Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Container firewall guide Cloud-Native Container Firewalls A Comparison Of Container Firewalls vs Next Generation Firewalls vs Web Application Firewalls ? NeuVector Inc CCONTINUOUS NETWORK SECURITY FOR CONTAINERS Container Firewalls vs NGFWs vs WAFs What i

Cloud-Native Container Firewalls A Comparison Of Container Firewalls vs Next Generation Firewalls vs Web Application Firewalls ? NeuVector Inc CCONTINUOUS NETWORK SECURITY FOR CONTAINERS Container Firewalls vs NGFWs vs WAFs What is a Container Firewall And how is it di ?erent than a Next Generation Firewall and a Web Application Firewall Containers and microservices are revolutionizing computing But can ?rewalls help secure these Next Generation Firewalls NGFW were supposed to handle the latest threats and data center designs but fall short in the new cloud microservices environments Web Application Firewalls WAF provide dedicated protection from malicious HTTP clients attacking web front-ends but are not designed for internal application protection Before we get into the feature comparison of NGFWs WAFs and container ?rewalls let ? s take a look at the attributes of containers and microservices Containers are part of a larger trend toward virtualized application workloads Virtualized workloads whether they are containers IoT devices or serverless computing provide a wealth of declarative meta-data from which security policies and decisions can be derived Attributes of Microservices ?? An Explosion of East-West Tra ?c The migration from monolithic applications to container-based microservices brings many bene ?ts but also changes communication patterns The most signi ?cant change from a networking and security view is that there is now an explosion of East-West or internal tra ?c within hosts and between hosts While each running container can be hardened and expose limited interfaces there are also many more opportunities for attackers to probe and ?nd vulnerabilities Containers are designed to be deployed in seconds and an orchestration system can launch new containers on the same hosts or across hosts depending on service demands and host resources available Each container has its own mapped network interfaces which get assigned and deallocated on the y ? NeuVector Inc info neuvector com CCONTINUOUS NETWORK SECURITY FOR CONTAINERS Security Issues of Container Deployments With containers being started and stopped constantly and rapid deployment of updates to applications through a continuous integration and continuous delivery CI CD pipeline it becomes very di ?cult to monitor and secure container tra ?c at the network layer NGFWs and WAFs are designed mainly to be a gateway for external or north-south tra ?c and can ? t protect container tra ?c Not only is it di ?cult for traditional ?rewalls to see east-west internal tra ?c within a host or between hosts it is also impossible for them to keep up with the constant changes as containers launch and disappear As one network security architect put it ??in a containerized world you can ? t be messing with iptables or manually updating ?rewall rules ? Why is it important to monitor containers at run-time One reason is the frequent use of open source software for building container applications Often developers may not understand the application vulnerabilities which are introduced with each open source package or library used And once in production it is easy to lose track of which containers are vulnerable