Suscríbase al feed

Ask An OpenShift Admin episode 115: Configuration Management for Security

11 de octubre de 2023Jehlum Vitasta Pandit1 minutos de lectura
Hybrid cloud Containers Automation and management 

More than 50% of respondents to the State of Kubernetes Security Report 2023 were highly concerned about misconfigurations and vulnerabilities when it came to the security of their applications in containers and Kubernetes environments.  

But, there are ways to mitigate the risks introduced by misconfigurations. One way is to take a proactive approach with configuration management - introducing automation for security scanning, having a zero trust policy within the cluster, ensuring you are thinking about security for the platform and the application-level. 

A couple of best practices for configuration management are: 

  1. Set egress policies for your pods: A lot of external attacks or breaches on the pod-level come via the internet. You can configure your pods to prevent this. A lot of pods might not need internet access at all - they just need to be able to communicate with other pods and DNS. You can set egress policies for your pods and by making egress impossible, you can mitigate it at the pod level by eliminating the possibility of the pod accessing the internet and being vulnerable to being attacked.
  2. Containers have writable file systems that are ephemeral. But, you can change this to ensure you are using read-only file systems and empty-dr. Tools like podman-diffs to gain visibility into how your apps are interacting with local file systems and can help you check this. 

Watch  the second episode of the Security Series on Ask an OpenShift Admin, where Chris Porter joins Andrew and Jonny to talk about Configuration Management for security in more detail! They go over how to build a security mindset, small steps you can take today to build apps the DevSecOps way, and more best practices for configuration management. 

At Red Hat, we offer Red Hat Advanced Cluster Security for Kubernetes as a way to manage container images and their related issues. Try ACS Cloud Service today! 

Tune in next week for part three on Runtime Security of this new series! 

Sobre el autor

Jehlum Vitasta Pandit

Jehlum Vitasta Pandit

Sr. Product Marketing Manager, Red Hat OpenShift

Jehlum is in the Red Hat OpenShift Product Marketing team and is very passionate about learning about how customers are adopting OpenShift and helping them do more with OpenShift!

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

Más similar

Publicación en blog

Network observability: Optimized anomaly detection with AI/ML

Publicación en blog

Secure cloud bursting: Leveraging confidential computing for peace of mind

shows originales

Transforming Your Acquisition

shows originales

Transforming Your Timelines | Code Comments

Navegar por canal

Explore todos los canales
automation icon

Automatización

Las últimas novedades en la automatización de la TI para los equipos, la tecnología y los entornos
AI icon

Inteligencia artificial

Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
open hybrid cloud icon

Nube híbrida abierta

Vea como construimos un futuro flexible con la nube híbrida
security icon

Seguridad

Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
edge icon

Edge computing

Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infrastructure icon

Infraestructura

Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
application development icon

Aplicaciones

Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Original series icon

Programas originales

Vea historias divertidas de creadores y líderes en tecnología empresarial