Kubernetes Security Guide (Kubernetes Hardening)
This article discusses the topic of securing the configuration of Kubernetes clusters. This software is considered quite challenging to manage due to the multitude of settings and areas that need to be addressed. The challenges associated with this can impact the security level of the applied configuration. As usual, my goal is not merely to present a dry list of parameters and ready-made configuration snippets but to provide the reader with a fuller context. I want the reader to understand why certain modifications are necessary and what benefits their implementation will bring.
Theory and practice must go hand in hand! Therefore, I have prepared a tool that will allow you to test everything I write about here in your local environment. You will find a script here that will easily start your Kubernetes cluster.
The information contained in this text should be treated as a set of basic issues that need to be addressed in the context of securely configuring a Kubernetes cluster. It is possible that your specific application will require additional work.
Read MoreThe Unnoticed Plague
Let’s talk about a plague occurring in the world of IT cybersecurity, which, in my opinion, receives too little attention. The title of the article may seem like an oxymoron, but let’s see if that’s really the case.
As an incentive, I’ll add that the topic concerns the data processed in the applications you use, including the confidential information of your company and your clients. It’s better if these data don’t leak, right?
Read MoreDocker Security – Step-by-Step Hardening (Docker Hardening)
This article provides practical recommendations for configuring Docker platform aimed at increasing its security. It also suggests tools helpful in automation of some tasks related to securing Docker.
My intention is to guide the reader step by step through the process of preparing a secure configuration. As such, this guide may prove to be more extensive than other similar publications. However, this is a conscious choice. My goal is not merely to present a dry list of parameters and ready-made configuration snippets, but to provide the reader with a fuller context. I want the reader to understand why certain modifications are necessary and what benefits their implementation will bring.
Read More