Avoid Kubernetes security risks with hardening best practices

Presented by

Henry Coggill: Compliance PM, Lech Sandecki: Ubuntu Pro PM, Alex Jones: Engineering Director, Kubernetes

About this talk

Hardening a system is synonymous with reducing its attack surface: remove unnecessary software packages, lock down default values to the tightest possible settings and configure the system to only run what you explicitly require. Why would you want to harden your infrastructure and systems to start with? Isn’t Linux secure enough already? A fully secure system is made up of many layers, from the hardware to the operating system and the application servers running your mission-critical code. Because system hardening is so important to so many organisations, industry standards have been developed to gather the best practices from across the world and formulate a common approach. The Center for Internet Security (CIS) publishes hardening benchmarks for many common software applications and operating systems, including Ubuntu and Kubernetes. In this webinar we will cover: Hardening from OS to the application layer Ubuntu Security Guide (USG) for automated remediation and auditing How to harden Kubernetes running on Ubuntu Charmed Kubernetes: the fully-automated multi-cloud distribution K8s Security: CIS, AppArmor, Vault integration, and OpenSCAP scanning Underpinning any robust deployment is Ubuntu Pro’s 10-year security maintenance guarantee. Ubuntu Pro also provides the USG tool to automate hardening and auditing for profiles such as the CIS benchmarks, or DISA-STIG for missions deployed within US DoD networks.
Related topics:

More from this channel

Upcoming talks (7)
On-demand talks (405)
Subscribers (164882)
Get the most in depth information about the Ubuntu technology and services from Canonical. Learn why Ubuntu is the preferred Linux platform and how Canonical can help you make the most out of your Ubuntu environment.