View profile

Docker Defaults Can Improve Security

Bret Fisher
Bret Fisher
@bretfisher
In my series on security features and controls in Docker, this week I talk about what you get out of the box by just using Docker defaults.

How Does "Just Docker" Keep My App Safe?
By using the default out of the box settings with Docker, we gain access to a tight knit secure platform that provides many resources to keep your app safe. These resources include security tools enabled out of the box, like AppArmor, and seccomp which are tools that can help with access restrictions. Along with the general Linux features around cgroups and namespaces, we can isolate what a container can and cannot access.
Docker Security Tips: Just use Docker!
Docker Security Tips: Just use Docker!
It’s Halloween! This week I step through the best things you can do to improve your Docker #security setup and lock down your app images and containers.
www.youtube.com
What security concerns should I have with Docker?
What security concerns should I have with Docker?
A common question I get around making sure Docker is secure.
github.com
Docker & AppArmor: 30.000 foot view - @lucjuggery - Medium
Docker & AppArmor: 30.000 foot view - @lucjuggery - Medium
When it comes to the sensitive topic of container security, several options are considered.
medium.com
Docker engine security | Docker Documentation
Review of the Docker Daemon attack surface
docs.docker.com
How These Tools to Reduce Your Risk Profile
Kernel namespaces provide the first defense against security threats: isolation. By limiting access through individual network stacks, PIDs, and Users, containers are highly controllable as to what they are able to see. Alongside of this, are cgroups, which provide control over resources a container can have access to. This includes CPU, RAM, and network bandwidth. For instance, a properly configured cgroup will prevent a container from overloading the host CPU. Another feature in the Linux kernel is “Seccomp” or secure computing. This allows you to restrict the actions that are available from within a container. In the docs found below, you can learn how Docker enables some locked-down “sane defaults”. You can also configure your own!
Docker Namespace and Cgroups - Kasun Rathnayaka - Medium
Docker Namespace and Cgroups - Kasun Rathnayaka - Medium
Namespaces are a fundamental aspect of containers on Linux.
medium.com
Thanks for reading,
–Bret
Weekly YouTube Live: bretfisher.com/youtube
Course Coupons: bretfisher.com/courses
Podcast: bretfisher.com/podcast
Twitter: twitter.com/bretfisher
Did you enjoy this issue? Yes No
Bret Fisher
Bret Fisher @bretfisher

Commentary on tools and techniques I find interesting around Docker, Kubernetes, Cloud Native DevOps, and DevSecOps.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.
Bret Fisher, Virginia Beach, Virginia, USA