Istio Cloud Native Online Series - Intro to Istio Security

•Transferir como PPTX, PDF•

3 gostaram•724 visualizações

This talk was presented by Dr. Tao Li on 11/29/2017 at the Cloud Native Online meetup. https://www.meetup.com/Cloud-Native-Online-Meetup/events/245027581/ Summary: In today's talk, Tao will cover the general Istio Security roadmap, including authentication and authorization. And then he will focus on the authentication part from CA to node identity to workload identity. Bio: Dr. Tao Li is a software engineer at Google. He has been with Google for more than 5 years. Currently he serves as a TL of Istio Security, focusing on Authentication, which includes CA, identity provisioning, service-to-service communication, etc. Organized by StackPointCloud - https://stackpoint.io

Internet

Confidential & ProprietaryGoogle Cloud Platform 1
An Introduction to Istio Security
Tao Li (lita@google.com)
November 29, 2017

Confidential & ProprietaryGoogle Cloud Platform 2
Problem Statement
IT’s shift to a modern distributed architecture has left
enterprises unable to monitor, manage or secure their
services in a consistent way.

Confidential & ProprietaryGoogle Cloud Platform 3
Istio Overview

Confidential & ProprietaryGoogle Cloud Platform 4
Istio Overview

Confidential & ProprietaryGoogle Cloud Platform 5
Why Security?

Confidential & ProprietaryGoogle Cloud Platform 6

Confidential & ProprietaryGoogle Cloud Platform 7
Istio Security incorporates the learnings of securing millions of service
endpoints in Google’s production environment

Confidential & ProprietaryGoogle Cloud Platform 8
Istio Security Scope

Confidential & ProprietaryGoogle Cloud Platform 9
Istio Security Scopes
● Mutual authentication and encryption between Istio endpoints
○ Based on service accounts
○ Encoded in x509 cert
○ Mutual TLS (mTLS) between client/server proxies (Envoy)
● Support additional authN
○ TLS + JWT for end user authentication
● Security policy to allow fine control
○ A unique interface to config Authn/Authz/Audit policy

Confidential & ProprietaryGoogle Cloud Platform 10
Service-to-service mTLS Communication

Confidential & ProprietaryGoogle Cloud Platform 11
Securing the service communication
SAN: “spiffe://myorg.com/ns/default/sa/team1”
EnvoyFrontend Envoy Backend
SAN: “spiffe://myorg.com/ns/default/sa/team2”
Client Server
K8s PodK8s Pod

Confidential & ProprietaryGoogle Cloud Platform 12
Securing the service communication
EnvoyFrontend Envoy Backend
Client Server
mTLS Handshake
K8s PodK8s Pod

Confidential & ProprietaryGoogle Cloud Platform 13
Securing the service communication
EnvoyFrontend Envoy Backend
Secure Naming Info
Can “spiffe://.../team2” run service
“Backend”?
Client Server
mTLS Handshake
Discovery Service
K8s PodK8s Pod
SAN: “spiffe://.../team2”

Confidential & ProprietaryGoogle Cloud Platform 14
Securing the service communication
EnvoyFrontend Envoy Backend
Secure Naming Info
Client Server
mTLS Handshake
Discovery Service Mixer
AuthZ
Should I accept “spiffe://...//team1”?
K8s PodK8s Pod
SAN: “spiffe://.../team1”

Confidential & ProprietaryGoogle Cloud Platform 15
Securing the service communication
EnvoyFrontend Envoy Backend
Secure Naming Info
Secure data transmission
Client Server
mTLS Handshake
Discovery Service Mixer
AuthZ
K8s PodK8s Pod

Confidential & ProprietaryGoogle Cloud Platform 16
Service Identity Provisioning

Envoy Service2
VM/Bare-metal machine
Node Agent
CSR
Identity Provisioning
Isito CA
Pod
EnvoyService1
K8s Node
Volume mount
K8s ApiServer

EnvoyService1 Envoy Service2
VM/Bare-metal machine
Node Agent
CSR
K8s Node
Identity Provisioning
Isito CA
Node Agent
CSR
Pod

Confidential & ProprietaryGoogle Cloud Platform 19
Roadmap
● Istio Security on Hybrid
● End-User Authentication
● Security Policy
● Pluggable CA Support (e.g., Vault)
● Incremental Istio Security Adoption

Confidential & ProprietaryGoogle Cloud Platform 20
Questions?
istio-security@googlegroups.com

Mais conteúdo relacionado

Mais procurados

Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan

VMware Tanzu

This talk explains what what Pod Security Policy is and it's importance in Kubernetes Security. The talk also takes a look at the current situation of docker hub's popular images and helm charts repository. This talk stresses on the fact that having PSP enabled the right way is absolutely necessary for the real security of the cluster. Link to the demos: What is Pod Security Policy? https://www.youtube.com/watch?v=nrWRMP94vqc Kubernetes Hostpath exploit thrawted with Pod Security Policy https://www.youtube.com/watch?v=APS0CfD6DsE

Hardening Kubernetes by Securing Pods

Suraj Deshmukh

Kubernetes Security Updates from Kubecon 2018 Seattle

Suraj Deshmukh

In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates. Then we will use the certificates we make to bootstrap Consul, Vault, and Nomad clusters with mTLS enabled so we can get familiar with terminology and error messages. Finally, we will look at their source code to learn how we might implement the same ideas in our projects.

HashiTLS Demystifying Security Certs

Mitchell Pronschinske

On demand version can be accessed at https://www.nginx.com/resources/webinars/mra-ama-part-7-circuit-breaker-pattern/ The circuit breaker pattern is an emerging standard for use in app development and deployment, particularly with microservices apps. Popular architectures such as Istio and linkerd use the circuit breaker pattern for resiliency. This pattern is an important component in what can become fully resilient, “self-healing” application architectures. In this webinar, we describe the use of the circuit breaker pattern with NGINX Plus, which has specific features that support the use of this pattern, and in the NGINX Microservices Reference Architecture. Attendees of the live webinar will have the opportunity to ask questions.

MRA AMA Part 7: The Circuit Breaker Pattern

NGINX, Inc.

On demand recording: nginx.com/watch-on-demand/?id=modsecurity-and-nginx-tuning-the-owasp-core-rule-set In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn: - How to install the OWASP Core Rule Set (CRS) with ModSecurity - About the types of attacks the CRS blocks, such SQLi, RFI, and LFI - How to tune the CRS to minimize false positives - What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log

ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)

NGINX, Inc.

Container Security Deep Dive & Kubernetes

Aqua Security

Compute Security - Container Security

Eng Teong Cheah

SRE Tech Talk meetup - 28/05/2019 at Paris. Presenting Kubernetes at NoSQL. Managing stateful applications is not an easy task. Getting them working at scale on +4500 servers world wide starts to be very time consuming. We'll talk about challenges we've been facing when moving from a full configuration manager (chef) solution to a mixed solution with a scheduler (Kubernetes). We'll also talk about the pitfalls to avoid when switching to a scheduler for stateful apps.

Criteo meetup - S.R.E Tech Talk

Pierre Mavro

Whats new in brigade 2

LibbySchulze

Kubernetes, Terraform, Vault, and Consul

CloudOps2005

容器革命的「利」與「必」

inwin stack

Securing k8s With Kubernetes Goat

Muhammad Yuga Nugraha

Apahce Ignite

Philip Zheng

Microservices - The good, The bad, The does and The don'ts

Frederik Mogensen

Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP

Olivia LaMar

NYC Docker Meetup: Contiv networking on Docker

Sanjeev Rampal

Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security

DevOpsDays Riga

London Hug 20/6 - Vault production

London HashiCorp User Group

Injecting Vault Secrets Into Kubernetes Pods via a Sidecar

Mitchell Pronschinske

Mais procurados (20)

Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan

Hardening Kubernetes by Securing Pods

Kubernetes Security Updates from Kubecon 2018 Seattle

HashiTLS Demystifying Security Certs

MRA AMA Part 7: The Circuit Breaker Pattern

ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)

Container Security Deep Dive & Kubernetes

Compute Security - Container Security

Criteo meetup - S.R.E Tech Talk

Whats new in brigade 2

Kubernetes, Terraform, Vault, and Consul

容器革命的「利」與「必」

Securing k8s With Kubernetes Goat

Apahce Ignite

Microservices - The good, The bad, The does and The don'ts

Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP

NYC Docker Meetup: Contiv networking on Docker

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security

London Hug 20/6 - Vault production

Injecting Vault Secrets Into Kubernetes Pods via a Sidecar

Semelhante a Istio Cloud Native Online Series - Intro to Istio Security

PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud

Rohit Agarwalla

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability and control. You have to know what you have and where it is before you can assess the environment against best practices and internal or compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says: "Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?" That's the level of granularity you can choose to implement if you wish.

Understanding AWS security

Amazon Web Services

Cisco and Google Cloud experts join TechWiseTV to demonstrate how you can use the Cisco Hybrid Cloud Platform for Google Cloud as a DevOps platform that works consistently across data center and public cloud environments. You’ll learn how to take advantage of containers, microservices, public cloud toolsets, and other modern cloud development innovations while having the flexibility to deploy your applications wherever they run best. With integrated connectivity, security, management, and control, your applications will operate consistently from prem to cloud and back again. Resources: Watch the replay: http://cs.co/9007DawLd TechWiseTV: http://cs.co/9009DzrjN

TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud

Robb Boyd

Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...

ldangelo0772

Nagios Conference 2013 - Fernando Hönig - Distributed Monitoring and Cloud Sc...

Nagios

During this session Ben Lackey (DataStax) and Ravi Madasu (Google) will cover best practices for quickly setting up a cluster on Google Cloud Platform (GCP) using both Google Compute Engine (GCE) and Google Container Engine (GKE) which is based on Kubernetes and Docker. About the Speakers Ben Lackey Partner Architect, DataStax I work in the Cloud Strategy group at DataStax where I concentrate on improving the integration between DataStax Enterprise and cloud platforms including Azure, GCP and Pivotal. Ravi Madasu Ravi Madasu is a program manager at Google, primarily focused on Google Cloud Launcher. He works closely with ISV partners to make their products and services available on the Google Cloud Platform providing a developer friendly deployment experience. He has 15+ years of experience, working in variety of roles such as software engineer, project manager and product manager. Ravi received a Masters degree in Information Systems from Northeastern University and an MBA from Carnegie Mellon University.

Cassandra on Google Cloud Platform (Ravi Madasu, Google / Ben Lackey, DataSta...

DataStax

Watch the REPLAY right now: http://bit.ly/2YoLbt3 Enterprise networks are now dealing with massive volumes of data, with a critical need to collect and analyze this data to respond faster and deliver insightful context. Traditional approaches, in which data is processed in remote servers, will no longer work. Data can burden the network unless some context is known. Edge computing can greatly reduce the data sent to the cloud or a remote server. Collecting and analyzing the data at the edge and making decisions locally rather than in centralized servers significantly reduces the latency and bandwidth of the network. Powered by an x86 CPU, the application hosting solution on the Cisco Catalyst 9000 switching family provides the intelligence required at the edge. Native Docker engine support on the switches will enable users to build and bring their own applications without additional packaging. Cisco DNA Center will provide consistent workflows to manage the entire application lifecycle across multiple Cisco Catalyst 9000 switches through the App Hosting dashboard. Resources: Watch the related TechWiseTV episode: http://cs.co/9001EIbih TechWiseTV: http://cs.co/9009DzrjN

TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches

Robb Boyd

OIS-K8-Multicloud.pptx

VoYat

RightScale Webinar: Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. Understanding these differences and the options available to you are key to running a secure cloud environment. Join Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale for a free webinar where industry experts discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure. We will discuss: - What's different about security in the cloud - Shared responsibility - Architectural challenges - Key features to secure your cloud servers - Secure deployment via RightScripts Don't miss out on this opportunity to find out about all you need to secure your cloud servers!

Securing Servers in Public and Hybrid Clouds

RightScale

Network security specialist Catherine Paquetl fills you in on advanced threat protection that integrates real-time contextual awareness, intelligent security automation and superior performance with industry-leading network intrusion prevention, Sourcefire. ABOUT THE PRESENTER Catherine Paquet, CCSI, CCNP Security, CCNP Routing and Switching, is a network security specialist. She began her internetworking career as a LAN manager, then MAN manager, and eventually became a nationwide WAN manager with the Department of National Defence. Paquet lectures around the world on security topics, including firewalls, VPNs, intrusion prevention, identity systems, email and Web security, and router and switch security. During her spare time, she authors Cisco Press books, and she volunteers as a network security analyst to nonprofit organizations. Paquet attended the Royal Military College Saint-Jean (Canada) and holds an MBA in Management Information Systems (MIS) from York University.

Building Up Network Security: Intrusion Prevention and Sourcefire

Global Knowledge Training

he Hosted Security as a Service session provides in depth discussion on cloud based security services leveraging Cisco security solutions. This session is appropriate for service providers who are interested in delivering managed security services to their customer from their cloud infrastructure. We will provide detailed designs and guidance on: - cloud security services including FW, VPN, web and email services - architecture layers through influence of NfV and SDN - KVM and VMware based solutions - orchestration flexibility and options - Day 0 and Day 1 provisioning - Day 2 monitoring and reporting.

Hosted Security as a Service - Solution Architecture Design

Cisco Canada

Join us for a look at the capabilities of Pivotal Cloud Foundry (PCF) 2.3. In addition to demos and expert Q&A, we’ll review the latest features of Pivotal’s flagship app platform, including the following: - Polyglot service discovery - Service instance sharing - Operations manager improvements - New pathways protected by TLS - Spring Cloud Services 2.0 - Improvements to PAS for Windows and Steeltoe.io We’ll also review PKS updates for Pivotal’s Kubernetes service. Attend this session with Jared Ruckle and Pieter Humphrey to learn how PCF helps your peers build better software. Presenters : Pieter Humphrey & Jared Ruckle, Pivotal

Pivotal Cloud Foundry 2.3: A First Look

VMware Tanzu

Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...

VMware Tanzu

Cloud-native applications are increasingly spanning across hybrid and multi-cloud environments such as on-premise data centers, in the cloud (Amazon EKS, Azure AKS, Google Cloud GKE) and at the edge. Customers need to ensure security and resiliency for their cloud-native applications while managing releases through reliable, consistent deployment and runtime policies. In this session, we’ve partnered with Tetrate to showcase how to effectively manage advanced deployments using Weave GitOps. Managing application configurations by different teams across multiple Kubernetes clusters is made possible with Weave GitOps and Tetrate Service Bridge. Using familiar Git workflows, Weave Policy-as-Code enables application engineers to quickly deliver new features safely. Join us as we demonstrate the scenarios where: - All changes to application configuration are managed through Git workflows. - GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters. - Policy-as-Code guarantees security, resilience and coding standards compliance. - Tetrate Service Bridge provides dynamic configuration of application workloads and failover across multiple Kubernetes clusters.

Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...

Weaveworks

Secure Application Development InfoShare 2022

Radu Vunvulea

SymetriQ SICSA

Johnny Paterson

Speaker 1: Rod Soto Speaker 2: Jose Hernandez This presentation shows how to use Splunk to provide the analyst with a comprehensive vision of AWS/GCP/Azure security posture. Presenters will outline how to ingest the audit data provided by open source tool Cloud Security Suite into Splunk to analyze cloud vulnerability, harden multi-cloud deployments and visualize multi-cloud threat surface. Presenters will also demonstrate use cases based on Splunk knowledge objects (Tables, Dashboards, Alerts, Field extractions, Lookups, etc), in order to take advantage of the information provided by various supporting tools like Scout2 and G-Scout projects for cloud API auditing.

Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture

CloudVillage

Using Splunk/ELK for auditing AWS/GCP/Azure security posture

Jose Hernandez

Apigee Edge: Intro to Microgateway

Apigee | Google Cloud

Keyrus customer event_20180515_cloudcases - tupa

Stefan Leoni

Semelhante a Istio Cloud Native Online Series - Intro to Istio Security (20)

PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud

Understanding AWS security

TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud

Cisco at v mworld 2015 cisco-on-demand-private-cloud-for-vmworld-01_sep2015-a...

Nagios Conference 2013 - Fernando Hönig - Distributed Monitoring and Cloud Sc...

Cassandra on Google Cloud Platform (Ravi Madasu, Google / Ben Lackey, DataSta...

TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches

OIS-K8-Multicloud.pptx

Securing Servers in Public and Hybrid Clouds

Building Up Network Security: Intrusion Prevention and Sourcefire

Hosted Security as a Service - Solution Architecture Design

Pivotal Cloud Foundry 2.3: A First Look

Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...

Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...

Secure Application Development InfoShare 2022

SymetriQ SICSA

Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture

Using Splunk/ELK for auditing AWS/GCP/Azure security posture

Apigee Edge: Intro to Microgateway

Keyrus customer event_20180515_cloudcases - tupa

Mais de Matt Baldwin

May Bay Area Kubernetes Meetup: Scalable and reliable Kubernetes on AWS

Matt Baldwin

Application Deployment and Management at Scale at 1&1

Matt Baldwin

Continuous Deployment with Jenkins on Kubernetes

Matt Baldwin

ElasticKube, a Container Management Platform for Kubernetes

Matt Baldwin

Using OpenContrail with Kubernetes

Matt Baldwin

Enhancing Kubernetes with Autoscaling & Hybrid Cloud IaaS

Matt Baldwin

Mais de Matt Baldwin (6)

May Bay Area Kubernetes Meetup: Scalable and reliable Kubernetes on AWS

Application Deployment and Management at Scale at 1&1

Continuous Deployment with Jenkins on Kubernetes

ElasticKube, a Container Management Platform for Kubernetes

Using OpenContrail with Kubernetes

Enhancing Kubernetes with Autoscaling & Hybrid Cloud IaaS

Último

Call Girl Pune Indira Call Now: 8250077686 Pune Escorts Booking Contact Details WhatsApp Chat: +91-8250077686 Pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertainin. Plus they look fabulously elegant; making an impressionable. Independent Escorts Pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide –

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7

Call Girls in Nagpur High Profile Call Girls

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R. Why you Choose Us- +91-8264348440 I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls Delhi and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. ★ CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . ★ To Enjoy With Hot and Sexy Girls . ★ We Are Providing :- • 3* 5* 7*Hotels Service • Hygienic Full AC Neat and Clean Rooms Avail. • Daily New Escorts Staff Available • Minimum to Maximum Range Available. Our escort service •BJ (Blowjob) •FK (French kissing) •Kissing with tongue •O-Level (Oral sex) •Long Silky Brown Hair •69 (69 sex) •A-Level (5 start Escort) •Dating {{{N.M}}} 30-04-2024

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.

soniya singh

👉 𝑾𝑰𝑳𝑳 𝑷𝑹𝑶𝑽𝑰𝑫𝑬 𝒀𝑶𝑼 𝑾𝑰𝑻𝑯 𝑺𝑬𝑿𝒀 𝑴𝑶𝑫𝑬𝑳𝑺 𝑾𝑯𝑶 𝑾𝑰𝑳𝑳 𝑫𝑨𝑵𝑪𝑬 & 𝑫𝑹𝑰𝑵𝑲 𝑾𝑰𝑻𝑯 𝒀𝑶𝑼 𝑨𝑵𝑫 𝑨𝑳𝑺𝑶 𝑷𝑹𝑶𝑽𝑰𝑫𝑬 𝒀𝑶𝑼 𝑺𝑬𝑿𝑼𝑨𝑳 𝑩𝑶𝑫𝒀 𝑻𝑶 𝑩𝑶𝑫𝒀 𝑴𝑨𝑺𝑺𝑨𝑮𝑬 𝑾𝑰𝑻𝑯 𝑺𝑬𝑿. 👉𝒀𝑶𝑼 𝑴𝑨𝒀 𝑻𝑨𝑲𝑬 𝑻𝑯𝑬𝑴 𝑶𝑼𝑻 𝑭𝑶𝑹 𝑨 𝑷𝑨𝑹𝑻𝒀 𝑶𝑹 𝑨𝑳𝑺𝑶 𝑭𝑶𝑹 𝑨𝑵𝒀 𝑷𝑹𝑰𝑽𝑨𝑻𝑬 𝑷𝑨𝑹𝑻𝑰𝑬𝑺. 👉𝑻𝑯𝑬𝑺𝑬 𝑮𝑰𝑹𝑳𝑺 𝑨𝑹𝑬 𝑰𝑵𝑻𝑬𝑹𝑬𝑺𝑻𝑬𝑫 𝑰𝑵 𝑯𝑨𝑽𝑰𝑵𝑮 𝑺𝑶𝑴𝑬 𝑭𝑼𝑵 𝑾𝑰𝑻𝑯 𝒀𝑶𝑼 𝑨𝑵𝑫 𝑾𝑰𝑳𝑳 𝑬𝑵𝑺𝑼𝑹𝑬 𝑻𝑯𝑨𝑻 𝒀𝑶𝑼 𝑯𝑨𝑽𝑬 𝑪𝑶𝑴𝑷𝑳𝑬𝑻𝑬 𝑭𝑼𝑵. 28/April/2024 {{🎗️SCH🎗️}} 8923113531 How to book call girls The Booking process is particularly time-saving and more comfortable for us. Below mentioned are the steps you need to follow to hire our call girl: Step 1 - Visit our Call Girls Service website Step 2 - check for the portfolios of our sexy and hot call girls Step 3 - check on the services provided by the specific call girls Step 4 - Once you have selected the call girls and respective services, go to the contact us page. Step 5 - on the contact page, you will get our phone number, WhatsApp number, and email address. You can choose any one of them to connect with us. Call Us – 8923113531 ✣ ✤ ✥ ✦ 𝑻𝑰𝑴𝑬 𝑾𝑨𝑺𝑻𝑬𝑹𝑺 𝑨𝑵𝑫 𝑩𝑨𝑹𝑮𝑨𝑰𝑵𝑬𝑹𝑺 𝑨𝑹𝑬 𝑷𝑳𝑬𝑨𝑺𝑬 𝑬𝑿𝑪𝑼𝑺𝑬, 𝑾𝑬 𝑹𝑬𝑺𝑷𝑬𝑪𝑻 𝒀𝑶𝑼𝑹 𝑺𝑨𝑭𝑬𝑻𝒀 𝑨𝑵𝑫 𝑷𝑹𝑰𝑽𝑨𝑪𝒀 𝑨𝑵𝑫 𝑬𝑿𝑷𝑬𝑪𝑻 𝑻𝑯𝑬 𝑺𝑨𝑴𝑬 𝑭𝑹𝑶𝑴 𝒀𝑶𝑼.✣ ✤ ✥ ✦

CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online

anilsa9823

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (07-May-2024(PSS)

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Call Girls In Pratap Nagar Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝

soniya singh

Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available

Seo

INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.

CarlotaBedoya1

Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand Booking Contact Details :- WhatsApp Chat :- +91-9711199171 30-April-2024(SMW) Best Escorts Service in Delhi Call Us — 9711199171 —Are you Looking for Call Girls in Delhi then This's a perfect place for you. We brings Many Models and Independent Call girls who Can fulfill all your Sexual Desires by Their Complete package of sex Service and It's Absolutely safe and secure. Book Your One night Stand Call Girls : 9711199171 -SERVICES- Our Delhi Call Girls are fully cooperative and understand your needs and they Give you their complete package of Sex service like- Real girl friend experience, Lip Kiss, Lip Lock, Smooch, Sucking without Condom, Oral, Erotic Massage, Lap Dance, Threesome, 69 Licking, Sex in all Position, Anal Sex etc, -AVAILABLE GIRLS- We Bring Many Good looking Slim, Busty, Hot and Sexy Call Girls as per our client's Choice like Housewives, College girls, Russian girls, Muslim girls, Afghani girls, Bengali girls, Working girls, south Indian girls, Punjabi girls, Big Boobs Call Girls etc,

Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand

kumarajju5765

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl 🔝 7001035870🔝✔️✔️ One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500 /in-call, ₱6000/out-call Body to body massage with sex: ₱3000/in-call Full night for one person: ₱7000/in-call, ₱10000/out-call Full night for more than 1 person : Contact us at 7001035870. for details Operating 24/7, we serve various locations in Hyderabad. For premium call girl services in Hyderabad 7001035870. Thank you for considering us !

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl

aditipandeya

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx

ellan12

Russian Call girl in Ajman +971563133746 Ajman Call girl Service

gwenoracqe6

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Call Mr Chirag Ji +91-7877925207 NORTH/SOUTH INDIANS HIGH CLASS MODELS/COLLEGE GIRLS/ HOUSEWIVES/BODY TO BODY MASSAGE, SANDWICH MASSAGE, SHOWER BATHING, BLOW JOB, LICKING, FRONT AND BACK SHOT, RUBBING, KISSING SMOOCHING ETC ETC... UNLIMITED FUN Call 24/7. Your assistance for your service... ☛ ✔✔ secure✔✔ 100% safe ✔✔ Vip Callgirl Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ A02524SW ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife • Collage Going Girls. • Travelling Escorts. • Ramp-models • Foreigner And Many More.. ★OUR BEST SERVICES: - FOR BOOKING ★ A-Level (5 star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...

Neha Pandey

Slides from a workshop exploring "Moving Beyond Twitter/X and Facebook - Social Media for local news providers" This presentation outlines social media habits in the US (and globally) and offers suggestions for how local newsrooms can tap into them. The presentation features key data, user case studies and recommendations for new things to try out. The presentation was part of the New York Press Association's 2024 spring conference. https://nynewspapers.com/2024-nypa-spring-conference/

Moving Beyond Twitter/X and Facebook - Social Media for local news providers

Damian Radcliffe

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

Best VIP Call Girls Noida Sector 75 Call Me: 8448380779

Delhi Call girls

Slides from a workshop exploring "How is AI changing journalism?" This presentation outlines how newsrooms have been using artificial intelligence (AI) for some time, and how the emergence of Generative AI is accelerating this usage. The presentation outlines use cases, key steps for implementation and some emerging areas and issues to keep an eye on. The presentation was part of the New York Press Association's 2024 spring conference. https://nynewspapers.com/2024-nypa-spring-conference/

How is AI changing journalism? (v. April 2024)

Damian Radcliffe

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call Booking Contact Details :- WhatsApp Chat :- +91-9711199171 27-April-2024(SMW) Best Escorts Service in Delhi Call Us — 9711199171 —Are you Looking for Call Girls in Delhi then This's a perfect place for you. We brings Many Models and Independent Call girls who Can fulfill all your Sexual Desires by Their Complete package of sex Service and It's Absolutely safe and secure. Book Your One night Stand Call Girls : 9711199171 -SERVICES- Our Delhi Call Girls are fully cooperative and understand your needs and they Give you their complete package of Sex service like- Real girl friend experience, Lip Kiss, Lip Lock, Smooch, Sucking without Condom, Oral, Erotic Massage, Lap Dance, Threesome, 69 Licking, Sex in all Position, Anal Sex etc, -AVAILABLE GIRLS- We Bring Many Good looking Slim, Busty, Hot and Sexy Call Girls as per our client's Choice like Housewives, College girls, Russian girls, Muslim girls, Afghani girls, Bengali girls, Working girls, south Indian girls, Punjabi girls, Big Boobs Call Girls etc, -PAYMENT METHOD- C O D. If you Want to Book our Call girls Service in Delhi . We don,t ask anything in Advance, you Can simply pay to her Cash on Delivery or via any upi. In-Call: — You can reach at our Place in Delhi Our place Hotel and Flat Which Is Very Clean Hygiene And 100% safe Accommodation. Out-Call: — You Can pick up the Girl from my Place if not we Provide Door-Step Call Girls Delivery in Delhi. NOTE: — Pic Collectors Time Passers and Bargainers please Stay Away As We Respect The Value For Your Money Time And Expect The Same From You. OUR SERVICES RATE: – let you know the our Call girls price in Delhi are very affordable and Best rate in genuine market of Call girls. But as all you knows that Quality has comes with its own Price tag. One Shot — 5000/in call (time 1 hour), 6000/out call Two shot with one girl — 8000/in call (time 2 hour), 10000/out call Body to body massage with sex- 8000/in call (time 1 hour) Full night Service for one person– 12000/in call, 13000/out call (shot limit 3-4 shots) Full night Service for more than 1 person — please contact Us —9711199171 We are available 24*7 all days of the year. Call us — 9711199171 Thank you for Visiting.

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call

shivangimorya083

It's important to remember that accessing the dark web can be risky and requires specialized skills and tools. Many organizations leverage threat intelligence companies that have a safe and legal way to monitor these areas and extract valuable information. Let's shine some light on the Dark Web. Kyle Hettinger from Recorded Future's Dark Web research team joins GDG Cloud Southlake joins to Demystify the Dark Web. Kyle has been doing cybercrime investigations for over 10 years, and has collaborated with both public and private sector partners to identify, mitigate, and neutralize cybercriminals.

GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web

James Anderson

Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Service Click Here Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS) Two shots with one girl: ₹4000/in-call, ₹7000/out-call Body to body massage with : ₹4500/in-call Full night for one person: ₹7000/in-call, ₹12000/out-call Delhi Russian Escorts provide clients with the opportunity to experience an array of activities - everything from dining at upscale restaurants to watching the latest movies. Hotel call girls are available year-round to offer unforgettable experiences and fulfill all of your erotica desires. Escort services go beyond the traditional notion of call girls by providing clients with customized experiences beyond dinner companionship to social events. (29-April-2024(PSS)

Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai

Dubai call girls 971524965298 Call girls in Bur Dubai

Russian #ℂall #Girls in #Goa That's where #Goa #ℂall -#Girls comes in. As the premier outℂall ℂall -Girls service in Goa , we provide beautiful, charming ℂall -Girls in Goa who will join you in the privacy of your hotel room or villa for an evening of pleasure and delight. That's where Goa ℂall -Girls comes in. As the premier outℂall ℂall -Girls service in Goa , We provide beautiful, charming ℂall -Girls in Goa who will join you in the privacy of your hotel room or villa for an evening of pleasure and delight. Our VIP Girl's in Goa ' will also provide you the top-level satisfaction. We have available Filipina Girl's who can fully satisfy our clients. Our Escorts in Goa ' Agency always hires the Girl's on the basis of their intelligence, sexual appearance, beauty, attractiveness, and friendly nature. For Booking Kindly Message on Whatsapp ℂall / Whatsapp- Goa 'ℂall 'girls 'ℂall 'girls in Goa 'ℂall 'girls Service, Indian 'ℂall 'girls in Goa , Russian 'ℂall 'girls in Goa , Independent 'ℂall 'girls in Goa Cheap 'ℂall 'girls in Goa Russian 'ℂall 'girls in Goa , Hot Al Barsha 'ℂall 'girls I've Used the Service from this agency history in Bur Goa Area. The 'ℂall 'girl was so corporative and Fashionable. She Came Into my hostel room. I got This Goa 'ℂall 'girl figures from Goa so straightway I communicated her. I'm so happy after using this agency service. This is largely recommended if you're a ℂall er in Goa and you do n’t have an idea how to get the 'ℂall 'girls In Goa . This agency is having a big collection of Indian 'ℂall 'girls In Goa and Russian 'ℂall 'girls In Goa and the stylish thing about it's they all are vindicated, staff. Indeed They've a huge variety of Independent 'ℂall 'girls In Goa as well. This agency is holding a verified Staff which is a great occasion for every stoner in Goa or any part of Goa .

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service

sexy call girls service in goa

Istio Cloud Native Online Series - Intro to Istio Security

1. Confidential & ProprietaryGoogle Cloud Platform 1 An Introduction to Istio Security Tao Li (lita@google.com) November 29, 2017

2. Confidential & ProprietaryGoogle Cloud Platform 2 Problem Statement IT’s shift to a modern distributed architecture has left enterprises unable to monitor, manage or secure their services in a consistent way.

3. Confidential & ProprietaryGoogle Cloud Platform 3 Istio Overview

4. Confidential & ProprietaryGoogle Cloud Platform 4 Istio Overview

5. Confidential & ProprietaryGoogle Cloud Platform 5 Why Security?

6. Confidential & ProprietaryGoogle Cloud Platform 6

7. Confidential & ProprietaryGoogle Cloud Platform 7 Istio Security incorporates the learnings of securing millions of service endpoints in Google’s production environment

8. Confidential & ProprietaryGoogle Cloud Platform 8 Istio Security Scope

9. Confidential & ProprietaryGoogle Cloud Platform 9 Istio Security Scopes ● Mutual authentication and encryption between Istio endpoints ○ Based on service accounts ○ Encoded in x509 cert ○ Mutual TLS (mTLS) between client/server proxies (Envoy) ● Support additional authN ○ TLS + JWT for end user authentication ● Security policy to allow fine control ○ A unique interface to config Authn/Authz/Audit policy

10. Confidential & ProprietaryGoogle Cloud Platform 10 Service-to-service mTLS Communication

11. Confidential & ProprietaryGoogle Cloud Platform 11 Securing the service communication SAN: “spiffe://myorg.com/ns/default/sa/team1” EnvoyFrontend Envoy Backend SAN: “spiffe://myorg.com/ns/default/sa/team2” Client Server K8s PodK8s Pod

12. Confidential & ProprietaryGoogle Cloud Platform 12 Securing the service communication EnvoyFrontend Envoy Backend Client Server mTLS Handshake K8s PodK8s Pod

13. Confidential & ProprietaryGoogle Cloud Platform 13 Securing the service communication EnvoyFrontend Envoy Backend Secure Naming Info Can “spiffe://.../team2” run service “Backend”? Client Server mTLS Handshake Discovery Service K8s PodK8s Pod SAN: “spiffe://.../team2”

14. Confidential & ProprietaryGoogle Cloud Platform 14 Securing the service communication EnvoyFrontend Envoy Backend Secure Naming Info Client Server mTLS Handshake Discovery Service Mixer AuthZ Should I accept “spiffe://...//team1”? K8s PodK8s Pod SAN: “spiffe://.../team1”

15. Confidential & ProprietaryGoogle Cloud Platform 15 Securing the service communication EnvoyFrontend Envoy Backend Secure Naming Info Secure data transmission Client Server mTLS Handshake Discovery Service Mixer AuthZ K8s PodK8s Pod

16. Confidential & ProprietaryGoogle Cloud Platform 16 Service Identity Provisioning

17. Envoy Service2 VM/Bare-metal machine Node Agent CSR Identity Provisioning Isito CA Pod EnvoyService1 K8s Node Volume mount K8s ApiServer

18. EnvoyService1 Envoy Service2 VM/Bare-metal machine Node Agent CSR K8s Node Identity Provisioning Isito CA Node Agent CSR Pod

19. Confidential & ProprietaryGoogle Cloud Platform 19 Roadmap ● Istio Security on Hybrid ● End-User Authentication ● Security Policy ● Pluggable CA Support (e.g., Vault) ● Incremental Istio Security Adoption

20. Confidential & ProprietaryGoogle Cloud Platform 20 Questions? istio-security@googlegroups.com

Notas do Editor

For k8s cluster, CA generates key/cert for workloads and we use k8s secret and volume mount to deliver to key/cert to workload container. This is what we did in our 0.1 release, which is about 4 months ago, in the next release, we extend to support VM. We introduce a node agent running on each VM. It generates private/public key pair, as well as CSR. sends the CSR to CA for sign. And CA sends back the cert. In this way, private key never leaves node agent.
For k8s cluster, CA generates key/cert for workloads and we use k8s secret and volume mount to deliver to key/cert to workload container. This is what we did in our 0.1 release, which is about 4 months ago, in the next release, we extend to support VM. We introduce a node agent running on each VM. It generates private/public key pair, as well as CSR. sends the CSR to CA for sign. And CA sends back the cert. In this way, private key never leaves node agent.

Istio Cloud Native Online Series - Intro to Istio Security

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Istio Cloud Native Online Series - Intro to Istio Security

Semelhante a Istio Cloud Native Online Series - Intro to Istio Security (20)

Mais de Matt Baldwin

Mais de Matt Baldwin (6)

Último

Último (20)

Istio Cloud Native Online Series - Intro to Istio Security

Notas do Editor