Securing Microservice Architectures Laura Bell M239.
-
Upload
logan-greer -
Category
Documents
-
view
214 -
download
1
Transcript of Securing Microservice Architectures Laura Bell M239.
![Page 1: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/1.jpg)
![Page 2: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/2.jpg)
Securing Microservice ArchitecturesLaura Bell M239
![Page 3: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/3.jpg)
![Page 4: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/4.jpg)
Modern Architecture Security Series
![Page 5: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/5.jpg)
caution:fast paced field ahead watch for out of date content
![Page 6: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/6.jpg)
In this talkMicroservice Fundamentals
Some important points that are worth refreshing
PreventionAvoid common vulnerabilities and avoid mistakes
DetectionPrepare for survival and response
![Page 7: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/7.jpg)
Microservice fundamentals
![Page 8: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/8.jpg)
![Page 9: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/9.jpg)
![Page 10: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/10.jpg)
to create and deploy new apps fast apps that automatically scale up to handle millions of users and scale down again to be able to make changesto have this be done by smaller teams
![Page 11: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/11.jpg)
usually 5 to 30 lines of code
many are 100 or so lines some are around 1,000 lines
![Page 12: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/12.jpg)
Integrity
Availability
Confidentiality
![Page 13: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/13.jpg)
SpoofingTampering
RepudiationInformation Disclosure
Denial of ServiceEscalation of Privilege
![Page 14: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/14.jpg)
Prevention
![Page 15: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/15.jpg)
Service decomposition
![Page 16: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/16.jpg)
size and complexity shouldn’t vary
![Page 17: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/17.jpg)
service dependency
cascading failure and fragility
![Page 18: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/18.jpg)
scaling and resource exhaustion
![Page 19: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/19.jpg)
Orchestration layer attacks
![Page 20: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/20.jpg)
attackers like simplewe are lazy
![Page 21: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/21.jpg)
one component to rule them all?
![Page 22: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/22.jpg)
Choose appropriate techRestrict accessMonitor aggressivelyConfigure wellChallenge assumptionsTest regularly
![Page 23: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/23.jpg)
Identity and access management
![Page 24: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/24.jpg)
principle of least privilege
the lowest set of permissions and accesses required to do your job
![Page 25: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/25.jpg)
Role based controlsrequire well defined roles
![Page 26: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/26.jpg)
AuditAuditAutomate and alertAuditAuditAudit
![Page 27: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/27.jpg)
Cloud Platform as a Servicemay make you more securemature groups and role assistance
![Page 28: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/28.jpg)
Immutable architectures matter in microservice security
![Page 29: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/29.jpg)
Auditable host configurations
are a good thing(but you might not be the
right person to audit them)
![Page 30: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/30.jpg)
Avoids configuration creep(including those changes made by an attacker)
![Page 31: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/31.jpg)
Attacker accesses become hard to persist
![Page 32: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/32.jpg)
Heterogeneous language and technology spaces
![Page 33: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/33.jpg)
![Page 34: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/34.jpg)
Choose the right tools for the job you are doing
![Page 35: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/35.jpg)
not all technologies have mature libraries, frameworks and documentation
![Page 36: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/36.jpg)
vulnerability management
can be challenging inmicroservicearchitectures
![Page 37: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/37.jpg)
![Page 38: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/38.jpg)
Testing
![Page 39: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/39.jpg)
ContinuousAutomated
SecurityTesting
(doesn’t require a specialist third party)
![Page 40: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/40.jpg)
OWASP Zap Proxyhttps://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_P
roject
Gauntlt http://gauntlt.org/
BDD Securityhttp://www.continuumsecurity.net/bdd-intro.html
![Page 41: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/41.jpg)
Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash
![Page 42: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/42.jpg)
Detection
![Page 43: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/43.jpg)
Logging and monitoring
![Page 44: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/44.jpg)
Log.All.The.Things
![Page 45: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/45.jpg)
Logs must be stored in a:secure locationimmutable formataway from production
![Page 46: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/46.jpg)
Poorly managed logs are a simple way to create
denial of service attacks
![Page 47: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/47.jpg)
Watch your logslike actually, for real, not just when you’re debugging
![Page 48: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/48.jpg)
Summary
![Page 49: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/49.jpg)
TL;DRMicroservice Fundamentals
Some important points that are worth refreshing
PreventionAvoid common vulnerabilities and avoid mistakes
DetectionPrepare for survival and response
![Page 50: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/50.jpg)
Related Ignite NZ Sessions
Security in a Container-based WorldFriday 11:55am
Find me later at… Hub Happy Hour Wed 5:30-6:30pm Hub Happy Hour Thu 5:30-6:30pm Closing drinks Fri 3:00-4:30pm
1
2
3
4
5
6
![Page 51: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/51.jpg)
Resources
TechNet & MSDN FlashSubscribe to our fortnightly newsletter
http://aka.ms/technetnz http://aka.ms/msdnnz
http://aka.ms/ch9nz
Microsoft Virtual AcademyFree Online Learning
http://aka.ms/mva
Sessions on Demand
![Page 52: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/52.jpg)
Complete your session evaluation now and be in to win!
![Page 53: Securing Microservice Architectures Laura Bell M239.](https://reader036.fdocuments.us/reader036/viewer/2022070413/5697bfa81a28abf838c999eb/html5/thumbnails/53.jpg)
© 2015 Microsoft Corporation. All rights reserved.Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or
other countries.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.