Implement container safety automation with Red Hat OpenShift

Source: Internet
Author: User

Tags: important local program hat Web App implementation name identifier No

As businesses increasingly benefit from Red Hat openshift and containers are being automated in their application deployment, it is important to introduce automated container security. The OpenShift platform itself contains a number of very capable built-in security automation features that should definitely be used. However, given the automation runtime security to prevent the critical nature of * * * and * * *, many organizations and use cases also want to use advanced kubernetes container security features that provide deeper visibility and security for production environments. In fact, container deployments are as susceptible to ****** and internal threats as traditional environments. Also, security measures must be implemented to protect the full CI/CD container deployment lifecycle throughout the build, release, and run-time phases.

The containerized environment poses a relatively unique security challenge, including tracking all pods and containers as they move up and down within (and across) nodes. These pods produce a large amount of things network traffic-and its traffic is especially difficult to see (so it's a challenge to ensure that connections don't play a positive role in use or * * *). At the same time, many businesses are using open-source software, and loopholes are constantly being discovered. Due to the dynamic nature of containerized environment, the artificial safety method cannot meet the requirement, and the automatic safety rules must be established.

Traditional security tools, such as Host Security and Web application Firewalls (WAFS), also turn a blind eye to container transport, and there is no benefit to container * * *. OpenShift and Kubernetes are at risk of many types of vulnerabilities at run time, which need to be detected on layer 7th (viewing packets and protocols to provide authentication) or in pod and host processes. To meet these needs, Neuvector built a container firewall, which is a container itself, so it can be automatically deployed and updated as an application container, and is suitable for CI/CD processes. When deployed to each OpenShift worker node, the Neuvector tool can check container traffic, find a running container, and build a whitelist of audited traffic to protect those containers. This includes automatic threat detection for common * * * * * * *, and application isolation based on layer 7th networks. Image Title

The integration of the Neuvector with the Redhatopenshift platform simplifies the implementation of these advanced automation security features OpenShift. This also contains several specific and useful features, including:

Image vulnerability scanning, enabling enforcement via OpenShift
Using the Jenkins plug-in, the Neuvector tool scans the image during the build process and then assigns tags where the vulnerability is detected. OpenShift has the ability to control container deployment based on these tags. As a result, OpenShift is able to intelligently identify and prevent the deployment of vulnerable containers while allowing safe containers to be deployed through neuvector scanning and tagging.

Automatic Local registry image scanning
When an image is pushed to the local OpenShift registry, Neuvector performs an automatic scan to determine if the images contain any vulnerabilities. These scans can be customized to meet certain preferences, such as checking only a specific selection of directories.

Role-based access control (RBAC)
Image Title

RBAC configured in OpenShift will be automatically read and mapped to Neuvector. Access to Neuvector consoles and APIs can be easily controlled with existing users and their roles and permissions. In this way, you can set and restrict access so that specific users can understand network connectivity and security events as needed so that they have the required range. For example, a developer with project Access can gain read-only access to this visibility, while a Cluster administrator can access each project in Neuvector so that they can properly manage and check security policies.

Run-time security policy rules
With Neuvector, you can automatically create policy rules that effectively isolate application network traffic and container processes. With NEUVECTORRESTAPI, rules can be set programmatically and integrated with the OpenShift deployment pipeline. The neuvector policy rule set can also use OpenShift identifiers, such as project names (namespaces), labels, and so on.

By integrating Neuvectorandopenshift, the built-in security features offered by the OpenShift platform can also be extended to seamlessly automate runtime security, enabling effective protection throughout the lifecycle of container-based deployments.

Implement container safety automation with Red Hat OpenShift

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Tags Index: