Open in app

Sign in

Write

Sign in

Tips for Improving Your Docker Security Practices

Ronan
techburst
Published in
3 min readJan 9, 2018

Container technology is a hot topic in development at present, largely thanks to the Docker platform and how it simplifies containerization. The next expected leap beyond experimenting with Docker containers will be increasing numbers of organizations actually deploying them in production to take advantage of their many benefits.

With a transition towards deploying more containerized applications and microservices in production, Docker security becomes increasingly important. Cyber criminals will evolve and look to exploit any Docker vulnerabilities they find, making Docker security imperative for enterprises to guard their data and their mission-critical apps.

A 2016 container security incident occurred when a security researcher gained access to the entire source code for the Vine video hosting service using a simple Docker container (more details). It transpired that the Vine container registry was left public, giving access to anyone who knew its URL (or, in this case, guessed the correct URL).

The Vine incident highlights the importance of following Docker security best practices. It turns out that major security exploits have more to do with how Docker is used than the inherent security of the platform. With this in mind, let’s now run through some tips for securing your Docker containers. Before you begin reading, take a look at this interesting list of Docker security best practices by Aquasec.

Verify Images Before Using Them

With Docker, developers have the freedom to pull base images from different image repositories when building containerized applications. Potential security issues can arise when developers use untrusted images that may have been tampered with.

It’s imperative, therefore, to verify image authenticity, which you can do by:

  • Using base images from official trusted repositories such as those found in Docker Hub
  • Getting images which have been digitally signed using Docker Content trust, which is a service that protects against image forgery

Vulnerability Management

Ensure your enterprise has a robust vulnerability management program in place with multiple checks throughout the container lifecycle. This establishes so-called quality gates, which act to detect issues with access controls or other weaknesses with the potential for exploits between development, testing, staging, and production environments. Vulnerability management should include checking the authenticity of images at each quality gate.

Enforce Runtime Security

The runtime is the Docker platform, which uses OS kernel features such as namespaces to isolate processes and run containers. It’s important to implement a policy of least privileges for Docker containers, meaning they should get the minimum set of access rights and resources to do what you want them to do.

Monitor Container Activity

A best practice that is as relevant in container security as any other IT environment, it’s important to monitor the container ecosystem for any suspicious activity. Real-time container monitoring software provides the means to react fast to any security compromises.

Leverage Machine Learning

Machine learning refers to the of ability of computers to act without being explicitly programmed, and it’s an exciting field with the potential to boost container security.

Some container security tools, for example, implement machine learning meaning they understand legitimate container behavior based on the context of the application. Machine learning allows for a more tailored approach to container security.

Configure Docker control Groups

Another tool Docker uses to run containers is control groups, or cgroups. It’s important to configure control groups appropriately, setting limits on the resources each container can use. The idea here is to mitigate the threat of container-based DDoS attacks. Nano-segmentation can also prevent containers from accessing resources beyond what they need to run.

Closing Thoughts

Docker security and security in the wider context of containers look set to become the next big talking points in container technology as more enterprises deploy containers in production.

By following these best practices you’ll go a long way towards ensuring your applications and data are not compromised when running containers.

Docker
Containers
Application Security
Virtualization
Microservices

--

--

Ronan
techburst

Written by Ronan

277 Followers
Writer for

Ronan writes about technical IT topics, including cybersecurity, software development, and cloud computing. Visit: http://ronanthewriter.com/blog/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams