Orchestration Ownage: Exploiting Container-Centric Datacenter Platforms
|
|
- Cody Osborne
- 5 years ago
- Views:
Transcription
1 SESSION ID: CSV-R03 Orchestration Ownage: Exploiting Container-Centric Datacenter Platforms Bryce Kunz Senior Threat Specialist Adobe Mike Mellor Director, Information Security Adobe
2 Intro Mike Mellor Director, Information Adobe Bryce Kunz Senior Threat Adobe 2
3 Containers - The Future is Now! 2016 Surveys: 15-16% of all organizations are already using containers in production 35% organizations have done a proof-of-concept The Future is Now! Containers are in production now Containers are continuing to grow in popularity 3
4 Containers appear more secure The biggest drivers: 39% to increase developer efficiency and 36% to support microservices Organizations want to avoid cloud platform lock-in 2016 Surveys: Many (42%) organizations gain value in the secure/isolated capabilities that containers provide 4
5 But managing Containers feels complex 2016 Survey: The more exposure an organization has to containers, The more complexities are exposed. Respondents said they found containers too complex to integrate into existing environments, and require too many skilled resources to manage. 5
6 And are very challenging to manage at scale 2016 Survey: The #1 challenge of containers, according to the 53% of respondents who are either using or evaluating containers, is Container Management. 6
7 Probable Security Nightmare Too Complex + Challenging to Manage = Probable Security Nightmare Complexity the Worst Enemy of Security - Bruce Schneier 7
8 Container and Cluster Management Options Technology Design Pros Cons Public Cloud Container Services Container Centric Easy, Scalable Vendor Lock-in; Proprietary Docker Swarm Docker Centric Native Clustering Limited by API Kubernetes Mesos & DC/OS Clusters of Containerized s Cluster Management Works w/ Docker; Mounts persistent volumes Works w/ Docker, Kubernetes, & Native s; Very Flexible Custom overlay requires more specialization Additional layers adds more complexities 8
9 Cluster Management CoreOS Linux OS Many servers in DataCenter AWS Azure etc Datacenter, Azure, AWS, GCE, etc 9 How do we effectively use all of these resources?
10 Mesos Master & s Mesos Master 5050/TCP by default Distributes Tasks Mesos Master 5051/TCP by default Executes Tasks Datacenter, Azure, AWS, GCE, etc 10 CoreOS Linux OS
11 Mesos is the Kernel of DC/OS Mesos is the kernel of the distributed operating system known as DC/OS Master Kernel: Datacenter, Azure, AWS, GCE, etc 11
12 Frameworks Frameworks provide the logic Frameworks: Init Jobs Marathon Master Kernel: Cron Jobs Datacenter, Azure, AWS, GCE, etc 12 Chronos Metronome
13 Supporting: Configuration Stores Configuration Stores Supporting: keep everyone on the same page Frameworks: Kernel: Master Zoo Keeper Etcd Datacenter, Azure, AWS, GCE, etc 13
14 Supporting: Discovery Discovery Supporting: Enables the finding of other services within the cluster Frameworks: Master Mesos DNS Kernel: Datacenter, Azure, AWS, GCE, etc 14
15 DC/OS Design s: Supporting: Containers w/ s Docker Containers Frameworks: Kernel: Master Web s etc Datacenter, Azure, AWS, GCE, etc 15
16 Internet Accessible Containers Internet s: Supporting: Frameworks: Containers w/ s Public Internet Accessible Master Private Kernel: Internal Datacenter, Azure, AWS, GCE, etc 16
17 Scenario Internet s: Supporting: Frameworks: RCE Master Initial Access (RCE) Via a vulnerable web application Into a container As limited user (e.g. www-data) Kernel: Datacenter, Azure, AWS, GCE, etc 17
18 Scenario: RCE via web app within a container e.g. JBoss, Tomcat, OSGi Console, Axis2, etc 18
19 Recon via Mesos DNS Internet s: Supporting: RCE Query via pivot: Mesos DNS 53/UDP & TCP DNS service Frameworks: Master Kernel: Datacenter, Azure, AWS, GCE, etc 19
20 .mesos TLD The easy way to find services within the cluster 20
21 Recon via Mesos DNS Internet s: RCE Query via pivot: Mesos DNS Supporting: Frameworks: 8123/TCP by default DNS via REST API Kernel: Master Service Discover within the Cluster Datacenter, Azure, AWS, GCE, etc 21
22 Undocumented? /v1/enumerate -> all mesos dns information 22
23 Enumerate Mesos DNS using REST API /v1/enumerate -> all mesos dns information 23
24 Find IP & RHP TCP ports of all services /v1/enumerate -> all mesos dns information 24
25 Secure: Disable Risky Mesos DNS Features Internet s: Supporting: Frameworks: Kernel: RCE Master Datacenter, Azure, AWS, GCE, etc 25 Disable the AXFR Enumerate API Calls Harder for attacker to discover all services lications shouldn t commonly be using these API calls
26 Recon via Mesos Master Internet s: Supporting: RCE Query via pivot: Mesos Master 5050/TCP by default Distributes Tasks Frameworks: Master Kernel: Datacenter, Azure, AWS, GCE, etc 26
27 Enumerate Mesos Master Request via the REST API 27
28 Enumerate Mesos Master Response: json w/ all Mesos s IP addresses within the cluster 28
29 Recon via Mesos DNS Internet s: Supporting: RCE Query via pivot: Mesos 5051/TCP by default Executes Tasks Frameworks: Master Kernel: Datacenter, Azure, AWS, GCE, etc 29
30 Enumerate Mesos Request via the REST API 30
31 Enumerate Mesos Response: json w/ what containers are currently running on the server (i.e. basic0012) 31
32 Secure: Logical Internal Network Segmentation s: Supporting: Separates out the network into zones: s w/ Data Management Frameworks: Kernel: Master Commonly with Calico, Datacenter, Azure, AWS, GCE, etc 32 Canal, or Flannel
33 Secrets via Configuration Store Internet s: Supporting: Frameworks: Kernel: RCE Master Datacenter, Azure, AWS, GCE, etc 33 Etcd RHP/TCP by default 2379/TCP client/server 2380/TCP peers Configuration Store Core OS Fleets Units lications ZooKeeper 2181/TCP by default Binary Protocol
34 Enumerate Etc Request via the REST API recursively 34
35 Enumerate Etc Response: json frequently containing secrets including credentials 35
36 Secure: Separate Configuration Stores Internet s: Supporting: Frameworks: Kernel: RCE Master Datacenter, Azure, AWS, GCE, etc 36 Separate out the configuration stores into zones: s w/ Data Management Enforce separation via Authentication Credentials and Logical Network Segmentation
37 Frameworks Internet s: Supporting: Frameworks: Kernel: RCE Master Datacenter, Azure, AWS, GCE, etc 37 Marathon Long Running Services e.g. Containers Ensures always running Chronos Cron for the Cluster Batch Jobs
38 RCE via Marathon Jobs Request via the REST API 38
39 RCE via Marathon Jobs Internet s: Supporting: Frameworks: Kernel: RCE Master Datacenter, Azure, AWS, GCE, etc 39 RCE Marathon Long Running Services e.g. Containers Ensures always running Chronos Cron for the Cluster Batch Jobs
40 RCE via Marathon Jobs Response: json with the malicious job status 40
41 RCE via Chronos Jobs Internet s: Supporting: Frameworks: Kernel: RCE Master Datacenter, Azure, AWS, GCE, etc 41 RCE Marathon Long Running Services e.g. Containers Ensures always running Chronos Cron for the Cluster Batch Jobs
42 Secure: Enforce Authentication Internet s: Supporting: Frameworks: Kernel: RCE Master Datacenter, Azure, AWS, GCE, etc 42 lications must support and be configured to use authentication as well securely store and use credentials be deployed securely and/or retrieve credentials securely Alert on brute force attempts
43 Creds via MitM with ARP Spoofing Internet s: RCE Another Container has the Creds for Marathon Supporting: Frameworks: Master Kernel: Datacenter, Azure, AWS, GCE, etc 43
44 Creds via MitM with ARP Spoofing Internet s: Supporting: Frameworks: RCE ARP Attacker uses ARP spoofing to redirect that containers traffic to the compromised container Kernel: Master Attacker collect the credentials Datacenter, Azure, AWS, GCE, etc 44
45 Creds via MitM with ARP Spoofing Internet s: Supporting: Frameworks: RCE ARP Attacker can now create malicious Marathon jobs Negating authentication security controls Master Kernel: RCE Datacenter, Azure, AWS, GCE, etc 45
46 Secure: TLS for Internal Communications Internet s: Supporting: RCE ARP Enable TLS w/ valid certificates for strong HTTPS communications Anything using credentials needs TLS! Frameworks: Kernel: Master Validate Certificates Fail closed on bad certificates Datacenter, Azure, AWS, GCE, etc 46 Alert on certificates errors
47 Strategic Actions Next week: Assess which services you can enable Authentication & TLS on w/o breaking your existing applications within the cluster Three months from now: Implement Authentication & TLS on safe services and frameworks Focusing on services responsible for orchestration within the cluster Deploy separate services where possible for s that do not support TLS & Auth Six months from now: Retrofit all lications within the cluster to use TLS & Authentication Enforce the use of TLS & Authentication internal everywhere (disable clear-text) 47
48 Big Picture Container Adoption Is Maturing, especially in Enterprises Enterprises are using containers in production. 48
49 Big Picture Pivoting from a compromised service within the cluster No container breakout / 0day / exploit needed J May enable an attacker to completely compromise the cluster 49
50 Big Picture Looking Beyond the Border with a Defense in Depth strategy Secures the Future & the cluster 50
51 Thank you! Thank you! 51
52 Future Research Testing MitM from compromised container NCC Group s report states this is possible for co-hosted containers Test downgrade HTTPS communications Can we downgrade from HTTPS to HTTP and capture creds from another container? Test Certs (e.g. can cert pinning be enabled?) to REST APIs Can we MitM and impersonate the API service? Test Authentication Brute force attacks Fairly certain there are no lockouts, can we enable better authentication security? Write module to brute-force and guess creds Test Logical Network Segmentation Tools Calico, Canal, Flannel Note: these should work as advertised but probably we should independently verify 52
53 References Foundry-2016-Container-Report.pdf pdf 53
Deploying Applications on DC/OS
Mesosphere Datacenter Operating System Deploying Applications on DC/OS Keith McClellan - Technical Lead, Federal Programs keith.mcclellan@mesosphere.com V6 THE FUTURE IS ALREADY HERE IT S JUST NOT EVENLY
More informationIntroduction to Mesos and the Datacenter Operating System
Introduction to Mesos and the Datacenter Operating System Artem Harutyunyan (artem@mesosphere.io) 2016 Mesosphere, Inc. All Rights Reserved. INTRO $ whoami ARTEM HARUTYUNYAN ALICE Offline (2004-2010) AliEn
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationEASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER
EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER 2 WHY KUBERNETES? Kubernetes is an open-source container orchestrator for deploying and managing containerized applications. Building on 15 years of experience
More informationNetworking & Security for Mesos
Sponsored by Networking & Security for Mesos AN IP FOR EVERY CONTAINER AND MORE! Christopher Liljenstolpe February 24, 2016 The #1 Challenge for Cloud? Recent data breaches due to hacking or poor security
More informationWHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction
WHITE PAPER RedHat OpenShift Container Platform Abstract Benefits: Applications are designed around smaller independent components called microservices. Elastic resources: Scale up or down quickly and
More informationMesosphere and Percona Server for MongoDB. Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere)
Mesosphere and Percona Server for MongoDB Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere) Mesosphere DC/OS MICROSERVICES, CONTAINERS, & DEV TOOLS
More informationContainerization Dockers / Mesospere. Arno Keller HPE
Containerization Dockers / Mesospere Arno Keller HPE What is the Container technology Hypervisor vs. Containers (Huis vs artement) A container doesn't "boot" an OS instead it loads the application and
More information@joerg_schad Nightmares of a Container Orchestration System
@joerg_schad Nightmares of a Container Orchestration System 2017 Mesosphere, Inc. All Rights Reserved. 1 Jörg Schad Distributed Systems Engineer @joerg_schad Jan Repnak Support Engineer/ Solution Architect
More information270 Total Nodes. 15 Nodes Down 2018 CONTAINER ADOPTION SURVEY. Clusters Running. AWS: us-east-1a 23 nodes. AWS: us-west-1a 62 nodes
AWS: us-east-1a 23 nodes AWS: us-west-1a 62 nodes 20 Clusters Running 2018 CONTAINER ADOPTION SURVEY 6 lumes 270 Total Nodes 15 Nodes Down EXECUTIVE SUMMARY It s clear to most industry watchers that containers
More informationSetting up Kubernetes with Day 2 in Mind. Angela Chin, Senior Software Engineer, Pivotal Urvashi Reddy, Senior Software Engineer, Pivotal
Setting up Kubernetes with Day 2 in Mind Angela Chin, Senior Software Engineer, Pivotal Urvashi Reddy, Senior Software Engineer, Pivotal About Us Angela Software Engineer @ Pivotal Based in Santa Monica,
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationMesosphere and the Enterprise: Run Your Applications on Apache Mesos. Steve Wong Open Source Engineer {code} by Dell
Mesosphere and the Enterprise: Run Your Applications on Apache Mesos Steve Wong Open Source Engineer {code} by Dell EMC @cantbewong Open source at Dell EMC {code} by Dell EMC is a group of passionate open
More informationKubernetes: Integration vs Native Solution
Kubernetes: Integration vs Native Solution Table of Contents 22 Table of Contents 01 Introduction...3 02 DC/OS...4 03 Docker Enterprise...7 04 Rancher...10 05 Azure...13 06 Conclusion...15 3 01 Introduction
More informationMesosphere and Percona Server for MongoDB. Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere)
Mesosphere and Percona Server for MongoDB Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere) Mesosphere DC/OS MICROSERVICES, CONTAINERS, & DEV TOOLS DATA SERVICES,
More informationBuilding a Data-Friendly Platform for a Data- Driven Future
Building a Data-Friendly Platform for a Data- Driven Future Benjamin Hindman - @benh 2016 Mesosphere, Inc. All Rights Reserved. INTRO $ whoami BENJAMIN HINDMAN Co-founder and Chief Architect of Mesosphere,
More informationAGILE DEVELOPMENT AND PAAS USING THE MESOSPHERE DCOS
Sunil Shah AGILE DEVELOPMENT AND PAAS USING THE MESOSPHERE DCOS 1 THE DATACENTER OPERATING SYSTEM (DCOS) 2 DCOS INTRODUCTION The Mesosphere Datacenter Operating System (DCOS) is a distributed operating
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationDistributed Data on Distributed Infrastructure. Claudius Weinberger & Kunal Kusoorkar, ArangoDB Jörg Schad, Mesosphere
Distributed Data on Distributed Infrastructure Claudius Weinberger & Kunal Kusoorkar, ArangoDB Jörg Schad, Mesosphere Kunal Kusoorkar Director Solutions Engineering, ArangoDB @neunhoef Jörg Schad Claudius
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationProject Calico v3.2. Overview. Architecture and Key Components. Project Calico provides network security for containers and virtual machine workloads.
Project Calico v3.2 Overview Benefits Simplicity. Traditional Software Defined Networks (SDNs) are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified
More informationProject Calico v3.1. Overview. Architecture and Key Components
Project Calico v3.1 Overview Benefits Simplicity. Traditional Software Defined Networks (SDNs) are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationSecurity Challenges: Integrating Apple Computers into Windows Environments
Integrating Apple Computers into Windows Environments White Paper Parallels Mac Management for Microsoft SCCM 2018 Presented By: Table of Contents Environments... 3 Requirements for Managing Mac Natively
More informationContainer Orchestration on Amazon Web Services. Arun
Container Orchestration on Amazon Web Services Arun Gupta, @arungupta Docker Workflow Development using Docker Docker Community Edition Docker for Mac/Windows/Linux Monthly edge and quarterly stable
More informationDefining Security for an AWS EKS deployment
Defining Security for an AWS EKS deployment Cloud-Native Security www.aporeto.com Defining Security for a Kubernetes Deployment Kubernetes is an open-source orchestrator for automating deployment, scaling,
More informationLaunching StarlingX. The Journey to Drive Compute to the Edge Pilot Project Supported by the OpenStack
Launching StarlingX The Journey to Drive Compute to the Edge Pilot Project Supported by the OpenStack Foundation Ian Jolliffe, WIND RIVER SYSTEMS Director Engineering @ian_jolliffe Project Overview An
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationSCALING LIKE TWITTER WITH APACHE MESOS
Philip Norman & Sunil Shah SCALING LIKE TWITTER WITH APACHE MESOS 1 MODERN INFRASTRUCTURE Dan the Datacenter Operator Alice the Application Developer Doesn t sleep very well Loves automation Wants to control
More informationTEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist
TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes
More informationAn Introduction to Kubernetes
8.10.2016 An Introduction to Kubernetes Premys Kafka premysl.kafka@hpe.com kafkapre https://github.com/kafkapre { History }???? - Virtual Machines 2008 - Linux containers (LXC) 2013 - Docker 2013 - CoreOS
More informationHow to Put Your AF Server into a Container
How to Put Your AF Server into a Container Eugene Lee Technology Enablement Engineer 1 Technology Challenges 2 Cloud Native bring different expectations 3 We are becoming more impatient Deploy Code Release
More informationSupporting GPUs in Docker Containers on Apache Mesos
Supporting GPUs in Docker Containers on Apache Mesos MesosCon Europe - 2016 Kevin Klues Senior Software Engineer Mesosphere Yubo Li Staff Researcher IBM Research China Kevin Klues Yubo Li Kevin Klues is
More informationKubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA
Kubernetes made easy with Docker EE Patrick van der Bleek Sr. Solutions Engineer NEMEA Docker Enterprise Edition is More than Containers + Orchestration... DOCKER ENTERPRISE EDITION Kubernetes integration
More informationVitess on Kubernetes. followed by a demo of VReplication. Jiten Vaidya
Vitess on Kubernetes followed by a demo of VReplication Jiten Vaidya jiten@planetscale.com A word about me... Jiten Vaidya - Managed teams that operationalized Vitess at Youtube CEO at PlanetScale Founded
More informationDocker CaaS. Sandor Klein VP EMEA
Docker CaaS Sandor Klein VP EMEA The Docker mission Build Ship Run Distributed Applica ons Anywhere Docker Driving the Containerization Movement Build, Ship, Run Distributed Applications Anywhere Docker
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
CNA1612BU Deploying real-world workloads on Kubernetes and Pivotal Cloud Foundry VMworld 2017 Fred Melo, Director of Technology, Pivotal Merlin Glynn, Sr. Technical Product Manager, VMware Content: Not
More informationOpenShift on Public & Private Clouds: AWS, Azure, Google, OpenStack
OpenShift on Public & Private Clouds: AWS, Azure, Google, OpenStack Chris Morgan, Technical Director, OpenShift Ecosystem Chuck Svoboda, Cloud Specialist, Federal Solutions June 29, 2016 Agenda What is
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationSCALE AND SECURE MOBILE / IOT MQTT TRAFFIC
APPLICATION NOTE SCALE AND SECURE MOBILE / IOT TRAFFIC Connecting millions of devices requires a simple implementation for fast deployments, adaptive security for protection against hacker attacks, and
More informationThink Small to Scale Big
Think Small to Scale Big Intro to Containers for the Datacenter Admin Pete Zerger Principal Program Manager, MVP pete.zerger@cireson.com Cireson Lee Berg Blog, e-mail address, title Company Pete Zerger
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More informationHacking and Hardening Kubernetes
SESSION ID: HT-W02 Hacking and Hardening Kubernetes Jay Beale CTO InGuardians, Inc @jaybeale and @inguardians Adam Crompton Senior Security Analyst InGuardians, Inc. @3nc0d3r and @inguardians Table of
More informationDocker Container Access Reference Design
Docker Container Access Reference Design Version 06-18-2016 Copyright 2014-2016 Aviatrix Systems, Inc. All rights reserved. Introduction Project Skyhook by Aviatrix enables VPN users to access remote Docker
More informationWHITE PAPER. Kubernetes Deployment Models: The Ultimate Guide
WHITE PAPER Kubernetes Deployment Models: The Ultimate Guide Kubernetes Overview 3 WHITE PAPER: Kubernetes Deployment Models The Ultimate Guide Kubernetes Deployment Considerations 3 Kubernetes Deployment
More informationADC im Cloud - Zeitalter
ADC im Cloud - Zeitalter Applikationsdienste für Hybrid-Cloud- und Microservice-Szenarien Ralf Sydekum, SE Manager DACH, F5 Networks GmbH Some of the Public Cloud Related Questions You May Have.. It s
More informationBuilding/Running Distributed Systems with Apache Mesos
Building/Running Distributed Systems with Apache Mesos Philly ETE April 8, 2015 Benjamin Hindman @benh $ whoami 2007-2012 2009-2010 - 2014 my other computer is a datacenter my other computer is a datacenter
More informationRunning MarkLogic in Containers (Both Docker and Kubernetes)
Running MarkLogic in Containers (Both Docker and Kubernetes) Emma Liu Product Manager, MarkLogic Vitaly Korolev Staff QA Engineer, MarkLogic @vitaly_korolev 4 June 2018 MARKLOGIC CORPORATION Source: http://turnoff.us/image/en/tech-adoption.png
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationFive Essential Capabilities for Airtight Cloud Security
Five Essential Capabilities for Airtight Cloud Security SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption.
More informationebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS
ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS Introduction Load balancing isn t just about managing traffic anymore. As your infrastructure expands to include applications in
More informationCONTAINERS AND MICROSERVICES WITH CONTRAIL
CONTAINERS AND MICROSERVICES WITH CONTRAIL Scott Sneddon Sree Sarva DP Ayyadevara Sr. Director Sr. Director Director Cloud and SDN Contrail Solutions Product Line Management This statement of direction
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationFlip the Switch to Container-based Clouds
Flip the Switch to Container-based Clouds B I L L B O R S A R I D I R E C T O R, S Y S T E M S E N G I N E E R I N G 1 November 2017 1 2017 Datera Datera at a Glance Founded 2013 Smart storage for clouds
More informationCloud Native Networking
Webinar Series Cloud Native Networking January 12, 2017 Your Presenters Christopher Liljenstolpe CTO, Tigera / Founder, Project Calico Bryan Boreham Director of Engineering, WeaveWorks 2 Networking in
More informationDesigning MQ deployments for the cloud generation
Designing MQ deployments for the cloud generation WebSphere User Group, London Arthur Barr, Senior Software Engineer, IBM MQ 30 th March 2017 Top business drivers for cloud 2 Source: OpenStack user survey,
More informationCloud & container monitoring , Lars Michelsen Check_MK Conference #4
Cloud & container monitoring 04.05.2018, Lars Michelsen Some cloud definitions Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Software-as-a-Service (SaaS) Applications
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More information利用 Mesos 打造高延展性 Container 環境. Frank, Microsoft MTC
利用 Mesos 打造高延展性 Container 環境 Frank, Microsoft MTC About Me Developer @ Yahoo! DevOps @ HTC Technical Architect @ MSFT Agenda About Docker Manage containers Apache Mesos Mesosphere DC/OS application = application
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationNetworking Approaches in. a Container World. Flavio Castelli Engineering Manager
Networking Approaches in a Container World Flavio Castelli Engineering Manager fcastelli@suse.com Rossella Sblendido Engineering Manager rsblendido@suse.com Disclaimer There a many container engines, I
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationKubernetes 101. Doug Davis, STSM September, 2017
Kubernetes 101 Doug Davis, STSM September, 2017 Today's Agenda What is Kubernetes? How was Kubernetes created? Where is the Kubernetes community? Technical overview What's the current status of Kubernetes?
More informationRed Team View: Gaps in the Serverless Attack Surface.
SESSION ID: CSV-W12 Red Team View: Gaps in the Serverless Attack Surface. Mike Cotton SVP Research & Development Digital Defense Inc. Overview Shift in Technology -> Shift in Tactics Serverless Another
More informationPOWERING THE INTERNET WITH APACHE MESOS
Neil Conway, Niklas Nielsen, Greg Mann & Sunil Shah POWERING THE INTERNET WITH APACHE MESOS 1 MESOS: ORIGINS 2 THE BIRTH OF MESOS TWITTER TECH TALK APACHE INCUBATION The grad students working on Mesos
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationAdvanced Continuous Delivery Strategies for Containerized Applications Using DC/OS
Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS ContainerCon @ Open Source Summit North America 2017 Elizabeth K. Joseph @pleia2 1 Elizabeth K. Joseph, Developer Advocate
More informationAGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat
AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE Lutz Lange - Senior Solution Architect Red Hat Digital Transformation It requires an evolution in. Applications Infrastructure
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationImportant DevOps Technologies (3+2+3days) for Deployment
Important DevOps Technologies (3+2+3days) for Deployment DevOps is the blending of tasks performed by a company's application development and systems operations teams. The term DevOps is being used in
More informationIngress Kubernetes Tutorial
Ingress Kubernetes Tutorial 1 / 6 2 / 6 3 / 6 Ingress Kubernetes Tutorial Edit This Page. Ingress. An API object that manages external access to the services in a cluster, typically HTTP. Ingress can provide
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationNote: Isolation guarantees among subnets depend on your firewall policies.
Virtual Networks DC/OS supports Container Networking Interface (CNI)-compatible virtual networking solutions, including Calico and Contrail. DC/OS also provides a native virtual networking solution called
More informationRed Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases. Lutz Lange Solution
Red Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases Lutz Lange Solution Architect @AtomicContainer OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9
More informationTraining: Pentesting the Modern Application Stack
Training: Pentesting the Modern Application Stack Date of the training: March 18 19, 2019 in Heidelberg, Germany Book Now using the voucher code: TR19_HMTS and save an additional 5% of the current valid
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationBig Data Security. Facing the challenge
Big Data Security Facing the challenge Experience the presentation xlic.es/v/e98605 About me Father of a 5 year old child Technical leader in Architecture and Security team at Stratio Sailing skipper 3
More information@unterstein #bedcon. Operating microservices with Apache Mesos and DC/OS
@unterstein @dcos @bedcon #bedcon Operating microservices with Apache Mesos and DC/OS 1 Johannes Unterstein Software Engineer @Mesosphere @unterstein @unterstein.mesosphere 2017 Mesosphere, Inc. All Rights
More informationVMWARE PIVOTAL CONTAINER SERVICE
DATASHEET VMWARE PIVOTAL CONTAINER SERVICE AT A GLANCE VMware Pivotal Container Service (PKS) is a production-grade Kubernetes-based container solution equipped with advanced networking, a private container
More informationSecuring Microservice Interactions in Openstack and Kubernetes
Securing Microservice Interactions in Openstack and Kubernetes Yoshio Turner & Jayanth Gummaraju Co- Founders @ Banyan https://www.banyanops.com Banyan Founded in the middle of 2015 In San Francisco, CA
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationAdvantages of using DC/OS Azure infrastructure and the implementation architecture Bill of materials used to construct DC/OS and the ACS clusters
Reference implementation: The Azure Container Service DC/OS is a distributed operating system powered by Apache Mesos that treats collections of CPUs, RAM, networking and so on as a distributed kernel
More informationYOUR APPLICATION S JOURNEY TO THE CLOUD. What s the best way to get cloud native capabilities for your existing applications?
YOUR APPLICATION S JOURNEY TO THE CLOUD What s the best way to get cloud native capabilities for your existing applications? Introduction Moving applications to cloud is a priority for many IT organizations.
More informationThis tutorial will give you a quick start with Consul and make you comfortable with its various components.
About the Tutorial Consul is an important service discovery tool in the world of Devops. This tutorial covers in-depth working knowledge of Consul, its setup and deployment. This tutorial aims to help
More informationTexSaw Penetration Te st in g
TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This
More informationNetwork Access Control and VoIP. Ben Hostetler Senior Information Security Advisor
Network Access Control and VoIP Ben Hostetler Senior Information Security Advisor Objectives/Discussion Points Network Access Control Terms & Definitions Certificate Based 802.1X MAC Authentication Bypass
More informationArchitecting for Failure in a Containerized World. Tom Faulhaber Infolace
Architecting for Failure in a Containerized World Tom Faulhaber Infolace How can container tech help us build robust systems? Key takeaway: an architectural toolkit for building robust systems with
More informationWHITEPAPER. Embracing Containers & Microservices for future-proof application modernization
WHITEPAPER Embracing Containers & Microservices for future-proof application modernization The need for application modernization: Legacy applications are typically based on a monolithic design, which
More informationOverview of Container Management
Overview of Container Management Wyn Van Devanter @wynv Vic Kumar Agenda Why Container Management? What is Container Management? Clusters, Cloud Architecture & Containers Container Orchestration Tool Overview
More informationIssues Fixed in DC/OS
Release Notes for 1.10.4 These are the release notes for DC/OS 1.10.4. DOWNLOAD DC/OS OPEN SOURCE Issues Fixed in DC/OS 1.10.4 CORE-1375 - Docker executor does not hang due to lost messages. DOCS-2169
More informationContainers, Serverless and Functions in a nutshell. Eugene Fedorenko
Containers, Serverless and Functions in a nutshell Eugene Fedorenko About me Eugene Fedorenko Senior Architect Flexagon adfpractice-fedor.blogspot.com @fisbudo Agenda Containers Microservices Docker Kubernetes
More informationFROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS
FROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS Carlos Sanchez @csanchez Watch online at carlossg.github.io/presentations ABOUT ME Senior So ware Engineer @ CloudBees Author of Jenkins Kubernetes plugin
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More information