Overview
Explore container security best practices in this 35-minute conference talk from GOTO Stockholm 2016. Delve into key concerns like kernel attacks, container breakouts, and secret sniffing. Learn mitigation strategies including least privilege principles, image scanning, and combining containers with VMs. Discover how to manage Docker privileges, set resource limits, use minimal images, and leverage Linux security modules. Gain insights on verifying images, implementing auditing, handling environment variables securely, and using key-value stores for sensitive data. Master essential techniques to enhance the security of your containerized applications.
Syllabus
Introduction
OVERVIEW
KERNEL ATTACKS
CONTAINER BREAKOUTS
SNIFFING SECRETS
LEAST PRIVILEGE
HOW TO MITIGATE
NOT A SOLUTION!
IMAGE SCANNING
USE CONTAINERS AND VMS
DOCKER PRIVILEGES
DROP CAPABILITIES
SET CPUSHARES
SET MEMORY LIMITS
DEFANG SETUID/SETGID BINARIES
USE MINIMAL IMAGES
USE LINUX SECURITY MODULES
SELINUX
SECURITY HARDENED KERNEL
VERIFY IMAGES
AUDITING
ENVIRONMENT VARIABLES
SECURE KEY-VALUE STORE
CONCLUSION
Taught by
GOTO Conferences