Container Security Practices and Recommendations

References
https://success.docker.com/article/security-best-practices

Description

Aspects
The micro services running (inside Pod/ Container environment) should be having restricted access to resources and priviledges.

RBAC
Network Access
3rd Party access to system resources

Security aspects available in Kubernetes
Pod security policy

Comments

NSSF - an 5G network function to support the network slicing

NSSF - Network Slice Selector Function The 5G System architecture (3GPP TS 23.501: 5G SA; Stage 2) consists of the following network functions (NF). - Authentication Server Function (AUSF) - Core Access and Mobility Management Function (AMF) - Data network (DN), e.g. operator services, Internet access or 3rd party services - Structured Data Storage network function (SDSF) - Unstructured Data Storage network function (UDSF) - Network Exposure Function (NEF) - NF Repository Function (NRF) - Network Slice Selection Function (NSSF) ======>>> our focus - Policy Control function (PCF) - Session Management Function (SMF) - Unified Data Management (UDM) - Unified Data Repository (UDR) - User plane Function (UPF) - Application Function (AF) - User Equipment (UE) - (Radio) Access Network ((R)AN)

SMS-SG on LTE/ MTC networks

SMS with LTE (SG-SMS) SMS (Short Messaging Service) was quite popular among people during 2G/3G, but now with the advent of 4G losing the shine/ attraction. With 4G people are moving to always-on kind of data connectivity and thus market rising with many application options to provide the messaging capabilities. The examples are such as whatsapp, snapchat etc Now here we are going to discuss, “can an SMS possible in LTE technology ?” and if so “how?” One possibility of using IMS framework and delivering SMS to/from UE. IMS provides the data (e.g. data, media-voice/video) usage overlaid on LTE technology. The bigger question and climax is on market pace in adapting and deployment of the IMS. To address the feature availability, an interim solution (SG interfaces) are suggested in specs. (its similar on the lines on how CS fallback option before LTE supporting Voice calls) Lets revisit the past (2G) on how SMS are delivered. SMS is delivered over signaling channel. This me

Cloud based Frameworks/ Kubernetes environment

Cloud based microservice frameworks Some of open source platforms available are Swarm (Docker), Kubernetes (google), mesos, The most popular in communities and internet industry seems to be kubernetes and picking steam in telecom front as well for upcoming 5G Service based architecture. The kubernetes has the default container solution based on Rket ? but the most popular combinations are using Docker as container. Kubernetes/ an Cloud orachastrator !! Deployment automation of scaling in (zooming in/ increasing) and out (zooming out, decreasing) Network plugin available such as flannel (popular, support only IPv4), calico (support IPv4, IPv6), weavenet Kubernetes currently does not support dual stack IPv4, IPv6 inter-working etc capabilities till version 1.13 (dec 2018). Another limitation, it does not recognize the multiple interfaces in case enable to POD's for configuring services exposure and external communication till version 1.13 (dec 2018) Will be adding more

Mind hover

Search This Blog