Defense in Depth in OpenShift

Anthony Golia

Published Oct 31, 2016

The blog post below does a good job describing some of the security layers in OpenShift/Kubernetes. Here are some highlights:

"There are multiple levels of security and a lot of history involved in securing containers on Linux. Linux namespaces, SELinux, and CGroups are three of the of the main players."

"By default, since OpenShift maintains a secure by default posture, you can’t run containers as root."

"SELinux is the brick wall that’s going to stop you if you manage to break out of (accidentally or on purpose) from the namespace abstraction."

But that blog post doesn't mention a recent achievement: Common Criteria Security Certification for Red Hat Enterprise Linux 7.

"...this achievement also marks our flagship operating system as the first to bring a framework for Linux container technology into the world of more secure, certified computing."

To view or add a comment, sign in

More articles by Anthony Golia

Making risk analytics actionable

Sep 7, 2017

Making risk analytics actionable

"In a changing market, with stringent regulatory requirements, it is difficult to quickly and accurately calculate and…
FINANCIAL SERVICES AND CONTAINER TECHNOLOGY

Jul 28, 2017

FINANCIAL SERVICES AND CONTAINER TECHNOLOGY

Check out this article on how some of the Financial Services Industry are making use of containers to drive innovation.…

1 Comment
SQL Server Performance Record

Apr 20, 2017

SQL Server Performance Record

"In the world of heterogeneous data centers – having multiple operating systems running on different hardware platforms…

1 Comment
The Benefits of Putting Monolith Systems in Containers

Dec 7, 2016

The Benefits of Putting Monolith Systems in Containers

The reality is that many large financial services enterprises have a lot of monolith style systems. There is a lot of…

2 Comments
Check out this article on Insightful Applications

Sep 19, 2016

Check out this article on Insightful Applications

What is Red Hat doing to enable Insightful Applications? Lots. Recently and with much more to come in this space.
Containers:

Sep 8, 2016

Containers:

I discuss a bit about containers in part three of my four part post about devops, microservices, containers, and cloud…

2 Comments
Check out this doc on Digital Transformation

Aug 30, 2016

Check out this doc on Digital Transformation

https://www.capgemini.
Check Out This post On Microservices

Aug 11, 2016

Check Out This post On Microservices

I like posts that tell you how to do things as opposed to why. Well, at least when it comes to microservices.
Check out this video on how to get code to production faster and safer

Aug 3, 2016

Check out this video on how to get code to production faster and safer

Holistic CI/CD example solution using Node.js, Vert.
Actionable Guidance for IT Managers on DevOps, Microservices, Containers, and Cloud (part 4 of 4)

Jul 11, 2016

Actionable Guidance for IT Managers on DevOps, Microservices, Containers, and Cloud (part 4 of 4)

When implemented correctly, DevOps, Microservices, Containers, and Cloud Computing allow an IT team to simultaneously…

2 Comments

See all articles

More articles by Anthony Golia

Making risk analytics actionable

FINANCIAL SERVICES AND CONTAINER TECHNOLOGY

SQL Server Performance Record

The Benefits of Putting Monolith Systems in Containers

Check out this article on Insightful Applications

Containers:

Check out this doc on Digital Transformation

Check Out This post On Microservices

Check out this video on how to get code to production faster and safer

Actionable Guidance for IT Managers on DevOps, Microservices, Containers, and Cloud (part 4 of 4)

Explore content categories