To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions. Author Liz Rice, VP of open source engineering at Aqua Security, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You’ll understand what’s happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you’re ready to get started. • Explore attack vectors that affect container deployments • Dive into the Linux constructs that underpin containers • Examine measures for hardening containers • Understand how misconfigurations can compromise container isolation • Learn best practices for building container images • Identify container images that have known software vulnerabilities • Leverage secure connections between containers • Use security tooling to prevent attacks on your deployment To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions.Author Liz Rice, Chief Open Source Officer at Isovalent, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.Explore attack vectors that affect container deploymentsDive into the Linux constructs that underpin containersExamine measures for hardening containersUnderstand how misconfigurations can compromise container isolationLearn best practices for building container imagesIdentify container images that have known software vulnerabilitiesLeverage secure connections between containersUse security tooling to prevent attacks on your deployment Many organizations now run applications in cloud native environments, using containers and orchestration to facilitate scalability and resilience. But how do you know whether your deployment is secure? To fully grasp the security implications of containers and their operation, you’ll need an understanding of what they are and how they work. In this excerpt from her forthcoming book Container Security, author Liz Rice takes you through the mechanisms that isolate and protect your applications within each container. This book as a whole looks at the building blocks and security boundaries commonly used in container-based systems and how they’re constructed in the Linux operating system. In the featured chapter, "Container Isolation," you’ll learn how namespaces limit the set of files and directories that particular container processes can see, functionally isolating them from other operations. Learn how a container is actually a Linux process with a restricted view of the machine it’s running on Explore the different namespaces typically used to create Linux containers Examine how containerized processes are isolated from the host and other containerized processes "To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions. Author Liz Rice, VP of open source engineering at Aqua Security, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started."--Page 4 of cover To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions. Author Liz Rice, Chief Open Source Officer at Isovalent, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.