Explore the security implications of Docker containerization in this 37-minute conference talk from Security BSides London. Gain insights into the advantages and potential risks of Docker, including portability, Linux security features, and container vs. VM security. Learn about Docker Engine security, authorization, container networking, and image provenance. Discover best practices for image hardening, patching, and using tools like Docker Bench. Understand how Docker can be both used and misused, and how it might simplify your workflow. Conclude with further reading recommendations and contact information for continued learning.
Overview
Syllabus
Introduction
Outline
Background
Portability
Demo
Docker cornucopia
Docker Engine
Docker Hub
Docker Compose
Linux Security
namespaces
chroot
process
IPC
User Name Space
Linux Capabilities
C Groups
Syscalls
Access Control Profiles
Container vs VM Security
Docker Engine Security
Authorization
Container Networking
Container Privilege
Mounting Docker Sock
DockerHub
Image provenance
Image hardening
Patching
VM sprawl
Docker Bench
Conclusion
Further Reading
Contact Details
Taught by
Security BSides London
