Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[DevDay2019] Do you dockerize? Are your containers safe? - By Pham Hong Khanh, Security Engineer at mgm technology partners Vietnam

33 views

Published on

Docker containers are a fast-growing technology that has become hugely popular in the software industry nowadays. It offers amazing benefits but also presents the developer with lots of security challenges. This talk will give you an introduction to Docker as well basic security best practices. But don’t worry, we will also do some live hacking :).

Published in: Technology
  • Be the first to comment

[DevDay2019] Do you dockerize? Are your containers safe? - By Pham Hong Khanh, Security Engineer at mgm technology partners Vietnam

  1. 1. München Aachen Bamberg Berlin Boswil Đà Nẵng Dresden Grenoble Hamburg Köln Leipzig Nürnberg Prag Stuttgart Washington Zug Docker Security Phạm Hồng Khánh Are your containers safe? Do you dockerize?
  2. 2. 08.04.2019 2 Graduated from DUT Web Application Security Engineer at mgm security partners 5 years IP Networking 3 years Infrastructure Operations whoami Phạm Hồng Khánh khanh.hong.pham@mgm-sp.com
  3. 3. 08.04.2019 3 Slow deployment times Huge costs Wasted resources Difficult to scale Difficult to migrate Dark Ages - One Application - One Server
  4. 4. 08.04.2019 4 Benefits One physical machine divided into multiple virtual machines Limitations Resources An entire Guest OS Hypervisor-based Virtualization
  5. 5. 08.04.2019 5 Containers vs. Virtualization lightweight & flexible A docker container is minimal task specific isolated reproducible Docker Overview
  6. 6. 08.04.2019 6 Docker
  7. 7. 08.04.2019 7 Docker
  8. 8. 08.04.2019 8 Let‘s try something! Build, Ship, Run
  9. 9. 08.04.2019 9 HOST RESOURCES CONTAINERS IMAGES REGISTRY
  10. 10. 08.04.2019 10 Dockerfile
  11. 11. 08.04.2019 11 “It doesn‘t matter how many locks are on your door if your window is open“
  12. 12. 08.04.2019 12 Know your threat model and your attack surface!
  13. 13. 08.04.2019 13 HOST RESOURCES CONTAINERS IMAGES REGISTRY Docker Attack Surfaces
  14. 14. 08.04.2019 14 Images are the basis of a docker container, so we just use them all, don‘t we? Docker Image Security IMAGES
  15. 15. 08.04.2019 15 Let‘s try something! Crypto Mining Container
  16. 16. 08.04.2019 16  17 cryptomining containers on Docker Hub  Active for almost a year  Made around $90,000 = 2 Billion VND in Bitcoins Docker Image Security
  17. 17. 08.04.2019 17 Use official repositories as parent images Scan images! Micro Badger Sign images / verify signatures Do not put secrets in images! What can we do to have a safe image?
  18. 18. 08.04.2019 18 Private Registry Security Cheap, under your control You have to think about everything yourself! Hosted AWS or Google or DockerHub More features Privacy! Costs! A secure Docker Registry REGISTRY
  19. 19. 08.04.2019 19 Secure defaults Docker Container Security Can be more robust CONTAINERS
  20. 20. 08.04.2019 20 Let‘s try something! Privileged Container
  21. 21. 08.04.2019 21 Best Practices Least Privilege! Do not use --privileged Docker runs as root by default! docker run --user 1001 <img> Use security policies! Seccomp (default profile) AppArmour, SELinux Limit resources! What can we do to have a safe container? docker run -it --memory=2G --memory-swap=1G ubuntu bash
  22. 22. 08.04.2019 22 Docker is only as secure as the underlying host! Best Practices Make sure your system is patched and monitored! Use minimal systems designed for this purpose as base system Docker itself should be configured securely Docker Host Security HOST
  23. 23. 08.04.2019 23 https://github.com/docker/docker-bench-security Docker Bench Security
  24. 24. 08.04.2019 24  Know your attack surface!  Docker: okay by default  Solution: Harden your Containers! Test and audit regularly Keep everything up to date Tips: “How to be safe“! HOST CONTAINERS REGISTRY IMAGES
  25. 25. 08.04.2019 25 Interested in Security?
  26. 26. 08.04.2019 26 Thank you! Questions?
  27. 27. 08.04.2019 27 Innovation Implemented. mgm technology partners Vietnam 07 Phan Chau Trinh, Đà Nẵng Tel.: +49 (89) 35 86 80-0 Fax: +49 (89) 35 86 80-288 www.mgm-tp.com PragMünchen Berlin Hamburg Köln NürnbergGrenoble LeipzigDresdenBamberg ZugĐà NẵngAachen WashingtonStuttgart

×