Explore "rbac" with insightful episodes like "Episode 547: Nicholas Manson on Identity Management for Cloud Applications", "Episode 523: Jessi Ashdown and Uri Gilad on Data Governance", "2019-025-Ben Johnson discusses identity rights management, and controlling your AuthN/AuthZ issues", "Docker and Swarm RBAC Options" and "Effective RBAC for Kubernetes" from podcasts like ""Software Engineering Radio - the podcast for professional software developers", "Software Engineering Radio - the podcast for professional software developers", "Brakeing Down Security Podcast", "DevOps and Docker Talk: Cloud Native Interviews and Tooling" and "PodCTL - Enterprise Kubernetes"" and more!
Jessi Ashdown and Uri Gilad, authors of the book "Data Governance: The Definitive Guide," discuss what data governance entails, why it's important, and how it can be implemented. Host Akshay Manchale speaks with them about why data governance...
Identity analytics
“Identity analytics is the next evolution of the IGA (Identity Governance & Administration) market. Identity professionals can use this emerging set of solutions combining big data and advanced analytics to increase identity-related risk awareness and enhance IAM processes such as access certification, access request and role management.” --gartner
Identity related risk awareness
Access certification is the process of validating access rights within systems. ... With access certification, organizations and regulations aim to formally validate users within systems and ensure their access rights are appropriate.
Access request - a system must validate that a user has need-to-know
Role management - users must be validated in a particular role or roles (admin, superuser, backup controller, launch manager, code committer)
What kind of threats are you protecting against?
What do you solve that proper administration of users can do?
How does technology like this improve IAM processes?
If it gathers heuristics, what happens when a user changes? (loses an arm, finger, or sneezes during password login, or just ages?)
Where is the best fit for these kinds of systems?
Where should you put these systems if you’re in a blended environment? And how does this work with systems like Active Directory?
Privacy issues… what if any do you have to deal with in this case?
That was my next question
Entitlements? What’s the difference between AuthN?
Identity creep -Ben gave a talk on it https://www.brighttalk.com/webcast/17685/362274
Does this monitor, or will it also prevent?
If it doesn’t, can it send alerts to you IPS to isolate?
“Blast radius”
https://whatis.techtarget.com/definition/behavioral-biometrics
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com
#Brakesec Store!:https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec
In this episode, I answer a question about how to control admin access to docker and swarm using roll based authentication.
★Show Links ★
You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!
Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com
Show: 21
Show Overview: Brian and Tyler talk about how Role-Based Access Control (RBAC) is implemented for Kubernetes.
Show Notes:
Topic 1 - The concept of RBAC is best described as “Can ______ (noun) ______ (verb) on ______ (object) at ______ (location)?” where “noun” is a person/service, “verb” is an action, “object” is a function of the API, and “location” is proximity to a Kubernetes cluster.
Topic 2 - RBAC operates on the concept of Roles and RoleBindings, which map actors to actions, and those actors and actions are defined either globally or locally, and the actions are also defined globally or locally.
Topic 3 - RBAC can be manually defined, or enabled (by default) by an installer or distribution. It comes with a default set of Roles. Everything is done within the scope of a cluster.
Topic 4 - By default, the kube-scheduler, kube-controller-manager, and kube-proxy all have RBAC roles defined. Kubelets (node-level) don’t use RBAC by default, but have their own authorizer, which can then be combined with an RBAC authorizer.
Topic 5 - “Add-ons” (networking, monitoring, logging, etc.) can have RBAC defined in their manifests, or you can grant them access to their service account.
Topic 6 - “If the element needs to be something other than those default roles, or using default authorizer services, then CustomRoles can be created. Can use audit logs to track the needs of a specific add-on. Can use “audit2rbac” tool to views the logs and create custom RBAC roles.
Topic 7 - “Aggregate Roles” are now available in Kubernetes 1.9.
Feedback?
Stay up to date
For any inquiries, please email us at hello@podcastworld.io