Microservices: A Security Nightmare?
4 likes849 views
The document discusses the security challenges presented by microservices architecture, emphasizing their small, autonomous nature and diverse technologies. It suggests strategies for managing security, including clear service boundaries, classifying services by security level, and leveraging continuous delivery as a security feature. The importance of integrating security into the development process and using containers for security and forensics is also highlighted.
Microservices: A Security Nightmare?
- 1. Microservices – a security nightmare? GOTO Nights Zürich - March 3, 2016 Maximilian Schöfmann | @schoefmann Container Solutions Switzerland
- 9. Microservices (2016) … small, hence many services
- 10. Microservices (2016) … small, hence many services talking over the network
- 11. Microservices (2016) … small, hence many services talking over the network built with different technologies
- 12. Microservices (2016) … small, hence many services talking over the network built with different technologies by autonomous teams with end-to-end responsibility
- 13. Microservices (2016) … small, hence many services talking over the network built with different technologies by autonomous teams with end-to-end responsibility doing DevOps and Continuous Delivery
- 14. Microservices (2016) … small, hence many services talking over the network built with different technologies by autonomous teams with end-to-end responsibility doing DevOps and Continuous Delivery using containers
- 15. Microservices (2016) … small, hence many services talking over the network built with different technologies by autonomous teams with end-to-end responsibility doing DevOps and Continuous Delivery using containers
- 16. Microservices are the result of combining architectural ideas from lightweight SOA and Domain Driven Design, organisational approaches like DevOps and Agile Software Development, and technology innovations like Containers and Programmable Infrastructure
- 18. Monolith
- 20. Monolith - method calls
- 21. Microservices - talking over the network
- 22. Java 7 (1.7.0_03) Monolith - few technologies
- 23. Microservices - built with different technologies nodejs 0.9 Ruby 2.1 Java 7 Go 1.4 Java 8
- 25. … autonomous teams with end-to-end responsibility
- 26. … autonomous teams with end-to-end responsibility
- 27. dedicated security experts vs… (ISC)2®
- 29. classic “Security Sandwich” vs…
- 30. classic “Security Sandwich” vs… Specification Implementation Validation
- 32. well isolated “real server” vs…
- 34. Attack surface - VMs vs containers XEN Hypervisor - 10^5 LOC Linux Kernel - 10^7 LOC
- 37. Highly coupled services No clear boundaries
- 38. Loosely coupled services Clear boundaries
- 40. impact of breach can be contained locally
- 41. “Clear service boundaries limit the impact of breaches”
- 43. payment_ data (stateless) cat_ pictures (stateless) user_db Microservices have their own data store
- 44. payment_ data (stateless) cat_ pictures (stateless) user_db Microservices have their own data store
- 45. “Let the need-to-know principle guide your API design”
- 46. payment_ data (stateless) cat_ pictures (stateless) user_db different security levels should require different security properties in services, e.g. encryption, auth, security testing…
- 47. “Classify services into distinct security levels”
- 49. API Gateways API Gateway • Access control • Rate limiting • HTTPS termination . . .
- 51. “Isolate services with different security levels through gateways”
- 54. “Use scalable auth techniques without single points of failure”
- 57. “Manage secrets with special purpose services”
- 59. Freeze image for analysis payment service instance #2 docs upload service instance #1 payment service instance #1 cat picture service instance #1 meme generator instance #1 bookmark manager instance #1 payment service instance #1
- 60. Or even the running container… (criu.org) payment service instance #2 docs upload service instance #1 payment service instance #1 cat picture service instance #1 meme generator instance #1 bookmark manager instance #1 payment service instance #1
- 61. “Leverage container features for forensics”
- 63. “Run services of different security levels on different hosts”
- 64. Replace containers on deploy payment service instance #2 docs upload service instance #1 payment service instance #3 cat picture service instance #1 meme generator instance #1 bookmark manager instance #1
- 66. “built with different technologies” nodejs 0.9 Ruby 2.1 Java 7 Go 1.4 Java 8
- 67. Monocultures…
- 68. Scanning images at rest Clair (CoreOS)Nautilus (Docker Inc.)
- 69. “Scan images already during the build process”
- 72. “Minimise the attack surface of images and hosts”
- 73. Unify & secure deployment methods Simple to add… • TLS • Authentication • Authorisation • Logging & Auditing • Image verification scp rsync git
- 74. “Have a single, hardened method to deploy”
- 78. Security Sandwich and Autonomy Specification Implementation Validation
- 79. Security Sandwich and Autonomy
- 80. Security Sandwich and Autonomy
- 82. Security aspects must become part of the Definition of Done…
- 86. The role of IT Architects is already changing Now, the role of the Security Team needs to change
- 87. “Accountability ensures security is built in, not bolted on”
- 88. Avg: 103 days to fix a vulnerability http://darkmatters.norsecorp.com/2015/06/09/security-vulnerabilities-take-average-of-103-days-to-remediate/
- 89. CD reduces reaction time
- 90. “Leverage Continuous Delivery as a security feature”
- 92. Security-Test pyramid / AppSec pipeline static code analysis Vulnerability scanning E2E security tests faster feedback confidence
- 94. “Have your test pyramid reflect security”
- 99. Nightmare?