Container Security via Monitoring and Orchestration - Container Security Summit

•

2 gefällt mir•1,045 views

Security is a basic requirement of modern applications, and developers are increasingly using containers in their development work. In this presentation, we explore the basic components of secure design (preparation, detection, and containment), how containers facilitate that work today (verification), and how container orchestration ought to support models of the future, especially ones that are hard to roll manually (PKI).

Technologie

Orchestration and Monitoring
Containers as a Foundation for Fast Vulnerability Responses,
Rapid Compromise Detection, and Containment

About Me
● Drupal
○ Infrastructure (drupal.org)
○ Security
○ Performance/scalability,
especially databases
● Systemd
○ Committer
○ Scalable cgroups management
○ Structured logging integration
○ Launch-on-demand adapter maintainer
● Pantheon
○ CTO and Co-founder
○ Billions of monthly page views
○ Millions of containers

Container Hosts
Container
Container
Preparation: Reducing Exposure
Traditional Model
Extra Work to Configure Firewalls
Containers Model
Explicit Services Made Public
Server or
Virtual Machine
Port 23 (Telnet)
Port 22 (SSH)
Port 80 (HTTP)
Port 443 (HTTPS)
Port 80 (HTTP)
Port 443 (HTTPS)
KubeIngress

Preparation: Patching with Rolling Updates
Container Hosts
Container
(Old)
KubeIngress
HTTPS
Container Hosts
Container
(New)
KubeIngress
HTTPS
Container
(Old)

Preparation: Identifying Vulnerable Applications
Container Hosts
Runtime +
Libraries
(Old)
Runtime +
Libraries
(New)
Container
Container
Container Hosts
Runtime +
Libraries
(Old)
Runtime +
Libraries
(New)
Container
Container

Detection: Suspicious Behavior
Container Host
Container
Daemon
PID 1
Container
Daemon
PID 1
PID or Container Supervisor
Container Host
Container
Daemon
PID 1
Container
Daemon
PID 1
PID or Container Supervisor
Container Host
Container
Daemon
SEGV’d
PID 1
Container
Daemon
PID 1
PID 1 or Container Supervisor
Centralized
Monitoring

Detection: Integrity Verification
Container
Trusted
Party
Signature

Containment Antipattern: Mandatory Access Control (MAC) as an Afterthought

Containment: Containers Setting the Boundaries First

Containment: Resource Management with Control Groups
Container Host
Container Container
ControlGroups

Containment: Isolation of Statefulness
Container Host
Container
Persistence
Container

Containment: Containers as a Public Key Infrastructure (PKI) Substrate
Container Host
Container
LoadBalancer
X.509
Server
Cert
HTTPS
Configuration
Management
and
Certificate Authority
Services
X.509
Server
Cert
X.509
Client
Cert
PersistenceX.509
Server
Cert
Container
X.509
Cert
X.509
Cert
X.509
Client
Cert

Questions?
@DavidStrauss
david@pantheon.io
linkedin.com/in/davidstrauss

Weitere ähnliche Inhalte

Was ist angesagt?

Vault

dawnlua

GlusterFS Native driver for Openstack Manila at GlusterNight Paris @ Openstac...

Deepak Shetty

Applications need data. Containers remain ephemeral but we don't want our data to disappear. So how does it work with Kubernetes? This session will examine the individual pieces required for creating persistent applications in Kubernetes. You will learn about in-tree and out-of-tree storage drivers, PersistentVolumes (PV), PersistentVolumeClaims (PVC), Dyanamic Provisioning, how to use all of these in your Deployments and StatefulSets, high availability, and what happens to the volumes when you delete objects. Get ramped up on everything you need to know about using persistent storage in Kubernetes This presentation was delivered at Open Source Summit EU 2017

Everything You Need To Know About Persistent Storage in Kubernetes

The {code} Team

Vault

Jean-Philippe Bélanger

Server as the core of the information systems in today's business operations playing a pivotal role, data storage on server is becoming the lifeline to maintain the normal operation of the millions of businesses and organizations. Correct choice of independent control of the server or cluster systems and storage devices can improve system performance and operational capabilities. The user request rate and response time of business server data storage system are dependent on the selection of the storage devices. These devices can greatly affect system performance. To effectively protect data and give linear performance for iSCSI initiator, it is required to modify the iSCSI target driver to provide Gluster file system backend storage as distributed block device. This paper aims at discussing ways of modifying iSCSI Target (ISTGT) driver to support Gluster file system.

Integrating GlusterFS with iSCSI Target

ijsrd.com

Vault w/ config injection kubernetes canada

Jean-Philippe Bélanger

Nodejs

Kishore Yekkanti

Brief introduction to php findsock-shell

Rishu Ranjan

MongoDB introduces new capabilities that change the way micro-services interact with the database, capabilities that are either absent or exist only partially in high-end commercial databases such as Oracle. In this session I will share from my experiences building a cloud-based, multi-tenant SaaS application with extreme security requirements. We will cover topics including considerations for storing multi-tenant data in the database, best practices for authentication and authorization, and performance considerations specific to security in MongoDB.

Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...

MongoDB

Speaker: Andrew Morgan, Principal Product Marketing Manager, MongoDB Level: 100 (Beginner) Track: Microservices Organizations are building their applications around microservice architectures because of the flexibility, speed of delivery, and maintainability they deliver. Want to try out MongoDB on your laptop? Execute a single command and you have a lightweight, self-contained sandbox; another command removes all trace when you're done. Replicate your complete application for your development, test, operations, and support teams. This session introduces you to technologies such as Docker, Kubernetes, and Kafka, which are driving the microservices revolution. Learn about containers and orchestration – and most importantly, how to exploit them for stateful services such as MongoDB. What You Will Learn: - Why organizations are choosing to use microservice architectures, what benefits they deliver, and when they should - or shouldn't - be used. - Technologies that are used to build microservices – including containers, orchestration and messaging systems. - Why MongoDB is a good fit for microservices and what special steps need to be taken to make them work well together.

Powering Microservices with Docker, Kubernetes, Kafka, and MongoDB

MongoDB

Integrating gluster fs,_qemu_and_ovirt-vijay_bellur-linuxcon_eu_2013

Gluster.org

Stackpath use case

Varnish Software

OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos

NETWAYS

Powershell dcpp

artisriva

High Availability Content Caching with NGINX

Kevin Jones

Many applications with high-sensitivity workloads require enhanced technical options to control and limit access to confidential and regulated data. In some cases, system requirements or compliance obligations dictate a separation of duties for staff operating the database and those who maintain the application layer. In cloud-hosted environments, certain data are sometimes deemed too sensitive to store on third-party infrastructure. This is a common pain for system architects in the healthcare, finance, and consumer tech sectors — the benefits of managed, easily expanded compute and storage have been considered unavailable because of data confidentiality and privacy concerns. This session will take a deep dive into new security capabilities in MongoDB 4.2 that address these scenarios, by enabling native client-side field-level encryption, using customer-managed keys. We will review how confidential data can be securely stored and easily accessed by applications running on MongoDB. Common query design patterns will be presented, with example code demonstrating strong end-to-end encryption in Atlas or on-premise. Implications for developers and others designing systems in regulated environments will be discussed, followed by a Q&A with senior MongoDB security engineers.

MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...

MongoDB

In my talk, I will tell how we built a geographically distributed system of personal data storage based on Open Source software and PostgreSQL. The concept of the inCountry business is to provide customers with a ready-to-use infrastructure for personal data storage. Our business customers are ensured that their customer’s personal data is securely stored within their country’s borders. We wrote an API and SDK and built a variety of services. Our system complies with generally accepted security standards (SOC Type 1, Type 2, PCI DSS, etc.). We built our infrastructure with Consul, Nomad, and Vault, used PostgreSQL, ElasticSearch as a storage system, Nginx, Jenkins, Artifactory, other tools to automate management and deployment. We have assembled our development and management teams - DevOps, Security, Monitoring, and DBA. We use both cloud providers and bare-metal servers located in different regions of the world. Development of the system architecture and ensuring the stability of the infrastructure, consistent and secure operation of all its components is the main task facing our teams.

Building the Enterprise infrastructure with PostgreSQL as the basis for stori...

PavelKonotopov

What I learned from FluentConf and then some

Ohad Kravchick

Gluster and Kubernetes

Gluster.org

The Security library in VisualWorks went through sweeping changes recently. Main change is replacing native smalltalk implementations of various cryptographic algorithms with pluggable interfaces to external libraries, but also a complete rewrite of the SSL implementation to support all current versions of the protocol (SSL3.0 & TLS 1.0, 1.1 and 1.2). Introducing dependencies on external libraries can complicate deployment, however the resulting pluggability of implementation and perfomance boost we're getting in exchange should more then pay off in terms of widening the scope of potential applications, where the purely native implementation was simply not acceptable. In this talk we will survey these changes and discuss their impact and backward compatibility implications.

VisualWorks Security Reloaded - STIC 2012

Martin Kobetic

Was ist angesagt? (20)

Vault

GlusterFS Native driver for Openstack Manila at GlusterNight Paris @ Openstac...

Everything You Need To Know About Persistent Storage in Kubernetes

Vault

Integrating GlusterFS with iSCSI Target

Vault w/ config injection kubernetes canada

Nodejs

Brief introduction to php findsock-shell

Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...

Powering Microservices with Docker, Kubernetes, Kafka, and MongoDB

Integrating gluster fs,_qemu_and_ovirt-vijay_bellur-linuxcon_eu_2013

Stackpath use case

OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos

Powershell dcpp

High Availability Content Caching with NGINX

MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...

Building the Enterprise infrastructure with PostgreSQL as the basis for stori...

What I learned from FluentConf and then some

Gluster and Kubernetes

VisualWorks Security Reloaded - STIC 2012

Andere mochten auch

What You Always Wanted to Know About Container Orchestration and Never Dared ...

All Things Open

Illinois State University

Joe Trsar

The Docker container ecosystem is growing very fast and networking has taken an interesting direction with different networking models being introduced and it becomes even more interesting when container orchestration engines like Swarm, Mesos, Kubernetes have to implement networking for Docker containers. At this Meetup, we will talk about the networking capabilities for Docker, networking models like CNM (Container Network Model), how they fit into container orchestration frameworks, what's ready for production and what's in the design/discussion phase expected to be available in near future.

Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...

Debra Robertson

ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir...

DynamicInfraDays

Kubernetes - #gdglimasummit

Angel Nuñez

Clarity About Container Orchestration for a Developing Market

The New Stack

Intro to Docker Swarm

Everett Toews

Container orchestration

springworksab

Nicola Paolucci, Atlassian Containers hit the collective developer mind with great force the past two years and created a space of fervent innovation. Now work is moving towards orchestration. In this session we'll cover an overview of the container orchestration landscape, give an introduction to Docker's own tools - machine, swarm and compose - and show a (semi)live demo of how they work in practice.

AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...

Atlassian

Docker and CloudStack

Sebastien Goasguen

Kubernetes Introduction

Peng Xiao

ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...

DynamicInfraDays

新しいOpenShiftのしくみを調べてみた

Kazuto Kusama

Container (Docker) Orchestration Tools

Dhilipsiva DS

Container Orchestration

dfilppi

Docker Networking

Kingston Smiler

Octo talk : docker multi-host networking

Hervé Leclerc

Using machine learning to determine drivers of bounce and conversion

Tammy Everts

Docker-OVS

snrism

Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015

Stephane Manciot

Andere mochten auch (20)

What You Always Wanted to Know About Container Orchestration and Never Dared ...

Illinois State University

Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...

ContainerDays Boston 2015: "A Brief History of Containers" (Jeff Victor & Kir...

Kubernetes - #gdglimasummit

Clarity About Container Orchestration for a Developing Market

Intro to Docker Swarm

Container orchestration

AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...

Docker and CloudStack

Kubernetes Introduction

ContainerDays NYC 2015: "Container Orchestration Compared: Kubernetes and Doc...

新しいOpenShiftのしくみを調べてみた

Container (Docker) Orchestration Tools

Container Orchestration

Docker Networking

Octo talk : docker multi-host networking

Using machine learning to determine drivers of bounce and conversion

Docker-OVS

Packaging et déploiement d'une application avec Docker et Ansible @DevoxxFR 2015

Ähnlich wie Container Security via Monitoring and Orchestration - Container Security Summit

Kubernetes 1.12 Update and Container Security with Liz Rice

CloudOps2005

Docker meetup-20-apr-17-openshit

Yusuf Hadiwinata Sutandar

As enterprises adopt cloud native infrastructure to run their applications, data security and compliance is becoming a crucial area of interest. When you run your containers in a public cloud, you want to make sure that the data being accessed is secure and that there are no bread crumbs left behind once the container exits. A common mistake many people make is to host-mount a volume directly inside a container, which leaves the container's data behind (directly on the host.) In this session, we focus on the best practices for ensuring the security and compliance of your applications’ persistent volumes. But ensuring security is an on-going exercise. Ideally you would deploy intelligent software that can constantly monitor and audit the application environment for security holes and breaches. Autopilot is an automated application runtime management engine built for Kubernetes, and is an open source project sponsored by Portworx: https://github.com/libopenstorage/autopilot Presented by Gunjan Patel, Gou Rao, and Aditya Dani, January 2019. More details here: https://www.meetup.com/openstack/events/258284618/

Autopilot : Securing Cloud Native Storage

SF Bay Cloud Native Open Infra Meetup

Watch this talk here: https://www.confluent.io/online-talks/scaling-security-on-100s-of-millions-of-mobile-devices-using-kafka-and-scylla-on-demand Join mobile cybersecurity leader Lookout as they talk through their data ingestion journey. Lookout enables enterprises to protect their data by evaluating threats and risks at post-perimeter endpoint devices and providing access to corporate data after conditional security scans. Their continuous assessment of device health creates a massive amount of telemetry data, forcing new approaches to data ingestion. Learn how Lookout changed its approach in order to grow from 1.5 million devices to 100 million devices and beyond, by implementing Confluent Platform and switching to Scylla.

Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...

confluent

State of the Container Ecosystem

Vinay Rao

Prometheus - basics

Juraj Hantak

Containers are a set of various lightweight methods to isolate filesystems, CPU resources, memory resources, system permissions, etc. Containers are similar to virtual machines in many senses, but they are more efficient and often less secure. This talk roughly consists of the following three parts: 1. Introduction to containers and how they spread in the last decade 2. Internals of container runtimes: namespaces, cgroups, capabilities, seccomp, etc. 3. Latest trends: Non-Docker containers, User Namespaces, Rootless Containers, Kata Containers, gVisor, WebAssembly, etc. http://www.cce.i.kyoto-u.ac.jp/danwa23.html

The internals and the latest trends of container runtimes

Akihiro Suda

Kata Container - The Security of VM and The Speed of Container | Yuntong Jin

Vietnam Open Infrastructure User Group

This talk was presented at SRE NYC Meetup on August 16, 2017 at Squarespace HQ. https://www.youtube.com/watch?v=UJ1QAKprVr4 As the engineering teams at Squarespace grow, we have been building more and more microservices. However, this has added operational strain as we try to shoehorn a growing, complex dynamic environment into our static data center infrastructure. We needed to rethink how we handle deployments, dependency management, resource allocation, monitoring, and alerting. Docker containerization and Kubernetes orchestration helps us tackle many of these problems, but the journey has been challenging. In this talk, we’ll discuss the challenges of running Kubernetes in a datacenter and how we switched to a more SLA-focused alert structure than per instance health with Prometheus and AlertManager.

Kubernetes @ Squarespace: Kubernetes in the Datacenter

Kevin Lynch

Recent momentum around the evolution of Containers are gradually increase in last two years.Containers virtualize an OS and applications running in each container believe that they have full access to their very own copy of that OS. This is analogous to what VMs do when they virtualize at a lower level, the hardware. In the case of containers, it’s the OS that does the virtualization and maintains the illusion. Recent past many software companies have quickly adopted container technologies, including Docker Containers, aware of the threat and advantage of the approach. For example, Linux companies have also jumped into the ground, seeing as this as an opportunity to grow the Linux market. Also Microsoft is going to add features to support containers and VMware have made efforts in integrating support for Docker into virtual machine technology.

Containers kuberenetes

Gayan Gunarathne

Containers kuberenetes

Gayan Gunarathne

Docker & Daily DevOps

Satria Ady Pradana

Docker and-daily-devops

Satria Ady Pradana

Docker handons-workshop-for-charity

Yusuf Hadiwinata Sutandar

For this info-packed and hands-on workshop we cover: 📍 Introduction to Kubernetes & GitOps talk: We cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you. 📍 Get Started with GitOps: You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for: - an opinionated repo structure to minimize decision fatigue - disaster recovery using GitOps - Helm charts example - Multi-cluster example - all with free and open source tools mostly in the CNCF (eg. Flux and Helm). If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)

Intro to Kubernetes & GitOps Workshop

Weaveworks

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2Gmuwlg. Andrew Spyker talks about Netflix's feisty team’s work across container runtimes, scheduling & control plane, and cloud infrastructure integration. He also talks about the demons they’ve found on this journey covering operability, security, reliability and performance. Filmed at qconsf.com. Andrew Spyker worked to mature the technology base of Netflix Container Cloud (Project Titus) within the development team. Recently, he moved into a product management role collaborating with supporting Netflix infrastructure dependencies as well as supporting new container cloud usage scenarios including user on-boarding, feature prioritization/delivery and relationship management.

Disenchantment: Netflix Titus, Its Feisty Team, and Daemons

C4Media

Where is my cache architectural patterns for caching microservices by example

Rafał Leszko

Introduction to istio

Andrea Monacchi

No production system is complete without a way to monitor it. In software, we define observability as the ability to understand how our system is performing. This talk dives into capabilities and tools that are recommended for implementing observability when running K8s in production as the main platform today for deploying and maintaining containers with cloud-native solutions. We start by introducing the concept of observability in the context of distributed systems such as K8s and the difference with monitoring. We continue by reviewing the observability stack in K8s and the main functionalities. Finally, we will review the tools K8s provides for monitoring and logging, and get metrics from applications and infrastructure. Between the points to be discussed we can highlight: -Introducing the concept of observability -Observability stack in K8s -Tools and apps for implementing Kubernetes observability -Integrating Prometheus with OpenMetrics

Implementing Observability for Kubernetes.pdf

Jose Manuel Ortega Candel

Red Hat multi-cluster management & what's new in OpenShift

Kangaroot

Ähnlich wie Container Security via Monitoring and Orchestration - Container Security Summit (20)

Kubernetes 1.12 Update and Container Security with Liz Rice

Docker meetup-20-apr-17-openshit

Autopilot : Securing Cloud Native Storage

Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...

State of the Container Ecosystem

Prometheus - basics

The internals and the latest trends of container runtimes

Kata Container - The Security of VM and The Speed of Container | Yuntong Jin

Kubernetes @ Squarespace: Kubernetes in the Datacenter

Containers kuberenetes

Docker & Daily DevOps

Docker and-daily-devops

Docker handons-workshop-for-charity

Intro to Kubernetes & GitOps Workshop

Disenchantment: Netflix Titus, Its Feisty Team, and Daemons

Where is my cache architectural patterns for caching microservices by example

Introduction to istio

Implementing Observability for Kubernetes.pdf

Red Hat multi-cluster management & what's new in OpenShift

Mehr von David Timothy Strauss

Advanced Drupal 8 Caching

David Timothy Strauss

Scalable caching in Drupal is broken. Once cache access saturates a network link, the main options are Memcache sharding (which has broken coherency during and after network splits) and Redis clustering (immature in multi-master and as complex as MySQL replication in master/replica modes). We can do better. We can have better performance, scale, and operational simplicity. We just need to take a lesson from multicore processor architectures and their use of L1/L2 caches. Drupal doesn't even need full-scale coherency management; it just needs the cache writes on an earlier request to be guaranteed readable on a later request.

LCache DrupalCon Dublin 2016

David Timothy Strauss

Effective service and resource management with systemd

David Timothy Strauss

PHP at Density and Scale (Lone Star PHP 2014)

David Timothy Strauss

Mixing performance, configurability, density, and security at scale has, historically, been hard with PHP. Early approaches have involved CGIs, suhosin, or multiple Apache instances. Then came PHP-FPM. At Pantheon, we've taken PHP-FPM, integrated it with cgroups, namespaces, and systemd socket activation. We use it to deliver all of our goals at unheard-of densities: thousands and thousands of isolated pools per box. Watch how it's configured and see PHP-FPM pools start real-time to serve different Drupal sites as requests come into a server. All of our tools for this are open-source and usable on your own virtual machines and hardware.

PHP at Density and Scale

David Timothy Strauss

PHP at Density and Scale

David Timothy Strauss

Valhalla at Pantheon

David Timothy Strauss

Cassandra-Powered Distributed DNS

David Timothy Strauss

Scalable Drupal Infrastructure

David Timothy Strauss

Planning LAMP infrastructure

David Timothy Strauss

Is Drupal Secure?

David Timothy Strauss

Cassandra queuing

David Timothy Strauss

Mehr von David Timothy Strauss (12)

Advanced Drupal 8 Caching

LCache DrupalCon Dublin 2016

Effective service and resource management with systemd

PHP at Density and Scale (Lone Star PHP 2014)

PHP at Density and Scale

Valhalla at Pantheon

Cassandra-Powered Distributed DNS

Scalable Drupal Infrastructure

Planning LAMP infrastructure

Is Drupal Secure?

Cassandra queuing

Kürzlich hochgeladen

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

How to convert PDF to text with Nanonets

naman860154

Slack Application Development 101 Slides

praypatel2

A Call to Action for Generative AI in 2024

Results

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

CNv6 Instructor Chapter 6 Quality of Service

giselly40

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Histor y of HAM Radio presentation slide

vu2urc

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Kürzlich hochgeladen (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Boost Fertility New Invention Ups Success Rates.pdf

How to convert PDF to text with Nanonets

Slack Application Development 101 Slides

A Call to Action for Generative AI in 2024

What Are The Drone Anti-jamming Systems Technology?

CNv6 Instructor Chapter 6 Quality of Service

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Automating Google Workspace (GWS) & more with Apps Script

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Powerful Google developer tools for immediate impact! (2023-24 C)

Histor y of HAM Radio presentation slide

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Axa Assurance Maroc - Insurer Innovation Award 2024

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Scaling API-first – The story of a global engineering organization

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Container Security via Monitoring and Orchestration - Container Security Summit

1. Orchestration and Monitoring Containers as a Foundation for Fast Vulnerability Responses, Rapid Compromise Detection, and Containment

2. About Me ● Drupal ○ Infrastructure (drupal.org) ○ Security ○ Performance/scalability, especially databases ● Systemd ○ Committer ○ Scalable cgroups management ○ Structured logging integration ○ Launch-on-demand adapter maintainer ● Pantheon ○ CTO and Co-founder ○ Billions of monthly page views ○ Millions of containers

3. ContainmentDetectionPreparation

4. ContainmentDetectionPreparation

5. Container Hosts Container Container Preparation: Reducing Exposure Traditional Model Extra Work to Configure Firewalls Containers Model Explicit Services Made Public Server or Virtual Machine Port 23 (Telnet) Port 22 (SSH) Port 80 (HTTP) Port 443 (HTTPS) Port 80 (HTTP) Port 443 (HTTPS) KubeIngress

6. Preparation: Patching with Rolling Updates Container Hosts Container (Old) KubeIngress HTTPS Container Hosts Container (New) KubeIngress HTTPS Container (Old)

7. Preparation: Identifying Vulnerable Applications Container Hosts Runtime + Libraries (Old) Runtime + Libraries (New) Container Container Container Hosts Runtime + Libraries (Old) Runtime + Libraries (New) Container Container

8. ContainmentDetectionPreparation

9. Detection: Suspicious Behavior Container Host Container Daemon PID 1 Container Daemon PID 1 PID or Container Supervisor Container Host Container Daemon PID 1 Container Daemon PID 1 PID or Container Supervisor Container Host Container Daemon SEGV’d PID 1 Container Daemon PID 1 PID 1 or Container Supervisor Centralized Monitoring

10. Detection: Integrity Verification Container Trusted Party Signature

11. ContainmentDetectionPreparation

12. Containment Antipattern: Mandatory Access Control (MAC) as an Afterthought

13. Containment: Containers Setting the Boundaries First

14. Containment: Resource Management with Control Groups Container Host Container Container ControlGroups

15. Containment: Isolation of Statefulness Container Host Container Persistence Container

16. Containment: Containers as a Public Key Infrastructure (PKI) Substrate Container Host Container LoadBalancer X.509 Server Cert HTTPS Configuration Management and Certificate Authority Services X.509 Server Cert X.509 Client Cert PersistenceX.509 Server Cert Container X.509 Cert X.509 Cert X.509 Client Cert

17. Questions? @DavidStrauss david@pantheon.io linkedin.com/in/davidstrauss

Container Security via Monitoring and Orchestration - Container Security Summit

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Container Security via Monitoring and Orchestration - Container Security Summit

Ähnlich wie Container Security via Monitoring and Orchestration - Container Security Summit (20)

Mehr von David Timothy Strauss

Mehr von David Timothy Strauss (12)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Container Security via Monitoring and Orchestration - Container Security Summit