Upload File

how not to have a ‘bad time’ securing your micro-services · how not to have a ‘bad time’...

  • Home
  • Documents
  • How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | [email protected]
16
How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | [email protected]

Upload: others

Post on 21-May-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

How not to have a ‘bad time’

securing your micro-services

Or, how to avoid firewall hell@liljenstolpe | [email protected]

Page 2: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org
Page 3: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Remember  3-­‐tier  architectures?

Page 4: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Getting  Medieval

Page 5: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Fast  forward  to  the  present

Page 6: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Increased  complexity

Page 7: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Resource  Fungibility

Page 8: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Tear  down  the  walls?

Page 9: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

The  opportunity?

Page 10: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

The  opportunity?

Page 11: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

PSA:  Do  not  use  port  mapping

NetworkFabric80  <-­‐>  5389

Port  80

Port  80

4397<-­‐>80

Page 12: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

The  Distributed  Firewall

NetworkFabric

Routing

10.0.0.1

192.168.1.2

192.168.1.1

Routing10.0.0.2

192.168.1.3

192.168.1.4

Page 13: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Project  Calico  architecture

RouteReflector

Kernel

Routing

10.0.0.2

192.168.1.3

192.168.1.4

Routes

iptablesFelix

BGP

Page 14: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

admin-ui.yaml

kind:  NetworkPolicyapiVersion:  net.alpha.kubernetes.io/v1alpha1metadata:

namespace:  defaultname:  allow-­‐ui

spec:podSelector:ingress:-­‐ from:

-­‐ namespaces:role:  management-­‐ui

Metadata

Empty selector applies to all pods

Allow from management namespace

Page 15: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Network  Intent

Page 16: How not to have a ‘bad time’ securing your micro-services · How not to have a ‘bad time’ securing your micro-services Or, how to avoid firewall hell @liljenstolpe | cdl@projectcalico.org

Thank’s for  watching

•Main  project  website:  www.projectcalico.org•https://github.com/Metaswitch/calico•http://lists.projectcalico.org/listinfo/calico•Download  &  try  it  out•We  welcome  your  feedback  and  contributions• Follow  us                @projectcalico• Follow  me                @liljenstolpe


Securing SQL Azure DB? How?

How Bad Is It

Rosenblum How Bad Was It

Great Tips in Securing Bad Credit Car Loans

How Bad is Sin?

How To Be the Bad Guy Without Being Bad

11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES Explain how to secure remote connections. Describe how

How to inform bad news toHow to inform bad news to … · 2016-12-27 · How to inform bad news toHow to inform bad news to cacancerncer patpatients?ients? 성빈센트병원종양내과

Securing Wireless Localization: Living with Bad Guys

2009 Gang Report South Carolina - how much how bad?

It's Not How Bad You Are, It's How Bad You're Born To Be

How F ertilizer is Bad?

Under the Water Bucket Now Lockout Lockout How bad is bad?

Lisp: Good News Bad News How to Win Big - UNamur its future.pdf · Lisp: Good News Bad News How to Win Big Up: Lisp: Good News Bad News How to Win Big Lisp: Good News Bad News How

Neither Bad Apple nor Bad Barrel – How the Societal ...BIB_1D8DBCDDCA25.P001/REF.pdf · Bad Apple or Bad Barrel? –Bad Larder! 2 Neither Bad Apple nor Bad Barrel – How the Societal

How Bad was Lehman Shock?:How Bad was Lehman …ifd/doc/MP-20110807-slide5.pdfHow Bad was Lehman Shock?:How Bad was Lehman Shock?: Estimating a DSGE model with Firm and Bank BalanceSheetsinaDataBalance

How to Cure Bad Breath

Securing Office 365 for free - MACUMA€¦ · Securing Office 365 for free. Office 365 Threat Landscape How are the bad guys attacking you? 2. Threat Landscape Attackers are focusing

Agency theory and performance appraisal: How bad theory ... · Agency theory and performance appraisal: How bad theory damages learning and contributes to bad management practice

how to convey bad news

How to Battle Bad Reviews

How to Fight Bad Reviews

How Do I Break Bad News

How to Handle Bad Debt

How not to have a 'bad time' securing your micro-services

Bouncer securing software by blocking bad input

Survey: How Companies Are Securing Critical Data

How to avoid bad business partnerships

Stop the Bad Guys Cold: Securing Your Mobile Data · Stop the Bad Guys Cold: Securing Your Mobile Data ... Security numbers and health history were among the personal ... so that

Bad cops or bad training? How police officer training

How Securing Digital Identities & Information Can Help ......How Securing Digital Identities & Information Can Help Transform Your Business ... digital world. Identity and ... information

How Bad Is Rape?

How to Prevent Bad Debts?

How to-spot-bad-seo-services

GLOBAL BRANDS IN A SEMIGLOBALIZED WORLD: SECURING THE GOOD ... · Global Brands in a Semiglobalized World – Securing the Good and Avoiding the Bad ... standardization for different