Explore container security best practices in this 35-minute conference talk from GOTO Stockholm 2016. Delve into key concerns like kernel attacks, container breakouts, and secret sniffing. Learn mitigation strategies including least privilege principles, image scanning, and combining containers with VMs. Discover how to manage Docker privileges, set resource limits, use minimal images, and leverage Linux security modules. Gain insights on verifying images, implementing auditing, handling environment variables securely, and using key-value stores for sensitive data. Master essential techniques to enhance the security of your containerized applications.
Overview
Syllabus
Introduction
OVERVIEW
KERNEL ATTACKS
CONTAINER BREAKOUTS
SNIFFING SECRETS
LEAST PRIVILEGE
HOW TO MITIGATE
NOT A SOLUTION!
IMAGE SCANNING
USE CONTAINERS AND VMS
DOCKER PRIVILEGES
DROP CAPABILITIES
SET CPUSHARES
SET MEMORY LIMITS
DEFANG SETUID/SETGID BINARIES
USE MINIMAL IMAGES
USE LINUX SECURITY MODULES
SELINUX
SECURITY HARDENED KERNEL
VERIFY IMAGES
AUDITING
ENVIRONMENT VARIABLES
SECURE KEY-VALUE STORE
CONCLUSION
Taught by
GOTO Conferences
Related Courses
-
Certified Kubernetes Security Specialist (CKS) Course
-
Create Secure Production Environment Using Docker
-
Designing Secure Containerized Applications for Embedded Linux Devices
-
How to Secure Your Node.js Containers on Kubernetes With Best Practices
-
Container Chaos - Docker Security Container Auditing
-
Insights in Container Security
