Skip to main content

Container Security Practices and Recommendations


References
https://success.docker.com/article/security-best-practices

Description

Aspects
The micro services running (inside Pod/ Container environment) should be having restricted access to resources and priviledges.

RBAC
Network Access
3rd Party access to system resources

Security aspects available in Kubernetes
Pod security policy  

Comments

Post a Comment

Popular posts from this blog

Cloud based Frameworks/ Kubernetes environment

Cloud based microservice frameworks Some of open source platforms available are Swarm (Docker), Kubernetes (google), mesos, The most popular in communities and internet industry seems to be kubernetes and picking steam in telecom front as well for upcoming 5G Service based architecture. The kubernetes has the default container solution based on Rket ? but the most popular combinations are using Docker as container. Kubernetes/ an Cloud orachastrator !! Deployment automation of scaling in (zooming in/ increasing) and out (zooming out, decreasing) Network plugin available such as flannel (popular, support only IPv4), calico (support IPv4, IPv6), weavenet Kubernetes currently does not support dual stack IPv4, IPv6 inter-working etc capabilities till version 1.13 (dec 2018). Another limitation, it does not recognize the multiple interfaces in case enable to POD's for configuring services exposure and external communication till version 1.13 (dec 2018) Will be adding more...
Post a Comment
Read more

SCTP - A new transport protocol

SCTP is a new transport protocol, also used for LTE Signalling S1-MME interface between eNB and MME (core network) and MME -HSS (Diameter / SCTP). 1 SCTP Protocol SCTP Packet is located after the MAC/ IP header. The basic SCTP Header consist of Source / Destination Ports (16 bits each), Verification Tag (32 bits) and check sum (32 bits) Verification Tag is used by the receiver to validate the senders authenticity, this get published by each endpoint to remote end duing the 4 way handshake done initially for setting up SCTP association. 1.1 4-Way handshake Msgs 1.1.1 INIT - Contains Initiate Tag, receiver window, in/out bound streams, initial TSN 1.1.2 INIT-ACK - Contains all params same as INIT msg also contains the State Cookie 1.1.3 COOKIE-ECHO - Contains Cookie same as received in INIT-ACK 1.1.4 COOKIE-ACK - Contains nothing, used to acknowledge receipt of COOKIE-ECHO Completion of above 4 SCTP msgs bring the SCTP association to an established stat...
2 comments
Read more