Upload File

zero trust kubernetes networks spike curtis what do we do? what do we do? secure application...

  • Home
  • Documents
  • ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity
26
ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS

Upload: phungdung

Post on 03-Apr-2018

215 views

Category:

Documents


2 download

Report

TRANSCRIPT

Page 1: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

ZERO TRUST KUBERNETES NETWORKS

SPIKE CURTIS

Page 2: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

What do we do?

Page 3: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

What do we do?

Page 4: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Secure Application Connectivityfor the

Cloud Native World

Why?

Page 5: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Front End

Data Store

Business Logic

Internet

Perimeter Firewall

Page 6: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Perimeter Firewall

Page 7: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity
Page 8: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Perimeter Firewall

Page 9: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Perimeter Firewall

Page 10: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Page 11: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Page 12: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Page 13: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Page 14: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

The evolution of secure application connectivity

Page 15: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity
Page 16: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Kubernetes Network Policy

Page 17: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Istio Service Mesh

Page 18: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Kubernetes + Istio the hard way?

Page 19: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Unified Policy for Secure Application Connectivity

Page 20: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Calico Policy

Label selector: specifies which pods to apply the policy to

apiVersion: v1kind: policymetadata: name: summaryspec: selector: app == "summary" ingress: - action: allow source: serviceAccounts: names: ["customer"] http: methods: ["GET"]

Page 21: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Calico Policy

Label, namespace, or serviceAccount selectors: specifies allowed connections

apiVersion: v1kind: policymetadata: name: summaryspec: selector: app == "summary" ingress: - action: allow source: serviceAccounts: names: ["customer"] http: methods: ["GET"]

Page 22: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Protocol, method and path selectors: specifies allowed application layer requests

Calico Policy

apiVersion: v1kind: policymetadata: name: summaryspec: selector: app == "summary" ingress: - action: allow source: serviceAccounts: names: ["customer"] http: methods: ["GET"]

Page 23: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Zero Trust Network Model

> The network is always assumed to be hostile

> External and internal threats exist on the network at all times

> Network locality is not sufficient for deciding trust

> Every device, user, and network flow is authenticated and authorized

> Policies must be dynamic and calculated from as many sources of data as possible

Zero Trust Networks by Evan Gilman & Doug Barth

Page 24: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Check it out!

Available today in open source:github.com/projectcalico/app-policy

Istio: Sailing to a Secure Services MeshFriday 11:55am Ballroom A

Page 25: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Do you need?

Check out:

Tigera CNXFind us at the Tigera booth

or

https://tigera.io/cnx

> Zero trust security> Multi-cloud & legacy

> Enterprise control & compliance> Operational simplicity

Page 26: ZERO TRUST KUBERNETES NETWORKS SPIKE CURTIS What do we do? What do we do? Secure Application Connectivity for the Cloud Native World Why? The evolution of secure application connectivity

Secure Global Connectivity€¦ · Private LTE with Secure VPN and simple certifi cation process for IoT/M2M devices. Our connectivity services are available for use on: Drones,

Using PIFA Technology to secure stable connectivity in

MediaTek MT3620 Secure Wireless Connectivity Chip

Xpress VPN - Secure wireless connectivity for remote offices, with assured quality of service

Secure data connectivity through MPLS VPN

Pulse Secure Client for Linux · Pulse Secure client for Linux provides secure connectivity between a device running Linux and Pulse Connect Secure. Pulse Secure client for Linux

LockIT SECURE CONNECTIVITY SYSTEMfiles.siemon.com/int-download-catalogs-system-catalog/wa_lockit-secure... · high density environments. The LockIT Secure Patch Cord is offered in

Secure Cloud Connectivity for Scientific Applications

Tech Recruiting Handbook - Amazon S3...TV, high-speed Internet services and smart solutions for businesses. Fast, secure and mobile connectivity – to Fast, secure and mobile connectivity

Enabling Secure Always-On Connectivity [Name] Microsoft Corporation

Secure Connectivity based Cyber Physical Systems towards

Establishing secure connectivity between Oracle Ravello … · 1 | establishing secure connectivity between oracle ravello and oracle cloud infrastructure database cloud table of

Secure SharePoint mobile connectivity

5G: Towards secure ubiquitous connectivity beyond 2020

MediaTek MT3620 Secure Wireless Connectivity Chip...Version: v2.1 Release Date: 2019-05-11 MediaTek MT3620 Secure Wireless Connectivity Chip ardwareUser Guide MT3620 Hardware User

Q.1 Write a short note on IP security? · Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity

ACHIEVE UBIQUITOUS, RESILIENT, SECURE CONNECTIVITY … · SECURE CONNECTIVITY WITH A HYBRID ADAPTIVE NETWORK WHAT IS IT? A Hybrid Adaptive Network (HAN) provides the warfighter

Secure connectivity. › ... › 06 › Prometha-Secure-Connectivity.pdfSecure connectivity. Customer Boiler(s) » Customer’s specific on-site physical and technical security practicesC-B

Aqua Comms | Delivering Secure Transatlantic Connectivity

Secure Connectivity on Every Network Layer

Secure connectivity of wireless sensor networks

Hummingbird Security 10 ● Connectivity SSL 10 ● Connectivity Kerberos 10 ● Connectivity Secure Shell 10 ● Connectivity SecureTerm 10

ENTERPRISE CONNECTIVITY...an enterprise and the public internet. The connectivity enables faster, more secure transactions and improved productivity by sharing information between

Flexible and Secure Connectivity for Cloud Data Centers

AeroMACS Enabling Safe and Secure Connectivity Worldwide · has been producing important work to increase awareness and advance AeroMACS as the standardized and secure broadband connectivity

Secure Cloud-to-Mainframe Connectivity with IBM · PDF fileRedpaper Front cover Secure Hybrid Cloud Connectivity with IBM Bluemix and z Systems Jeff Miller Senior Software Engineer,

5G: Towards secure ubiquitous connectivity beyond 2020soda.swedishict.se/5933/1/T2015_08.pdf · 5G: Towards secure ubiquitous connectivity beyond 2020 ... page 41 GN Group Node,

Automating Audio Bluetooth Connectivity Using NFC Secure Simple

Inter-processor Connectivity for Future Centralized ...€¦ · A Leading Provider of Smart, Connected and Secure Embedded Control Solutions Inter-processor Connectivity for Future

T27 Networks Secure Remote Connectivity to Automation Networks

Scalable and Secure Connectivity for Seamless Cloud Evolution

Specialists in filtered internet connectivity and secure ... · Specialists in internet connectivity and secure private networks 05 Delivering savings all round VPLS technology means

Secure Connectivity - Leviton

Introducing Durable, Secure A/V Connectivity - Graybar · Introducing Durable, Secure A/V Connectivity ... SGB-MAAP – Device Plate ... Wiremold manufactures many additional pathway

1 Cost-effective, Secure, Reliable Wireless Connectivity