SlideShare ist ein Scribd-Unternehmen logo

Swarm sec

S
snrism

The goal of swarm-sec is to assess and highlight the security issues in a native swarm cluster setup and faciliate a developer or administrator to deploy a secure cluster environment. swarm-sec is an extension to docker-bench-security. Currently swarm-sec can: - Assesses possible issues in swarm daemon configuration - Details node-specific security issues in the cluster - Remote connection issues between the node and swarm manager

Technologie
1 von 8
Downloaden Sie, um offline zu lesen
swarm-­‐sec  –  Swarm  Security   Assessment  tool   Sriram  Natarajan   Sujith  Bhaskaran   Sumanth  Sathyanarayana  
Assessing  security  -­‐  Today   docker –H --label swarm join Host 1 docker –H --label swarm join Host 2 docker –H --label swarm join Host 3 Swarm (Manager Node) TCP/TLS Channel swarm create swarm manage •  Run  docker-­‐bench-­‐security  on  every  node  individually   •  Can  help  us  understand  a  single  host’s  setup,  docker  daemon,  container  images,   container  runCme  setup  and  issues.   •  Based  on  CIS  1.6  Benchmark   docker-­‐bench-­‐security   docker-­‐bench-­‐security   docker-­‐bench-­‐security  
Our  idea  –  swarm-­‐sec   docker –H --label swarm join Host 1 docker –H --label swarm join Host 2 docker –H --label swarm join Host 3 Swarm (Manager Node) TCP/TLS Channel swarm create swarm manage •  Leverage  swarm  API     •  Build  a  security  soluCon  at  cluster-­‐level   swarm-­‐sec  
swarm-­‐sec   •  IdenCfy  &  draM  cluster-­‐related  security  test  cases   •  Assess  swarm  daemon’s  configuraCon   •  Assess  cluster  runCme  issues   •  Assess  individual  cluster  node  setup  &  containers  running  in  them   •  Assess  connecCvity  issues  between  individual  nodes    
swarm-­‐sec   docker –H --label swarm join Host 1 docker –H --label swarm join Host 2 docker –H --label swarm join Host 3 Swarm (Manager Node) TCP/TLS Channel swarm create swarm manage swarm-­‐sec   1.Swarm   daemon   2.Cluster   runCme   3.  Node-­‐ specific   4.Conne cCvity  
Demo  
Next  Steps   •  Self-­‐secure  swarm  cluster  by  correcCng  setup   •  Add  support  for  other  service  discoveries  (zookeeper,  consul,  etcd)   •  Work  with  replicated  swarm  masters   •  Work  with  mesos  driver   •  Improve  CLI  output  
swarm-­‐sec:  hYps://github.com/snrism/swarm-­‐sec   security  tests:  hYps://github.com/snrism/swarm-­‐sec/blob/master/tests/TEST.md       QuesCons?  

Empfohlen

Intro to OpenStack Cinder and IceHouse Bound!
Intro to OpenStack Cinder and IceHouse Bound!Intro to OpenStack Cinder and IceHouse Bound!
Intro to OpenStack Cinder and IceHouse Bound!thingee
 
Going Production with Docker and Swarm
Going Production with Docker and SwarmGoing Production with Docker and Swarm
Going Production with Docker and SwarmC4Media
 
Dockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmDockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmWei-Ting Kuo
 
Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)
Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)
Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)Mike Goelzer
 
Docker Machine & Docker Swarm
Docker Machine & Docker SwarmDocker Machine & Docker Swarm
Docker Machine & Docker SwarmGuillermo Lucero
 
The age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementThe age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementNicola Paolucci
 
Docker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker SwarmDocker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker SwarmElton Stoneman
 
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Michelle Antebi
 

Empfohlen

Intro to OpenStack Cinder and IceHouse Bound!
Intro to OpenStack Cinder and IceHouse Bound!Intro to OpenStack Cinder and IceHouse Bound!
Intro to OpenStack Cinder and IceHouse Bound!thingee
 
Going Production with Docker and Swarm
Going Production with Docker and SwarmGoing Production with Docker and Swarm
Going Production with Docker and SwarmC4Media
 
Dockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmDockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmWei-Ting Kuo
 
Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)
Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)
Docker Swarm 45-min Workshop (Mountain View Docker Meetup 2/24/2016)Mike Goelzer
 
Docker Machine & Docker Swarm
Docker Machine & Docker SwarmDocker Machine & Docker Swarm
Docker Machine & Docker SwarmGuillermo Lucero
 
The age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementThe age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementNicola Paolucci
 
Docker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker SwarmDocker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker SwarmElton Stoneman
 
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Michelle Antebi
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarmHsi-Kai Wang
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeAjeet Singh Raina
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
OpenStack Cinder Overview - Havana Release
OpenStack Cinder Overview - Havana ReleaseOpenStack Cinder Overview - Havana Release
OpenStack Cinder Overview - Havana ReleaseAvishay Traeger
 
Docker 1.12 and swarm mode
Docker 1.12 and swarm modeDocker 1.12 and swarm mode
Docker 1.12 and swarm modeWesley Charles Blake
 
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Tom Cappetta
 
Docker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionDocker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionPhi Huynh
 
From swarm to swam-mode in the CERN container service
From swarm to swam-mode in the CERN container serviceFrom swarm to swam-mode in the CERN container service
From swarm to swam-mode in the CERN container serviceSpyros Trigazis
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Cyber Range - Blackhat Europe 19 Arsenal
Cyber Range - Blackhat Europe 19 ArsenalCyber Range - Blackhat Europe 19 Arsenal
Cyber Range - Blackhat Europe 19 ArsenalTom Cappetta
 
What’s new in Swarm 1.1
What’s new in Swarm 1.1What’s new in Swarm 1.1
What’s new in Swarm 1.1k z
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpadantitree
 
Open stack cinder
Open stack cinderOpen stack cinder
Open stack cinderYong Luo
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development StationBasim Aly (JNCIP-SP, JNCIP-ENT)
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
swarmmode-dojo
swarmmode-dojoswarmmode-dojo
swarmmode-dojoClarence Bakirtzidis
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not LinuxMuhammad Moinur Rahman
 
Swarm mode
Swarm modeSwarm mode
Swarm modeDharmit Shah
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
 
Docker con osdk_ver1.0
Docker con osdk_ver1.0Docker con osdk_ver1.0
Docker con osdk_ver1.0Shunjiro Yatsuzuka
 
Modeling Microservices
Modeling MicroservicesModeling Microservices
Modeling MicroservicesSander Hoogendoorn
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarmHsi-Kai Wang
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeAjeet Singh Raina
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
OpenStack Cinder Overview - Havana Release
OpenStack Cinder Overview - Havana ReleaseOpenStack Cinder Overview - Havana Release
OpenStack Cinder Overview - Havana ReleaseAvishay Traeger
 
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Tom Cappetta
 
Docker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionDocker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionPhi Huynh
 
From swarm to swam-mode in the CERN container service
From swarm to swam-mode in the CERN container serviceFrom swarm to swam-mode in the CERN container service
From swarm to swam-mode in the CERN container serviceSpyros Trigazis
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Cyber Range - Blackhat Europe 19 Arsenal
Cyber Range - Blackhat Europe 19 ArsenalCyber Range - Blackhat Europe 19 Arsenal
Cyber Range - Blackhat Europe 19 ArsenalTom Cappetta
 
What’s new in Swarm 1.1
What’s new in Swarm 1.1What’s new in Swarm 1.1
What’s new in Swarm 1.1k z
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpadantitree
 
Open stack cinder
Open stack cinderOpen stack cinder
Open stack cinderYong Luo
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
 

Was ist angesagt? (20)

Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarm
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm Mode
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for Beginner
 
OpenStack Cinder Overview - Havana Release
OpenStack Cinder Overview - Havana ReleaseOpenStack Cinder Overview - Havana Release
OpenStack Cinder Overview - Havana Release
 
Docker 1.12 and swarm mode
Docker 1.12 and swarm modeDocker 1.12 and swarm mode
Docker 1.12 and swarm mode
 
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
 
Docker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionDocker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode Introduction
 
From swarm to swam-mode in the CERN container service
From swarm to swam-mode in the CERN container serviceFrom swarm to swam-mode in the CERN container service
From swarm to swam-mode in the CERN container service
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Cyber Range - Blackhat Europe 19 Arsenal
Cyber Range - Blackhat Europe 19 ArsenalCyber Range - Blackhat Europe 19 Arsenal
Cyber Range - Blackhat Europe 19 Arsenal
 
What’s new in Swarm 1.1
What’s new in Swarm 1.1What’s new in Swarm 1.1
What’s new in Swarm 1.1
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Open stack cinder
Open stack cinderOpen stack cinder
Open stack cinder
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development Station
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
swarmmode-dojo
swarmmode-dojoswarmmode-dojo
swarmmode-dojo
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
 
Swarm mode
Swarm modeSwarm mode
Swarm mode
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
 

Andere mochten auch

Authorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsAuthorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsLeanIX GmbH
 
Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)Sander Hoogendoorn
 
Microservice Architecture 101
Microservice Architecture 101Microservice Architecture 101
Microservice Architecture 101Kochih Wu
 

Andere mochten auch (6)

Docker con osdk_ver1.0
Docker con osdk_ver1.0Docker con osdk_ver1.0
Docker con osdk_ver1.0
 
Modeling Microservices
Modeling MicroservicesModeling Microservices
Modeling Microservices
 
Authorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsAuthorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice Environments
 
Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)
 
Auth as a microservice
Auth as a microserviceAuth as a microservice
Auth as a microservice
 
Microservice Architecture 101
Microservice Architecture 101Microservice Architecture 101
Microservice Architecture 101
 

Ähnlich wie Swarm sec

Swarm - A Docker Clustering System
Swarm - A Docker Clustering SystemSwarm - A Docker Clustering System
Swarm - A Docker Clustering Systemsnrism
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
Introduction to docker swarm
Introduction to docker swarmIntroduction to docker swarm
Introduction to docker swarmWalid Ashraf
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in ProductionGianluca Arbezzano
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 PresentationSreenivas Makam
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekwiTTyMinds1
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introductionrajdeep
 
TechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - Trivadis
TechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - TrivadisTechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - Trivadis
TechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - TrivadisTrivadis
 
SauceCon 2017: Building a Better Wormhole
SauceCon 2017: Building a Better WormholeSauceCon 2017: Building a Better Wormhole
SauceCon 2017: Building a Better WormholeSauce Labs
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSJan Löffler
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDNebulaworks
 
Google chrome sandbox
Google chrome sandboxGoogle chrome sandbox
Google chrome sandboxNephi Johnson
 
Demystifying docker networking black magic - Lorenzo Fontana, Kiratech
Demystifying docker networking black magic - Lorenzo Fontana, KiratechDemystifying docker networking black magic - Lorenzo Fontana, Kiratech
Demystifying docker networking black magic - Lorenzo Fontana, KiratechCodemotion Tel Aviv
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
 

Ähnlich wie Swarm sec (20)

Swarm - A Docker Clustering System
Swarm - A Docker Clustering SystemSwarm - A Docker Clustering System
Swarm - A Docker Clustering System
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security Mmanagement
 
Introduction to docker swarm
Introduction to docker swarmIntroduction to docker swarm
Introduction to docker swarm
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introduction
 
TechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - Trivadis
TechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - TrivadisTechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - Trivadis
TechEvent 2019: Wie sichere ich eigentlich Kafka ab?; Markus Bente - Trivadis
 
SauceCon 2017: Building a Better Wormhole
SauceCon 2017: Building a Better WormholeSauceCon 2017: Building a Better Wormhole
SauceCon 2017: Building a Better Wormhole
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CD
 
Docker swarm
Docker swarmDocker swarm
Docker swarm
 
Google chrome sandbox
Google chrome sandboxGoogle chrome sandbox
Google chrome sandbox
 
Demystifying docker networking black magic - Lorenzo Fontana, Kiratech
Demystifying docker networking black magic - Lorenzo Fontana, KiratechDemystifying docker networking black magic - Lorenzo Fontana, Kiratech
Demystifying docker networking black magic - Lorenzo Fontana, Kiratech
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
Docker framework
Docker frameworkDocker framework
Docker framework
 

Kürzlich hochgeladen

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 

Kürzlich hochgeladen (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Swarm sec

  • 1. swarm-­‐sec  –  Swarm  Security   Assessment  tool   Sriram  Natarajan   Sujith  Bhaskaran   Sumanth  Sathyanarayana  
  • 2. Assessing  security  -­‐  Today   docker –H --label swarm join Host 1 docker –H --label swarm join Host 2 docker –H --label swarm join Host 3 Swarm (Manager Node) TCP/TLS Channel swarm create swarm manage •  Run  docker-­‐bench-­‐security  on  every  node  individually   •  Can  help  us  understand  a  single  host’s  setup,  docker  daemon,  container  images,   container  runCme  setup  and  issues.   •  Based  on  CIS  1.6  Benchmark   docker-­‐bench-­‐security   docker-­‐bench-­‐security   docker-­‐bench-­‐security  
  • 3. Our  idea  –  swarm-­‐sec   docker –H --label swarm join Host 1 docker –H --label swarm join Host 2 docker –H --label swarm join Host 3 Swarm (Manager Node) TCP/TLS Channel swarm create swarm manage •  Leverage  swarm  API     •  Build  a  security  soluCon  at  cluster-­‐level   swarm-­‐sec  
  • 4. swarm-­‐sec   •  IdenCfy  &  draM  cluster-­‐related  security  test  cases   •  Assess  swarm  daemon’s  configuraCon   •  Assess  cluster  runCme  issues   •  Assess  individual  cluster  node  setup  &  containers  running  in  them   •  Assess  connecCvity  issues  between  individual  nodes    
  • 5. swarm-­‐sec   docker –H --label swarm join Host 1 docker –H --label swarm join Host 2 docker –H --label swarm join Host 3 Swarm (Manager Node) TCP/TLS Channel swarm create swarm manage swarm-­‐sec   1.Swarm   daemon   2.Cluster   runCme   3.  Node-­‐ specific   4.Conne cCvity  
  • 7. Next  Steps   •  Self-­‐secure  swarm  cluster  by  correcCng  setup   •  Add  support  for  other  service  discoveries  (zookeeper,  consul,  etcd)   •  Work  with  replicated  swarm  masters   •  Work  with  mesos  driver   •  Improve  CLI  output  
  • 8. swarm-­‐sec:  hYps://github.com/snrism/swarm-­‐sec   security  tests:  hYps://github.com/snrism/swarm-­‐sec/blob/master/tests/TEST.md       QuesCons?