Runtime Environment Goals Build optimized Dockerfiles, so-called multi-stage Dockerfiles. Recap the concepts of buildpacks Discover the functionality of buildpacks Investigate the internals and structure of buildpacks. Multi stage Dockerfiles Builder pattern two seperate Dockerfiles were used. one that contained everything needed to build the application. one for production that contained everything to run the app. Multi Stage Dockerfile can be solved with this by having a build and a run stage

Service Mesh Disadvantages of Microservice Architectures Overall System is more complex then in a “big” Application each component needs to implement a new set of cross cutting concerns (Network communication, asychronous requests, distributed state, security, …) large effort to implement seamless and polyglot tendency to uniform frameworks (spring, .net, …) Coordination of API, Protocol Version, migration, … Additional operations overhead (monitorin, logging, debugging, certificate mgmt) 8 common fallacies of distributed computing The network is reliable Latency is zero Bandwidth is infinite The network is secure Topology does not change There is one Administrator Transport cost is zero The network is homogenous Challanges of microservice Architectures Network Resilience

Cloud Patterns Service Registry Circuit Breaker Load Balancer API Gateway Endpoint Monitoring (Health, Metering,…) CNA - Service Registry Endpoint Monitoring Service orientation at scale means using/running many services These Services need to be monitored. a Process could stil be a live but the API is not responding Commands Command description k3d cluster create –config ./lab-setup/k3d-ccp2-config.yaml create cluster Health monitor add this to the deplyoment yaml files: in spec.template.spec.containers livenessProbe: initialDelaySeconds: 20 httpGet: path: /actuator/health/liveness port: 8080 readinessProbe: httpGet: path: /actuator/health/readiness port: 8080 env Variables for URL microservice-shipping.

12 factor Applications LAB Overview Cloud-Native application is an application optimized for running in the cloud (IaaS or PaaS) Each phase in the application life-cycle has to be adopted and optimized to run in the cloud typically desigened as a distributed application LAB Used Applications K3S: a lightweigt Kubernetes designed to run on low-ressource systems fully CNCF-certified K3D: a wrapper to run K3s in Docker makes it easy to run single- and multi-node k3s clusters i.

Penetration Testing LAB NMAP PING-Scan considered host up Normal User: host accepts or refuses (TCP rst) a connection Root and host in same network: host answers an ARP request normal user and host in diff network: host answers to icmp echo request host replies to tcp ack on port 80 host replies to tcp syn on port 443 root and host in diff network

Penetration Testing 3 Goals explain the activities of threat modeling, vulnerability analysis, exploitation and post exploitations discuss the main challanages in these phases and what methods or tools could be use discuss several reasson why vulnerability scanners might not work perfectly (false positives / false negatives) know the architecture and main features of the Metasploit framework and you can use it for vulnerability testing and exploitation tasks Threat modeling (when building software or systems)

Threat Landscape collection of threats threat actors observed trends tracking the threat landscape know the threat agents and their capabilities know used weapons and tatics know exising threats know most relevant threats know emerging threats and actors Why? know your enemy - prepare for current and emerging threats provides motivation for investments in security controls Definition by ENISA1 The ENISA Threat Landscape provides an overview of threats, together with current and emerging trends.

#Securing Information Systems ISMS ISO/IEC 27000 family NIST Risk Management Framework BSI 2000 family An ISMS is a systemic approach to managing information so that it remains secure. (It’s not an application) It includes people, processes and IT systems by applying risk mgmt processes. Information security risk is managed and kept at an acceptable leve by designing, implementing and maintaining a coherent set of security controls. our focus: Security controls Security Controls are safeguards or countermeasures to avoid, detect counteract, or minimize security risks to physical property, information, computer systems, or other assets.

openbook moodle on site ISMS backup is corrective control detective (antivirus is not just dectective but corrective) better IDS 2)(sample exam) have a look at implemention group have a look at circumstances #Threat landscap how do you learn about threat landscape? enisa report APT can not be detected by Antivirus APT are not deployed by sript kiddies APT are not discoverd within 5day after deployment APT doesnt usually target Credit cards numbers apt doesnt delete itself after a while

Architecture SOA Principles Standardized protocols Abstraction (from service implementation) Loose coupling reusability composability stateless service discoverable services Microservices architecture is a SOA architectural style to develop applications as a suite of “small” services, each running in its own process and communicating with lightweight mechanisms (REST APIs or Messaging). They are built around business capabilities following the “do one thing well” principle. Services are highly decoupled (yet composed) and focus on doing a small task