View profile

Docker Defaults Can Improve Security

Revue
 
In my series on security features and controls in Docker, this week I talk about what you get out of
 

Vital DevOps: Improving Your Container DevOps Skills

November 4 · Issue #17 · View online
Commentary on tools and techniques I find interesting around Docker, Kubernetes, Cloud Native DevOps, and DevSecOps.

In my series on security features and controls in Docker, this week I talk about what you get out of the box by just using Docker defaults.

How Does "Just Docker" Keep My App Safe?
By using the default out of the box settings with Docker, we gain access to a tight knit secure platform that provides many resources to keep your app safe. These resources include security tools enabled out of the box, like AppArmor, and seccomp which are tools that can help with access restrictions. Along with the general Linux features around cgroups and namespaces, we can isolate what a container can and cannot access.
Docker Security Tips: Just use Docker! Docker Security Tips: Just use Docker!
What security concerns should I have with Docker?
Docker & AppArmor: 30.000 foot view - @lucjuggery - Medium
Docker engine security | Docker Documentation
How These Tools to Reduce Your Risk Profile
Kernel namespaces provide the first defense against security threats: isolation. By limiting access through individual network stacks, PIDs, and Users, containers are highly controllable as to what they are able to see. Alongside of this, are cgroups, which provide control over resources a container can have access to. This includes CPU, RAM, and network bandwidth. For instance, a properly configured cgroup will prevent a container from overloading the host CPU. Another feature in the Linux kernel is “Seccomp” or secure computing. This allows you to restrict the actions that are available from within a container. In the docs found below, you can learn how Docker enables some locked-down “sane defaults”. You can also configure your own!
Docker Namespace and Cgroups - Kasun Rathnayaka - Medium
Seccomp security profile- Docker Docs
Thanks for reading,
–Bret
Weekly YouTube Live: bretfisher.com/youtube
Course Coupons: bretfisher.com/courses
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Bret Fisher, Virginia Beach, Virginia, USA