Docker security 101

•Download as PPTX, PDF•

1 like•60 views

Saiyam Pathak

Slides from my talk on Docker Security 101, in the end, it has github GIST that was used in the live demo.

Engineering

Saiyam Pathak
• Twitter - @saiyampathak
• Blog –
https://medium.com/@saiyampathak
• Docker Bangalore Community Leader
• Rancher and Influx Bangalore
Meetup Organizer
• Influx ACE
• Rancher Trusted Hands member
• Kubernetes Member
• CNCF Ambassador

Why Docker ?
You can get attacked but then you can respawn container
You can get attacked but end up having limited functionality
No more Runs on my machine
Open source
VM are too large to run
Microservices loves containers
Its all in one (developers + ops + security)

Different
security
aspects
Before pulling the image
Pulling the image
Before starting the container
Runtime Security
Docker daemon security
Host VM security
Security patching
Updating docker images

Security Tips
as root or privilegedNever Run
the containersScan
MemoryLimit
CPULimit
RestartLimit
Volume permissionsLimit
capabilities - drop all privileges and add back just the ones you needLimit

More for Demo And tools
• Secrets
• Docker Content trust
• Selinux
• Defang setuid/setgid binaries
• AppArmour
• Clair , peekr for image scanning
• Docker bench overall container scan wrt CIS benchmark
• Dependency checkers – Node security project
• Notary

GITHUB GIST
• https://gist.github.com/saiyam1814/eaa9a7d8e037d168d993e37b80
101391

Recently uploaded

RM&IPR M4.pdfResearch Methodolgy & Intellectual Property Rights Series 4T.D. Shashikala

Introduction to Machine Learning Unit-5 Notes for II-II Mechanical EngineeringC Sai Kiran

Paint shop management system project report.pdfKamal Acharya

Dairy management system project report..pdfKamal Acharya

KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and ClusteringDr. Radhey Shyam

DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDrGurudutt

"United Nations Park" Site Visit Report.MdManikurRahman

KIT-601 Lecture Notes-UNIT-3.pdf Mining Data StreamDr. Radhey Shyam

Digital Signal Processing Lecture notes n.pdfAbrahamGadissa

Research Methodolgy & Intellectual Property Rights Series 2T.D. Shashikala

Natalia Rutkowska - BIM School Course in Krakówbim.edu.pl

RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfKamal Acharya

Construction method of steel structure space frame .pptxwendy cai

Software Engineering - Modelling Concepts + Class Modelling + Building the An...Prakhyath Rai

RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5T.D. Shashikala

KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and VisualizationDr. Radhey Shyam

NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...Amil baba

Supermarket billing system project report..pdfKamal Acharya

Arduino based vehicle speed tracker projectRased Khan

Online book store management system project.pdfKamal Acharya

Recently uploaded (20)

RM&IPR M4.pdfResearch Methodolgy & Intellectual Property Rights Series 4

Introduction to Machine Learning Unit-5 Notes for II-II Mechanical Engineering

Paint shop management system project report.pdf

Dairy management system project report..pdf

KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and Clustering

DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf

"United Nations Park" Site Visit Report.

KIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream

Digital Signal Processing Lecture notes n.pdf

Research Methodolgy & Intellectual Property Rights Series 2

Natalia Rutkowska - BIM School Course in Kraków

RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf

Construction method of steel structure space frame .pptx

Software Engineering - Modelling Concepts + Class Modelling + Building the An...

RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5

KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and Visualization

NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...

Supermarket billing system project report..pdf

Arduino based vehicle speed tracker project

Online book store management system project.pdf

Featured

2024 State of Marketing Report – by HubspotMarius Sescu

Everything You Need To Know About ChatGPTExpeed Software

Product Design Trends in 2024 | Teenage EngineeringsPixeldarts

How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow

AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork

Skeleton Culture CodeSkeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley

Content Methodology: A Best Practices Report (Webinar)contently

How to Prepare For a Successful Job Search for 2024Albert Qian

Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)

Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal

5 Public speaking tips from TED - Visualized summarySpeakerHub

ChatGPT and the Future of Work - Clark Boyd Clark Boyd

Getting into the tech field. what next Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray

How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC

Introduction to Data ScienceChristy Abraham Joy

Time Management & Productivity - Best PracticesVit Horky

The six step guide to practical project managementMindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36

Featured (20)

2024 State of Marketing Report – by Hubspot

Everything You Need To Know About ChatGPT

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Docker security 101

1. Docker Security 101 Saiyam Pathak

2. Saiyam Pathak • Twitter - @saiyampathak • Blog – https://medium.com/@saiyampathak • Docker Bangalore Community Leader • Rancher and Influx Bangalore Meetup Organizer • Influx ACE • Rancher Trusted Hands member • Kubernetes Member • CNCF Ambassador

3. Why Docker ? You can get attacked but then you can respawn container You can get attacked but end up having limited functionality No more Runs on my machine Open source VM are too large to run Microservices loves containers Its all in one (developers + ops + security)

4. Different security aspects Before pulling the image Pulling the image Before starting the container Runtime Security Docker daemon security Host VM security Security patching Updating docker images

5. Security Tips as root or privilegedNever Run the containersScan MemoryLimit CPULimit RestartLimit Volume permissionsLimit capabilities - drop all privileges and add back just the ones you needLimit

6. More for Demo And tools • Secrets • Docker Content trust • Selinux • Defang setuid/setgid binaries • AppArmour • Clair , peekr for image scanning • Docker bench overall container scan wrt CIS benchmark • Dependency checkers – Node security project • Notary

7. GITHUB GIST • https://gist.github.com/saiyam1814/eaa9a7d8e037d168d993e37b80 101391

8. Thank you

Docker security 101

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Docker security 101