Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes

126 visualizaciones

Publicado el

Docker Enterprise got a big upgrade this year with Calico 3.5 for its Kubernetes networking! One of the most exciting new features is the ability to build Zero Trust Kubernetes networks with Calico Application Layer Policy in concert with Istio service mesh. Zero Trust networking is a way to build distributed applications such that they maintain security, even when containers, or the network itself, is compromised.

Starting with Docker Enterprise, they will demonstrate some common network attacks such as IP address spoofing and certificate exfiltration, then demonstrate building a Zero Trust network (by installing Istio and Application Layer Policies) for the application. They will show how this Zero Trust network repels all the demonstrated attack strategies and explain how to build and maintain a Zero Trust network for your own applications.

Publicado en: Tecnología
  • Sé el primero en comentar

DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes

  1. 1. Spike Curtis Senior Software Engineer, Tigera Zero Trust Networks Come to Docker Enterprise Kubernetes Brent Salisbury Software Alliance Engineer, Docker
  2. 2. Agenda • Motivation for Zero Trust Networks − Trends in application architecture − Trends in threat landscape − Deficiencies of the “Zone” model • Building Zero Trust with Docker Enterprise, Calico & Istio − Calico & Istio architecture − DEMO! • Conclusion, Q&A
  3. 3. Intra-Security Zone Traffic
  4. 4. Intra-Security Zone Traffic Hairpin
  5. 5. Cost Analysis
  6. 6. Inefficient Provisioning
  7. 7. Compute Provisioning
  8. 8. Distributing Policy Across Compute
  9. 9. Growing Attack Surface
  10. 10. Growing Attack Surface
  11. 11. Zero Trust Networking The network is always assumed to be hostile
  12. 12. Zero Trust Networking
  13. 13. Zero Trust Networking
  14. 14. LAN Zero Trust Networking
  15. 15. WAN Zero Trust Networking
  16. 16. Internet Zero Trust Networking
  17. 17. ● Resilient against compromised devices, workload, and network links ● Security is decoupled from network location ○ Simplified management ○ Flexible deployment ● VPNs are no longer needed Zero Trust Networking Advantages
  18. 18. Zero Trust Networking Software Control Plane Data PlanePlatform
  19. 19. Calico & Istio Architecture NodeNode Pod Workload Istio Citadel Envoy Felix Pod Workload Envoy Felix Mutual Authentication & Encryption Calico Policy Dikastes Dikastes IPTables IPTables
  20. 20. Demo Application customer summary database
  21. 21. Q&A