Tweet
We've all heard of it - Kubernetes - but do you really know what it is and, more importantly, how to set it up securely? The Great Spaghetti Monster isn’t too difficult to secure if you just stop and use common sense (wait, WHAT?) security best practices. These techniques are for everyone - even those who have been playing with Kubernetes for some time.
Let’s talk about Docker, baby!
You have to start somewhere, and containers are the place. Next, let’s intro Kubernetes and the magic world of orchestration and what it really means to orchestrate containers. A quick recorded demo of my raspberry pi cluster will be shown here.
As the brief Kubernetes demo concludes, it’s time to bring in security by demonstrating the security plug-ins and tools used. Techniques are shown for best-in-show k8s security configuration. Remember this concept - “Common Sense”? Let’s see if we can apply it with some best practices and build out the secure cluster. The focus on this is security threats to a Kubernetes cluster, containers and the apps deployed. A review of typical attack vectors in containers and Kubernetes clusters are shown with fun and exciting(?) pentesting tools specifically formulated for k8s. Now the fun begins - we have secured our cluster and our containers but how can we be sure? Let’s put our blue-skills to the test with some red-skills and pentest our cluster. It’s time to present some live security testing tools that are best suited for testing k8s. This is where the rubber meets the road, or in this case, where, wait for it —– common sense prevails!!
Speaker(s): Kat Fitzgerald
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-06 09:15 (09:15 AM) PDT (UTC -07:00)
Event ends: 2020-08-06 10:15 (10:15 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:23 (UTC).
Let’s talk about Docker, baby!
You have to start somewhere, and containers are the place. Next, let’s intro Kubernetes and the magic world of orchestration and what it really means to orchestrate containers. A quick recorded demo of my raspberry pi cluster will be shown here.
As the brief Kubernetes demo concludes, it’s time to bring in security by demonstrating the security plug-ins and tools used. Techniques are shown for best-in-show k8s security configuration. Remember this concept - “Common Sense”? Let’s see if we can apply it with some best practices and build out the secure cluster. The focus on this is security threats to a Kubernetes cluster, containers and the apps deployed. A review of typical attack vectors in containers and Kubernetes clusters are shown with fun and exciting(?) pentesting tools specifically formulated for k8s. Now the fun begins - we have secured our cluster and our containers but how can we be sure? Let’s put our blue-skills to the test with some red-skills and pentest our cluster. It’s time to present some live security testing tools that are best suited for testing k8s. This is where the rubber meets the road, or in this case, where, wait for it —– common sense prevails!!
Speaker(s): Kat Fitzgerald
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-06 09:15 (09:15 AM) PDT (UTC -07:00)
Event ends: 2020-08-06 10:15 (10:15 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:23 (UTC).