Abstract
Defense in depth is an information assurance technique used to protect a system from any particular attack – use of blended countermeasures, working together to meet control and governance requirements. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.
This talk will cover numerous technologies and practices at each layer – from kernel quality, SELinux (svirt), SECCOMP, and use of root, to measuring attack surface, patch remediation, and platform level authentication/authorization, these are the droids you are looking for.
This talk will help an end user understand the breadth of tooling that is available at each level and how they will help protect their system from intrusions and compromises.