1. Home
  2. Training Library
  3. Containers
  4. Courses
  5. Introduction to Container Security

Summary

Contents

keyboard_tab
Container Security
1
Introduction
PREVIEW2m 18s
4
Summary
5m 12s
Start course
Overview
Difficulty
Intermediate
Duration
25m
Students
56
Ratings
5/5
starstarstarstarstar
Description

This course focuses on container security and provides an introduction to what container security is, the areas that you need to focus on when working with container security, and how it differs from other security services and procedures.

Learning Objectives

  • Recognize and explain the characteristics of container security 
  • Recognize and explain the importance of implementing container security at scale

Intended Audience

This course has been designed for anyone who works with containers or with container services.

Prerequisites

To get the most out of this course, you should be able to recognize and explain the following cloud concepts before starting this course:

  • Container infrastructure and services
  • An understanding of the DevOps methodology
  • Principles of cloud security
  • Security roles and policies
Transcript

Hello and welcome to this final lecture which will summarize the key points made throughout this course.

We started off by looking at the characteristics of container security.  In this lecture I defined a number of different container security points you should focus on, these being:

Build a Secure Base Image:

  • By implementing security when building your base images will help your drive security into the origins of your container pipeline.

  • Use trusted and recognized sources to build your image

  • Use public repositories with caution

  • revisit your base images regularly to ensure they are also updated with the latest patches and fixes

  • Record and recognize vulnerabilities for all of your images within your repositories

  • For each vulnerability detected you should define the impact and severity of the vulnerability.

Hard-coded, unmanaged secrets in images

  • Managing secrets, API keys, and security tokens is challenging due to the dynamic and ephemeral nature of containers.

  • Do not store secrets inside a container image 

  • Providing secrets as an environment variable when running a container is poor security practice. 

  • It’s very easy for secrets to be accidentally leaked through logging

  • Restrict the number of employees who have access to logs 

  • Mount secrets as tmpfs volumes, where they’re accessible to the application as a virtual “file” resident in memory. 

Access Management

  • Can be one of the weakest points of security within Container security

  • Clear processes and procedures need to be defined governing access control

  • Implement role-based access control (RBAC)    

  • Using root credentials makes it difficult to audit actions 

  • If root credentials are compromised, the intruder would have access to carry out privileged actions against your containers

  • Critical directories should only be writable by root

Hardening your Host

  • You should harden every host as it helps to reduce the attack surface in addition to reducing the risk put upon your container runtime.  

  • Restrict and remove unused services and functions from your host 

  • Review the Center for Internet Security benchmarks on host hardening when working with Docker or Kubernetes

  • Ensure that only hardened hosts are used for your container infrastructure.

Lack of real-time visibility and control of the container runtime environment

  • It can be difficult to extract meaningful security or operational activity data from your containers across multiple hosts

  • The host OS is ‘aware’ of the container engine but is not ‘aware’ of which containers are running. 

  • The container engine ‘knows’ which containers are running but is not aware of container activity.

  • Containers are not aware of each other but access OS resources directly. 

  • When running application firewalls or HIPS to monitor the OS, you lack visibility into container activity and monitoring the same host containers’ traffic.

  • Tracking container activity is mandatory for real-time attack detection and disruption.

  • Conduct ongoing container behavioral analysis and control network traffic

  • Create whitelisting policies to automatically detect unauthorized activity 

Containers Complicate Compliance

  • Demonstrating compliance can be a useful means of avoiding and/or reducing fines

  • Demonstrate compliance by blocking vulnerable images from being used. 

  • Withhold these non-compliance images serving to prove that the remediation process was performed. 

I then moved on to looking at implementing security at scale within Containers.  Here I explained that 

  • Controls, procedures, and configurations need to be in place to enable you to have flexible and scalable security to meet the demands put upon your infrastructure

  • Without a scalable security process, your containers will become exposed and vulnerable to threats

  • The rate of change in a container environment makes scalable container security a challenging

  • Establish a method in which you can build scalability into your environment

  • Automation in containerized deployments is the key points of consideration

  • Automation aids to a quicker and more reliable remediation of an incident or alert 

  • The less manual interaction required the more reliable your security process will be

  • Using a playbook of responses to incidents and alerts allows you to standardize a response.  

  • Automatic responses based on the playbook will ensure alerts and threats are dealt with immediately minimizing risk.  

  • Automation focuses on events making it highly scalable with your environment.  

  • Without automation, scaling security will be incredibly hard to do 

  • Additional tools and services play a huge part in your security automation method

That has now brought me to the end of this course looking at an introduction to container security.  You should now have a greater insight into some of the focus points and the need for automation when helping you to scale your security.

If you have any feedback on this course, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com.

Thank you for your time and good luck with your continued learning of cloud computing. Thank you.

About the Author
Avatar
Stuart Scott
AWS Content & Security Lead
Students
140810
Labs
1
Courses
120
Learning Paths
87

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 90+ courses relating to Cloud reaching over 100,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.