Security

Use Nmap To Automate Insecure Ports Check

While go cloud is a prevailing trend, security is something we can’t afford to ignore. People hate malicious access. Periodically check all widely open TCP Ports is one good practice to secure our system in cloud. Obviously DB ports can’t be exposed to the whole internet. Our internal REST API also need to be protected.

We should make sure firewall is properly configured. What’s more important, we need to be always on top of these security holes with minimum efforts. So let’s automate the audit process of insecure TCP Ports.

Use Nmap To Automate Insecure Ports Check


(more…)

5 Typical Kubernetes Security Scenarios

Maintain least privilege: Incorrect or excessively permissive RBAC policies are a security threat in case of a compromised pod.

For Kubernetes workloads (pods, deployments, jobs, sets, etc.), they may be trusted at deployment time, but if they’re internet-facing there’s always a risk of later exploitation.

The Linux kernel has a number of overlapping security extensions (capabilities, SELinux, AppArmor, seccomp-bpf) that can be configured to provide least privilege to applications.

TODO: diagram

  • Linux Security Features and PodSecurityPolicies; Network security
  • RABC

Kubernetes Security


(more…)