April 2018 Summaries
7 posts from Sysdig
Filter
Month:
Year:
Post Summaries
Back to Blog
Falco 0.10.0 introduces several enhancements aimed at simplifying deployment, refining rules, and expanding system call support. The update allows users to specify a rules directory for organized rule loading and includes a sample Puppet Module for easier configuration management. New rules have been added, such as those detecting unauthorized SSH connections and unexpected Kubernetes NodePort interactions, while existing rules have been refined to reduce false positives. Support for syscalls has been expanded to include all those supported by Sysdig, with options for users to manage syscall availability. Other improvements include log rotation support, compact JSON output, and fixes for rule validation and order issues. The release is available through various channels, and further details can be found in the GitHub changelog.
Apr 25, 2018
643 words in the original blog post.
The guide emphasizes the importance of securing key Kubernetes components like kubelet, etcd, and Docker registries to enhance overall system security. It outlines best practices, such as configuring kubelet security parameters to prevent unauthorized access, utilizing NodeRestriction admission controllers, and employing Role-Based Access Control (RBAC) for secure interactions. For etcd, the guide advises restricting access via PKI-based authentication and firewalls, given its critical role in persisting Kubernetes state. It also discusses the necessity of using trusted Docker registries to avoid vulnerabilities from public images, suggesting credentials be stored as Kubernetes secrets for access control. Additionally, the guide highlights the use of audit logs for forensics and incident detection, and the application of admission webhooks for preemptive security compliance. Overall, it provides a comprehensive overview of securing Kubernetes components to prevent unauthorized access and maintain system integrity.
Apr 24, 2018
2,722 words in the original blog post.
Suresh Vasudevan expresses his excitement about joining Sysdig, highlighting the company's innovative approach to monitoring and securing microservices and container-based architectures. The text outlines the challenges faced by enterprises as they transition to more agile, cloud-ready applications and the need for novel solutions to ensure security and performance. Vasudevan emphasizes Sysdig's unique Container Intelligence Platform, which leverages system calls for real-time monitoring and security, offering zero-touch instrumentation and deep visibility into containerized environments. He also notes the company's strong organizational culture and commitment to driving industry transformation towards modern application development. The text mentions Sysdig's growing community and the adoption of its open-source and commercial products by numerous enterprises, underscoring its role as a thought leader in the industry.
Apr 23, 2018
1,292 words in the original blog post.
The guide provides an in-depth exploration of Kubernetes Role-Based Access Control (RBAC) and Transport Layer Security (TLS) certificates as essential components of Kubernetes security practices. It details the process of creating users in Kubernetes, setting permissions using RBAC, and managing TLS certificates and security tokens. The document covers the foundational elements of RBAC, including Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings, and explains how they govern access to Kubernetes resources. It emphasizes the importance of namespaces for logical segmentation and security, the principle of least privilege for users and service accounts, and the need for specific permissions over broad access. Additionally, it discusses the rotation and expiration of TLS certificates, highlighting the significance of regular updates to protect against key mismanagement and potential security breaches. The guide also touches on user authentication via external directories like LDAP or OpenID Connect for streamlined user management, setting the stage for further exploration of Kubernetes security contexts and policies.
Apr 04, 2018
3,088 words in the original blog post.
The Kubernetes security guide by Jorge Salamero Sanz emphasizes the importance of updating traditional security processes to accommodate the rapid adoption of Kubernetes as a standard for containerized deployments. Containers, while offering portability and isolation, present challenges in monitoring and securing due to their opaque nature, necessitating a dynamic security approach. The guide discusses the implementation of DevSecOps practices, advocating for continuous security throughout the software supply chain. It covers topics such as Kubernetes Role-Based Access Control (RBAC), Transport Layer Security (TLS) certificates, pod-level security, and the hardening of Kubernetes components with specific security policies. The resource serves as both a comprehensive introduction for newcomers and a quick-reference for practitioners, also suggesting additional tools beyond Kubernetes' native capabilities and addressing potential security threats through real-world incident stories.
Apr 04, 2018
557 words in the original blog post.
Michael Ducy's blog post details the integration of Sysdig Falco and Fluentd for enhancing Kubernetes security logging, emphasizing the ability to monitor abnormal activities within application and kube-system containers. The post discusses the replacement of Logstash with Fluentd in the EFK (Elasticsearch, Fluentd, Kibana) stack due to its advantages in buffering and event routing, and provides a step-by-step guide to deploying this stack on Google Kubernetes Engine with specific configurations. It explains the importance of updating API versions for smooth deployment and highlights the setup of Falco as a Daemonset, where its alerts are captured in JSON format by Fluentd and sent to Elasticsearch for parsing. The blog also details how to visualize Falco alerts using Kibana, creating various visualizations like charts and tables to effectively analyze security events. The article concludes by underscoring the robustness of Falco and Fluentd in maintaining security best practices in a cloud-native environment, while acknowledging the contributions of Jean-Philippe Lachance to the development of these tools.
Apr 04, 2018
1,655 words in the original blog post.
In this guide, various Kubernetes security mechanisms are explored, emphasizing the configuration of security at the pod level using Kubernetes Security Context, Security Policy, and Network Policy resources. It details how to define container privileges, permissions, capabilities, and network communication rules to enhance security, including the use of admission controllers to enforce policies and restrict unauthorized access. The document also covers Kubernetes resource allocation management to prevent resource abuse and ensure efficient utilization, highlighting the importance of setting requests and limits on resources like CPU and memory. Additionally, it introduces third-party tools and plugins that extend Kubernetes capabilities, such as Sysdig Falco for runtime security monitoring and third-party network plugins for enforcing network policies. The guide serves as a comprehensive resource for leveraging Kubernetes orchestration capabilities to safeguard containerized applications, while also suggesting further exploration into securing essential Kubernetes components like etcd, kubelet, and Docker registry.
Apr 04, 2018
2,469 words in the original blog post.