Fig 4 - uploaded by Nico Surantha
Content may be subject to copyright.
Source publication
To provide better services and new future offerings to their customers, an enterprise in the financial services industry in Indonesia has decided to use Kubernetes, an application container technology, to serve their digital services through applications, developed with micro-services architecture concepts. The new services and technology were expe...
Context in source publication
Context 1
... and did not require external connectivity, the route could be filtered out using prefix lists and by map the prefix lists [11] to the outgoing interface at the BGP configuration at Tier-0 (T0) router as shown in fig. 3. After the prefix lists was mapped to the router, as shown in figure 8, the 10.1.6.0/24 route would be omitted at the T0 router. Fig. 4 showed the 10.1.6.0/24 was not found in the virtual router's routing table. This results means we can perform BGP authentication and succesfully filter out "internal" routes from being advertised externally. Secondly, we evaluate whether our proposed designed can prevent penetration from external to the application container network ...
Similar publications
![Figure [3] newly software setting 2-For external connection and before...](profile/Abdulkareem_Radhi2/publication/335716630/figure/fig1/AS:801552835018754@1568116496922/Figure-3-newly-software-setting-2-For-external-connection-and-before-installing-the_Q320.jpg)
![Figure [4] (LAN Card configuration) 3-Select an appropriate...](profile/Abdulkareem_Radhi2/publication/335716630/figure/fig2/AS:801552835035142@1568116496957/Figure-4-LAN-Card-configuration-3-Select-an-appropriate-configuration-for-the-virtual_Q320.jpg)
Due to the rapid growth of Internet users in the last decades and illegal use of software from piracies without granting authorities from legal vendors, besides expensive of software products and drawbacks in distribution, this paper offers a suitable technique to protect software from piracy. It relies on elliptic curve cryptography technique achi...
Citations
... Indeed, those papers that do exist in the crossover between container security and ZTA are focused primarily on implementing the traditional Zero Trust Networking approach to containers rather than abstracting the rules of ZTA into a more comprehensive framework to consider and govern the entire surface area of a container deployment, or more specifically as it relates to this paper, the surface area of a Docker container deployment. (Surantha 2020) provides arguments for the use of ZTA from a technical standpoint in securing a container deployment, without evolving the concept of ZTA beyond the network. (de Weeve 2020) provides a more indepth look at technical details, strategy and considerations when using ZTA with containers and identifies ZTA as more than purely a technical concept, but a security approach. ...
Containerisation is quickly becoming an accepted industry standard for development environments and Gartner, in a recent market forecast, estimated that by 2022 more than 75% of organisations will be using containers in production deployments. With this explosion in growth comes an added focus on security and best practices for using containers. The use of containers, in particular Docker containers, has altered some of the more traditional deployment paradigms by giving control of deployments to the development teams. This has massively benefited the DevOps release cycle, but at the expense of many mature security and review processes that are integrated into traditional deployments. Like all systems, containers need frameworks to guide best practices for deployments and to ensure mistakes are not made that increase the risk level or attack surface of an application or service using containers, or the containers themselves. Indeed, according to a recent presentation during DevSecCon24 by Justin Cormack, Security Lead at Docker Inc., Cormack believes most security issues related to Docker are due to misconfiguration rather than direct exploit. While work has been previously conducted with regards to container security and separately applying Zero Trust Networking Architecture to containers, in this work we will investigate the security state of a default deployment of the Docker container engine on Linux and analyse how the principals of Zero Trust Architecture can be extended beyond the domain of networking, distilled into a "Zero Trust Containers Architecture" and applied to secure Docker deployments. In order to determine this, research was conducted into the current state of Docker security and Zero Trust Architecture. Practical and theoretical attacks were reviewed against a default Docker deployment to identify common themes and areas of issue. Results were used to advise a generalised trust-based framework which was then used to analyse a Docker deployment and validate mitigation of a selection of the identified attacks, proving out the concept of the proposed "Zero Trust Container Architecture" framework.
... Indeed, those papers that do exist in the crossover between container security and ZTA are focused primarily on implementing the traditional Zero Trust Networking approach to containers rather than abstracting the rules of ZTA into a more comprehensive framework to consider and govern the entire surface area of a container deployment, or more specifically as it relates to this paper, the surface area of a Docker container deployment. (Surantha 2020) provides arguments for the use of ZTA from a technical standpoint in securing a container deployment, without evolving the concept of ZTA beyond the network. (de Weeve 2020) provides a more indepth look at technical details, strategy and considerations when using ZTA with containers and identifies ZTA as more than purely a technical concept, but a security approach. ...
Containerisation is quickly becoming an accepted industry standard for development environments and Gartner, in a recent market forecast, estimated that by 2022 more than 75% of organisations will be using containers in production deployments. With this explosion in growth comes an added focus on security and best practices for using containers. The use of containers, in particular Docker containers, has altered some of the more traditional deployment paradigms by giving control of deployments to the development teams. This has massively benefited the DevOps release cycle, but at the expense of many mature security and review processes that are integrated into traditional deployments. Like all systems, containers need frameworks to guide best practices for deployments and to ensure mistakes are not made that increase the risk level or attack surface of an application or service using containers, or the containers themselves. Indeed, according to a recent presentation during DevSecCon24 by Justin Cormack, Security Lead at Docker Inc., Cormack believes most security issues related to Docker are due to misconfiguration rather than direct exploit. While work has been previously conducted with regards to container security and separately applying Zero Trust Networking Architecture to containers, in this work we will investigate the security state of a default deployment of the Docker container engine on Linux and analyse how the principals of Zero Trust Architecture can be extended beyond the domain of networking, distilled into a ”Zero Trust Containers Architecture” and applied to secure Docker deployments. In order to determine this, research was conducted into the current state of Docker security and Zero Trust Architecture. Practical and theoretical attacks were reviewed against a default Docker deployment to identify common themes and areas of issue. Results were used to advise a generalised trust-based framework which was then used to analyse a Docker deployment and validate mitigation of a selection of the identified attacks, proving out the concept of the proposed “Zero Trust Container Architecture” framework.
In this contemporary era internet of things are used in every realm of life. Recent software’s (e.g., vehicle networking, smart grid, and wearable) are established in result of its use: furthermore, as development, consolidation, and revolution of varied ancient areas (e.g., medical and automotive). The number of devices connected in conjunction with the ad-hoc nature of the system any exacerbates the case. Therefore, security and privacy has emerged as a big challenge for the IoT. This paper provides an outline of IoT security attacks on Three-Layer Architecture: Three-layer such as application layer, network layer, perception layer/physical layer and attacks that are associated with these layers will be discussed. Moreover, this paper will provide some possible solution mechanisms for such attacks. The aim is to produce a radical survey associated with the privacy and security challenges of the IoT. The objective of this paper is to rendering possible solution for various attacks on different layers of IoT architecture. It also presents comparison based on reviewing multiple solutions and defines the best one solution for a specific attack on particular layer.KeywordsInternet of thingsSecurity and privacyIoT layersAttacks with solution mechanism
This chapter is about analyzing cybersecurity risks and their mitigation for work-from-home considering the COVID-19 situation, concerning the tools and techniques being used to run the organization’s operations. This chapter will help you understand the utilizations of online stages as a home office, and it will clear all the issues that emerge during this pandemic circumstance. Everything is discussed in insights concerning the dangers of tools and applications, which has picked up the business's goal shockingly. This is the worst pandemic that ever happened to humanity because every company and department suffers from this tragedy. Moreover, cybercriminals are constantly looking for new attack vectors. Already they have attempted to exploit the servers of many corona research centers. Also, they have strived to take over video conferencing platforms like zoom. Alleviation of those all-outsider applications and their answers are covered in this study work, which will assist you to make your home environment and your home office safe.KeywordsCovid-19Cyber threatsInformation warfareRisk and mitigationWork from homeZero trust network
Computer vision has a great potential to deal with agriculture problems. It is crucial to utilize novel tools and techniques in the agriculture food industry. The focus of current studies is to automate the fruit harvesting, grading of fruits, fruit recognition, and identification of diseases in the agriculture domain using deep learning and computer vision. Integrating deep learning with computer vision facilitates the consistent, speedy and trustworthy classification of fruit and vegetables compared to the traditional machine learning algorithm. However, there are still some challenges, such as the need for expert farmers to develop large-scale datasets to recognize and identify the problems of agriculture production. This survey includes eighty papers relevant to deep learning and computer vision techniques in the agriculture field.KeywordsDeep learningObject detectionComputer visionYield estimation
In this paper, a comprehensive evaluation of social network analysis approaches performed with Cybersecurity prospect to analyze and visualize cybersecurity information. this paper help to understand the supporting features and their relevancy to security. However, these approaches are open source and supporting to many Operating system so these are easy to access and can be used by individuals to get their desired output.KeywordsSocial network analysisGephiTulipPajekCybersecuritySecurityVisualization of security
Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus : it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.
Microservice architectures (MSA) are becoming trending alternatives to existing software development paradigms notably for developing complex and distributed applications. Microservices emerged as an architectural design pattern aiming to address the scalability and ease the maintenance of online services. However, security breaches have increased threatening availability, integrity and confidentiality of microservice-based systems. A growing body of literature is found addressing security threats and security mechanisms to individual microservices and microservice architectures. The aim of this study is to provide a helpful guide to developers about already recognized threats on microservices and how they can be detected, mitigated or prevented; we also aim to identify potential research gaps on securing MSA. In this paper, we conduct a systematic mapping in order to categorize threats on MSA with their security proposals. Therefore, we extracted threats and details of proposed solutions reported in selected studies. Obtained results are used to design a lightweight ontology for security patterns of MSA. The ontology can be queried to identify source of threats, security mechanisms used to prevent each threat, applicability layer and validation techniques used for each mechanism. The systematic search yielded 1067 studies of which 46 are selected as primary studies. The results of the mapping revealed an unbalanced research focus in favor of external attacks; auditing and enforcing access control are the most investigated techniques compared with prevention and mitigation. Additionally, we found that most proposed solutions are soft-infrastructure applicable layer compared with other layers such as communication and deployment. We also found that performance analysis and case studies are the most used validation techniques of security proposals.
