80
SECURING MICROSERVICES Berlin Microservices Meetup October 2015

BETA - Securing microservices

Embed Size (px)

Citation preview

Page 1: BETA - Securing microservices

SECURING MICROSERVICESBerlin Microservices Meetup October 2015

Page 2: BETA - Securing microservices

SECURING MICROSERVICESBerlin Microservices Meetup October 2015

Page 3: BETA - Securing microservices

@samnewman

Page 4: BETA - Securing microservices

@samnewman

Sam Newman

Building MicroservicesDESIGNING FINE-GRAINED SYSTEMS

Page 5: BETA - Securing microservices

@samnewman

Page 6: BETA - Securing microservices

@samnewmanhttps://www.flickr.com/photos/seattlemunicipalarchives/4058808950

Page 7: BETA - Securing microservices

@samnewmanhttps://www.flickr.com/photos/theseanster93/485390997/

Page 8: BETA - Securing microservices

@samnewman

http://map.norsecorp.com/

Page 9: BETA - Securing microservices

@samnewman

Page 10: BETA - Securing microservices

@samnewman

Page 11: BETA - Securing microservices

@samnewman

S/M TestsBuild Large Tests Production

Security? Security?

Page 12: BETA - Securing microservices

@samnewman

S/M TestsBuild Large Tests Production

Security? Security?

Page 13: BETA - Securing microservices

@samnewmanhttps://www.microsoft.com/en-us/sdl/

Page 14: BETA - Securing microservices

@samnewman

Page 15: BETA - Securing microservices

@samnewman

Prevention

Page 16: BETA - Securing microservices

@samnewman

Prevention Detection

Page 17: BETA - Securing microservices

@samnewman

Prevention Detection

Response

Page 18: BETA - Securing microservices

@samnewman

Prevention Detection

ResponseRecovery

Page 19: BETA - Securing microservices

@samnewman

Prevention Detection

ResponseRecovery

Page 20: BETA - Securing microservices

@samnewman

Prevention Detection

ResponseRecovery

Page 21: BETA - Securing microservices

@samnewmanhttps://www.flickr.com/photos/adulau/15680439035/

Page 22: BETA - Securing microservices

@samnewmanhttps://www.flickr.com/photos/duanestorey/469163789/

Page 23: BETA - Securing microservices

@samnewman

https://www.schneier.com/paper-attacktrees-ddj-ft.html

Page 24: BETA - Securing microservices

@samnewman

Open Safe

Page 25: BETA - Securing microservices

@samnewman

Open Safe

Pick Lock Learn Combo Cut Open

Page 26: BETA - Securing microservices

@samnewman

Open Safe

Pick Lock Learn Combo Cut Open

Find Written Combo

Get Combo from the target

Page 27: BETA - Securing microservices

@samnewman

Open Safe

Pick Lock Learn Combo Cut Open

Find Written Combo

Get Combo from the target

Blackmail Threaten Bribe

Page 28: BETA - Securing microservices

@samnewman

Open Safe

Pick Lock Learn Combo Cut Open

Find Written Combo

Get Combo from the target

Blackmail Threaten Bribe

Impossible

Impossible ImpossiblePossible

Possible

Possible

Page 29: BETA - Securing microservices

@samnewman

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Page 30: BETA - Securing microservices

@samnewman

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Transport Security

Page 31: BETA - Securing microservices

@samnewman

HTTPS Everywhere!

Page 32: BETA - Securing microservices

BENEFITS OF HTTPS?

18

Page 33: BETA - Securing microservices

BENEFITS OF HTTPS?

▫︎ Server guarantees!

18

Page 34: BETA - Securing microservices

BENEFITS OF HTTPS?

▫︎ Server guarantees!

▫︎ Payload not manipulated…

18

Page 35: BETA - Securing microservices

BENEFITS OF HTTPS?

▫︎ Server guarantees!

▫︎ Payload not manipulated…

▫︎…but no client guarantee and…

18

Page 36: BETA - Securing microservices

BENEFITS OF HTTPS?

▫︎ Server guarantees!

▫︎ Payload not manipulated…

▫︎…but no client guarantee and…

▫︎…certificates can be a pain

18

Page 37: BETA - Securing microservices

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Page 38: BETA - Securing microservices

@samnewman

https://letsencrypt.org/

Page 39: BETA - Securing microservices

@samnewman

Page 40: BETA - Securing microservices

CLIENT-SIDE CERTIFICATES?

22

Page 41: BETA - Securing microservices

CLIENT-SIDE CERTIFICATES?

▫︎Client guarantees!

22

Page 42: BETA - Securing microservices

CLIENT-SIDE CERTIFICATES?

▫︎Client guarantees!

▫︎…but a PITA to manage….

22

Page 43: BETA - Securing microservices

@samnewman

http://techblog.netflix.com/2015/09/introducing-lemur.html

Page 44: BETA - Securing microservices

@samnewman

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Page 45: BETA - Securing microservices

@samnewman

Auth?

Page 46: BETA - Securing microservices

@samnewman

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Web browsers

Form AuthOAuth

Page 47: BETA - Securing microservices

@samnewman

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Web browsers

Form AuthOAuth

User service

Page 48: BETA - Securing microservices

@samnewman

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Web browsers

Form AuthOAuth

User service

Page 49: BETA - Securing microservices

@samnewman

Confused Deputy Problem!

Page 50: BETA - Securing microservices

@samnewman

Data At Rest?

Page 51: BETA - Securing microservices

@samnewman

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User serviceUser

service

Page 52: BETA - Securing microservices

@samnewman

Aside: Docker

Page 53: BETA - Securing microservices

@samnewman

http://www.banyanops.com/blog/analyzing-docker-hub/

Page 54: BETA - Securing microservices

@samnewman

Patch Your Stuff

Page 55: BETA - Securing microservices

@samnewman33

Prevention Detection

ResponseRecovery

Page 56: BETA - Securing microservices

@samnewman33

Prevention Detection

ResponseRecovery

Page 57: BETA - Securing microservices

@samnewmanhttps://www.qualys.com/research/top10/

Page 58: BETA - Securing microservices

@samnewman

Polyglot = more stuff to track!

Page 59: BETA - Securing microservices

@samnewman

https://www.modsecurity.org/

Page 60: BETA - Securing microservices

@samnewman37

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

Page 61: BETA - Securing microservices

@samnewman37

Catalog service

Music Web Shop

Recommend service

Royalty service

Mobile app

Web browsers

User service

PERIMITER SECURITY!

Page 62: BETA - Securing microservices

@samnewmanCC Attribution 2.0 Generic https://www.flickr.com/photos/flissphil/52158537/

https://www.flickr.com/photos/flissphil/52158537/
Page 63: BETA - Securing microservices

@samnewman

http://www.extremetech.com/computing/190959-shellshock-a-deadly-new-vulnerability-that-could-lay-waste-to-the-internet

Page 64: BETA - Securing microservices

@samnewman

Page 65: BETA - Securing microservices

@samnewmanhttps://haveibeenpwned.com/

Page 66: BETA - Securing microservices

@samnewman42

Prevention Detection

ResponseRecovery

Page 67: BETA - Securing microservices

@samnewman42

Prevention Detection

ResponseRecovery

Page 68: BETA - Securing microservices

@samnewman

Page 69: BETA - Securing microservices

@samnewman

Page 70: BETA - Securing microservices

@samnewman

Page 71: BETA - Securing microservices

@samnewmanhttp://krebsonsecurity.com/tag/target-data-breach/

Page 72: BETA - Securing microservices

@samnewman

Comms

Page 73: BETA - Securing microservices

@samnewman

Page 74: BETA - Securing microservices

@samnewman4949

Prevention Detection

ResponseRecovery

Page 75: BETA - Securing microservices

@samnewman4949

Prevention Detection

ResponseRecovery

Page 76: BETA - Securing microservices

@samnewman

Backups

Page 77: BETA - Securing microservices

@samnewman

Burn it all down

Page 78: BETA - Securing microservices

@samnewman

Comms

Page 79: BETA - Securing microservices

@samnewman535353

Prevention Detection

ResponseRecovery

Page 80: BETA - Securing microservices

@samnewman [email protected]

THANKS!

mailto:[email protected]

The Technical Journey to Microservices - Microservices UX

The Technical Journey to Microservices - Microservices UX

Documents
DIMITRIS PIKOULAS MANAGER, CLOUD AND SECURITY … · dimitris pikoulas manager, cloud and security. container security: securing your containerized . microservices

DIMITRIS PIKOULAS MANAGER, CLOUD AND SECURITY … · dimitris pikoulas manager, cloud and security. container security: securing your containerized . microservices

Documents
Driving Partnership Between Security and Development · 2020-02-26 · microservices in our environment and set the standard for securing a microservice. The standards were implemented

Driving Partnership Between Security and Development · 2020-02-26 · microservices in our environment and set the standard for securing a microservice. The standards were implemented

Documents
UniVerse · C:\Program Files\Adobe\FrameMaker8\UniVerse 10.3\10.3rebranded\admin\Front.fm March 12, 2010 10:24 am Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta

UniVerse · C:\Program Files\Adobe\FrameMaker8\UniVerse 10.3\10.3rebranded\admin\Front.fm March 12, 2010 10:24 am Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta

Documents
Securing Microservices on AWS v2 - Cyber Security Summit · control of encryption keys CloudHSM Hardware-based key storage Server-Side Encryption Flexible data encryption options

Securing Microservices on AWS v2 - Cyber Security Summit · control of encryption keys CloudHSM Hardware-based key storage Server-Side Encryption Flexible data encryption options

Documents
Microservices and Prometheus (Microservices NYC 2016)

Microservices and Prometheus (Microservices NYC 2016)

Internet
ARCHITECTURING AND SECURING IOT PLATFORMS · PDF fileRevoke destroys stateless approach -so use just for session ... Securing Microservices ... -Secure the microservice API with authentication

ARCHITECTURING AND SECURING IOT PLATFORMS · PDF fileRevoke destroys stateless approach -so use just for session ... Securing Microservices ... -Secure the microservice API with authentication

Documents
Securing Microservices with Spring Cloud Security

Securing Microservices with Spring Cloud Security

Technology
An intelligent fuzzy beta reputation model for …...An intelligent fuzzy beta reputation model for securing information in P2P health care applications. Mary Subaja Christo1*, Meenakshi

An intelligent fuzzy beta reputation model for …...An intelligent fuzzy beta reputation model for securing information in P2P health care applications. Mary Subaja Christo1*, Meenakshi

Documents
Microservices: Aren't Microservices Just SOA?

Microservices: Aren't Microservices Just SOA?

Technology
Of microservices and microservices

Of microservices and microservices

Software
Environment Securing Microservices in a Zero Trust · Securing Microservices in a Zero Trust Environment Prabath Siriwardena prabath@wso2.com | prabath@apache.org

Environment Securing Microservices in a Zero Trust · Securing Microservices in a Zero Trust Environment Prabath Siriwardena [email protected] | [email protected]

Documents
Microservices & Serverless - clnv.s3.amazonaws.com · Why Microservices? … and when! Applying Twelve Factors Applying Microservices Design principles Demos, demos, demos Microservices

Microservices & Serverless - clnv.s3.amazonaws.com · Why Microservices? … and when! Applying Twelve Factors Applying Microservices Design principles Demos, demos, demos Microservices

Documents
Chapter 1: Serverless Microservices Architectures and Patterns · Chapter 4: Testing Your Serverless Microservice. Chapter 5: Securing Your Microservice. Request 1 Request 2 Response

Chapter 1: Serverless Microservices Architectures and Patterns · Chapter 4: Testing Your Serverless Microservice. Chapter 5: Securing Your Microservice. Request 1 Request 2 Response

Documents
MICROSERVICES. MICROSERVICES CON WSo2. · PDF file1 Microservices. icroservices on So2 Sunqu 2016 WhitePaper MICROSERVICES. MICROSERVICES CON WSo2. por Julio Cejas - IT Advisor SUNQU

MICROSERVICES. MICROSERVICES CON WSo2. · PDF file1 Microservices. icroservices on So2 Sunqu 2016 WhitePaper MICROSERVICES. MICROSERVICES CON WSo2. por Julio Cejas - IT Advisor SUNQU

Documents
MICROSERVICES - blog.douglampe.comblog.douglampe.com/.../2019/03/Microservices-Little... · Microservices Concerns Service Registry/Discovery ... Distributed Transactions. Service

MICROSERVICES - blog.douglampe.comblog.douglampe.com/.../2019/03/Microservices-Little... · Microservices Concerns Service Registry/Discovery ... Distributed Transactions. Service

Documents
Building microservices .net - Dublin Microservices UG 20160928

Building microservices .net - Dublin Microservices UG 20160928

Software
Securing Microservices

Securing Microservices

Technology
Microservices - Was EAs zu Microservices wissen sollten

Microservices - Was EAs zu Microservices wissen sollten

Technology
Securing Microservices on AWS v2 - Cyber Security Summit · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Splitting Monoliths Ten Years Ago

Securing Microservices on AWS v2 - Cyber Security Summit · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Splitting Monoliths Ten Years Ago

Documents
ZSi BETA Hydraulic Clamps™...– 2 – Beta Clamps are an economical and easy way of securing pipe, tube, hose, and electrical cables. They are used in industrial, mobile and marine

ZSi BETA Hydraulic Clamps™...– 2 – Beta Clamps are an economical and easy way of securing pipe, tube, hose, and electrical cables. They are used in industrial, mobile and marine

Documents
FromtheMonolithto% Microservices: … · 2015-05-27 · Java / Scala ! microservices . Evolutionto%% Microservices8 • The Monolith • The Microservices Ecosystem • Migrating

FromtheMonolithto% Microservices: … · 2015-05-27 · Java / Scala ! microservices . Evolutionto%% Microservices8 • The Monolith • The Microservices Ecosystem • Migrating

Documents
MICROSERVICES ARE NOT WORTH THE TROUBLE..?? · Microservices reinforce modular structure, particularly important for large teams Microservices are decoupled by definition Microservices

MICROSERVICES ARE NOT WORTH THE TROUBLE..?? · Microservices reinforce modular structure, particularly important for large teams Microservices are decoupled by definition Microservices

Documents
Microservices At Gilt - NYC Microservices Meetup

Microservices At Gilt - NYC Microservices Meetup

Engineering
Microservices Modularity · ... microservices architecture. ... Liferay Database. Domain Model

Microservices Modularity · ... microservices architecture. ... Liferay Database. Domain Model

Documents
Securing Microservices using Play and Akka HTTP

Securing Microservices using Play and Akka HTTP

Technology
Lions, Tigers and Deers: What building zoos can teach us about securing microservices?

Lions, Tigers and Deers: What building zoos can teach us about securing microservices?

Engineering
Securing Enterprise Securing Enterprise Securing Enterprise

Securing Enterprise Securing Enterprise Securing Enterprise

Technology
Microservices & Containers - Pneuron · Microservices & Containers The Pneuron Perspective. ... The Rise of Microservices Microservices is an architectural style for application

Microservices & Containers - Pneuron · Microservices & Containers The Pneuron Perspective. ... The Rise of Microservices Microservices is an architectural style for application

Documents
Microservices or not to Microservices - SUSE · Microservices or not to Microservices What does the Chameleon say? Cameron Seader Technology Strategist cs@suse.com Federica Teodori

Microservices or not to Microservices - SUSE · Microservices or not to Microservices What does the Chameleon say? Cameron Seader Technology Strategist [email protected] Federica Teodori

Documents