Ecosystem containers to the host attacks isolation complexity Container Security Challenges While containerization provides fast and continuous delivery of applications to developers and DevOps teams, there are certain security challenges associated with it. The primary security challenges for containers are as follows: Inflow of Vulnerable Source Code: Since containers are open source, the images that are created by the developers are frequently updated, stored, and used as needed. This causes an inflow of source code that may potentially harbor vulnerabilities and unexpected behaviors, into an organization. Large Attack Surface: In cloud or on-premises, there are many containers than run on multiple machines. This provides a large attack surface, and therefore causes challenges in the tracking and detection of anomalies. Lack of Visibility: The abstraction layer created by the container engine masks the activity of a particular container. DevOps Speed: On average, the lifespan of a container is four times less than virtual machines. Containers can be created instantly, run for a short duration of time, stopped, and removed. Due to this ephemerality, an attacker can execute an attack and disappear quickly. Noisy Neighboring Containers: The behavior of one container can potentially cause a DOS for another container. For example, opening sockets frequently can freeze up the host machine. Container Breakout to the Host: Containers that run as the root user can breakout and access the host’s operating system. Module 10 Page 1271 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing = Network-based Attacks: A jeopardized container is vulnerable to network-based attacks, especially in outbound networks with unrestricted raw sockets. » Bypassing isolation/Lack of isolation: Any inadequacy in the isolation between containers can be a security challenge since an attacker who compromises one container can then easily access another container in the same host. = Ecosystem complexity: The tools utilized to build, deploy, and manage containers are provided by different sources. Therefore, a user should keep the components secure and up-to-date. Module 10 Page 1272 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser