Teaching Cyber Blog

Subscribe for news and updates




Three step plan to protect containers

Welcome and thank you for reading this article!  Protecting containers is essential to the security of a container-based application, data and associated services integrated with it. Where to start? This three step plan will help mitigate against the majority of threats, with the understanding container security is continuous with no real end stage.

1. Follow Container Security Best Practices (SPOIL)

Use official and verified Images, images that are from trusted sources, like official registries such as docker, and verify image integrity using cryptographic checksums or digital signatures.

As with any software, keep it up to date, with security patches and updates for your container runtime, orchestration platform, and original base images to address any known vulnerabilities.

Use Image security scanning for vulnerabilities, malware, as well as security policy violations before deployment.  Some the tools you can use include Anchore, Clair or Docker who provide security scanning.

Apply least Privileges, containers should use the minimum privileges necessary to perform work, this reduces the potential blast impact of any compromise on the container, host system and interconnected services.

Containers should run on the network in isolation and limit communication between containers, reducing the attack surface and potential lateral movement between containers and hosts.

At a minimum, if time, effort or resource is low, follow SPOIL which is, step one of this article, summarised:

  • S,ecurity Scanning
  • P.atching and Updates
  • O.fficial or verified images
  • I.solation
  • L.east Privilege

2. Follow Runtime Environment Best Practices

Impose Limits on resources, including but not limited to CPU and memory to minimise abuse of resource and denial of service attacks.

Logging and Detective controls, collect and analyse container logs to identify suspicious activities as a detective control.

Use firewall controls, container specific firewalls to control inbound and outbound network traffic.

Runtime Protection, by installing security tools for container environments, including vulnerability scanning, and security detection systems.

3. Implement Access Control and Identity Management

Follow Principle of Least Privilege, limit access permissions for containers, orchestration and hosts to only what is needed and no more.

Use Role-Based Access Control with appropriate roles and permissions to users and services that are assigned with containers.

Use Multi-Factor Authentication (MFA) as a second factor, such as tokens or mobile device to further secure access control to container environments.

Monitoring and auditing, monitor and log container activities, including user access, to detect any suspicious or unauthorised actions.

On a final note, if starting from the beginning and no security, step one in this article is paramount, using SPOIL as a minimum. Good Luck!


Posted

in

by

×