One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1091676 |
| Date de publication | 2019-04-08 13:00:00 (vue: 2019-04-10 14:00:54) |
| Titre | Understanding “container security” |
| Texte |
Containers and container security
Do you docker? Without a doubt, containers are one of the hottest concepts in application delivery and security these days. And that’s a very good thing. Containers have tremendous advantages over the way we have done things in the past. But how should containers influence a threat detection and response strategy? Do I need a larger “container security” strategy to get started deploying my apps using container architectures?
The short answer to these questions is “No.” But let’s explore that a bit more.
What is a container?
A container is an evolution of virtualization. Traditionally, virtualization requires entire “guest operating systems” to be deployed on a hypervisor or host operating system. This was an amazing breakthrough as it blew up the traditional relationship between hardware and operating systems, enabling the deployment of different application building blocks in different VMs on the same or different hardware. Thus it created new ways to build and scale applications. This transition changed how we think about compute resources, moving us from “pets” to “cattle”. Yet each VM carried along with it an entire operating system worth of overhead.
Containers fix this problem by virtualizing only the application and all the associated dependencies it has (shared libraries, file systems, etc.), allowing many more containers to ride on a single operating system. This makes them much, much more efficient. They also have the advantage of being portable across operating systems; they are truly platform agnostic.
Docker security and Kubernetes security are simply the most well known
There are many kinds of containers, Docker is only the most popular. In addition to the containers themselves, most deployments benefit from orchestration and management tools. Kubernetes is the most well-known of these, and Swarm and Mesos are others. These tools handle all aspects of the container lifecycle, helping build consistent container images, deploy them into production, monitor their performance, and decommission them when the time comes.
Easier, safer: benefits of containers, as they relate to security
The isolation provided by containers enables us to better scale and modularize our applications into smaller pieces. But what does it do for our security? LOTS! But containers don’t fundamentally change anything we need to do in the threat detection and response area.
Containers make it extremely easy to reduce our attack surface area. In fact, Docker containers use a “Docker file” that defines many things, including what IPs, ports, and protocols the container can use for communication. Because containers are intended to be used for modular workloads, it isn’t difficult to determine what these ports and protocols should be, making it simple to realize the idea of providing only essential access while keeping things simple
Another key security advantage of containers is, of course, the isolation they provide. If the application inside your container falls victim to an attack, the attacker will find themselves in a very restricted area with only a small part of the application code and user data present. In fact, management connectivity via SSH and the like is often unnecessary in containers, making them even harder to access remotely. Of course, lateral movement or privilege escalation may be possible when vulnerabilities are present. But even if containers are compromised, they have huge advantages. Because they are designed to be ephemerial, remediation of an infected container can be as simple as blowing it |
| Envoyé | Oui |
| Condensat | /19/600389666/alienvault > blogs security” understanding “container |
| Tags | |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.