Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes

99 Aufrufe

Veröffentlicht am

Docker Enterprise got a big upgrade this year with Calico 3.5 for its Kubernetes networking! One of the most exciting new features is the ability to build Zero Trust Kubernetes networks with Calico Application Layer Policy in concert with Istio service mesh. Zero Trust networking is a way to build distributed applications such that they maintain security, even when containers, or the network itself, is compromised.

Starting with Docker Enterprise, they will demonstrate some common network attacks such as IP address spoofing and certificate exfiltration, then demonstrate building a Zero Trust network (by installing Istio and Application Layer Policies) for the application. They will show how this Zero Trust network repels all the demonstrated attack strategies and explain how to build and maintain a Zero Trust network for your own applications.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes

  1. 1. Spike Curtis Senior Software Engineer, Tigera Zero Trust Networks Come to Docker Enterprise Kubernetes Brent Salisbury Software Alliance Engineer, Docker
  2. 2. Agenda • Motivation for Zero Trust Networks − Trends in application architecture − Trends in threat landscape − Deficiencies of the “Zone” model • Building Zero Trust with Docker Enterprise, Calico & Istio − Calico & Istio architecture − DEMO! • Conclusion, Q&A
  3. 3. Intra-Security Zone Traffic
  4. 4. Intra-Security Zone Traffic Hairpin
  5. 5. Cost Analysis
  6. 6. Inefficient Provisioning
  7. 7. Compute Provisioning
  8. 8. Distributing Policy Across Compute
  9. 9. Growing Attack Surface
  10. 10. Growing Attack Surface
  11. 11. Zero Trust Networking The network is always assumed to be hostile
  12. 12. Zero Trust Networking
  13. 13. Zero Trust Networking
  14. 14. LAN Zero Trust Networking
  15. 15. WAN Zero Trust Networking
  16. 16. Internet Zero Trust Networking
  17. 17. ● Resilient against compromised devices, workload, and network links ● Security is decoupled from network location ○ Simplified management ○ Flexible deployment ● VPNs are no longer needed Zero Trust Networking Advantages
  18. 18. Zero Trust Networking Software Control Plane Data PlanePlatform
  19. 19. Calico & Istio Architecture NodeNode Pod Workload Istio Citadel Envoy Felix Pod Workload Envoy Felix Mutual Authentication & Encryption Calico Policy Dikastes Dikastes IPTables IPTables
  20. 20. Demo Application customer summary database
  21. 21. Q&A

×