Hello and welcome to this final lecture which will summarize the key points made throughout this course.

We started off by looking at the characteristics of container security.  In this lecture I defined a number of different container security points you should focus on, these being:

Build a Secure Base Image:

• By implementing security when building your base images will help your drive security into the origins of your container pipeline.

• Use trusted and recognized sources to build your image

• Use public repositories with caution

• revisit your base images regularly to ensure they are also updated with the latest patches and fixes

• Record and recognize vulnerabilities for all of your images within your repositories

• For each vulnerability detected you should define the impact and severity of the vulnerability.

Hard-coded, unmanaged secrets in images

• Managing secrets, API keys, and security tokens is challenging due to the dynamic and ephemeral nature of containers.

• Do not store secrets inside a container image 

• Providing secrets as an environment variable when running a container is poor security practice. 

• It’s very easy for secrets to be accidentally leaked through logging

• Restrict the number of employees who have access to logs 

• Mount secrets as tmpfs volumes, where they’re accessible to the application as a virtual “file” resident in memory. 

Access Management

• Can be one of the weakest points of security within Container security

• Clear processes and procedures need to be defined governing access control

• Implement role-based access control (RBAC)    

• Using root credentials makes it difficult to audit actions 

• If root credentials are compromised, the intruder would have access to carry out privileged actions against your containers

• Critical directories should only be writable by root

Hardening your Host

• You should harden every host as it helps to reduce the attack surface in addition to reducing the risk put upon your container runtime.  

• Restrict and remove unused services and functions from your host 

• Review the Center for Internet Security benchmarks on host hardening when working with Docker or Kubernetes

• Ensure that only hardened hosts are used for your container infrastructure.

Lack of real-time visibility and control of the container runtime environment

• It can be difficult to extract meaningful security or operational activity data from your containers across multiple hosts

• The host OS is ‘aware’ of the container engine but is not ‘aware’ of which containers are running. 

• The container engine ‘knows’ which containers are running but is not aware of container activity.

• Containers are not aware of each other but access OS resources directly. 

• When running application firewalls or HIPS to monitor the OS, you lack visibility into container activity and monitoring the same host containers’ traffic.

• Tracking container activity is mandatory for real-time attack detection and disruption.

• Conduct ongoing container behavioral analysis and control network traffic

• Create whitelisting policies to automatically detect unauthorized activity 

Containers Complicate Compliance

• Demonstrating compliance can be a useful means of avoiding and/or reducing fines

• Demonstrate compliance by blocking vulnerable images from being used. 

• Withhold these non-compliance images serving to prove that the remediation process was performed. 

I then moved on to looking at implementing security at scale within Containers.  Here I explained that 

• Controls, procedures, and configurations need to be in place to enable you to have flexible and scalable security to meet the demands put upon your infrastructure

• Without a scalable security process, your containers will become exposed and vulnerable to threats

• The rate of change in a container environment makes scalable container security a challenging

• Establish a method in which you can build scalability into your environment

• Automation in containerized deployments is the key points of consideration

• Automation aids to a quicker and more reliable remediation of an incident or alert 

• The less manual interaction required the more reliable your security process will be

• Using a playbook of responses to incidents and alerts allows you to standardize a response.  

• Automatic responses based on the playbook will ensure alerts and threats are dealt with immediately minimizing risk.  

• Automation focuses on events making it highly scalable with your environment.  

• Without automation, scaling security will be incredibly hard to do 

• Additional tools and services play a huge part in your security automation method

That has now brought me to the end of this course looking at an introduction to container security.  You should now have a greater insight into some of the focus points and the need for automation when helping you to scale your security.

If you have any feedback on this course, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com.

Thank you for your time and good luck with your continued learning of cloud computing. Thank you.