This document discusses security considerations for Docker containers. It covers three main aspects: securing the platform/infrastructure by hardening the Docker engine and hosts; securing container content through image management, content trust, and secrets management; and securing access and operations through authentication, authorization, access control, auditing, and multi-tenancy. While containers provide isolation and security benefits, the document emphasizes that containers must still follow security best practices to prevent compromise, especially as container usage evolves from individual services to larger applications.
Mit Urs Stephan Alder (CEO Kybernetika), Michael Abmayer (Senior Consultant Opvizor) und Dennis Zimmer (CEO Opvizor) präsentierten gleich 3 hochkarätige Referenten an der vergangenen VMware@Night bei Digicomp. Sie zeigten zusammen auf, welche Auswirkungen Container in der Virtualisierung auf den täglichen Betrieb sowie die Performance- und Kapazitätsplanung haben.
Vor allem Docker ist derzeit in aller Munde und die bekannteste und meist genutzte Container-Technologie. Container werden vielfach in virtuellen Maschinen betrieben und stellen eine neue Herausforderung für VMware- Administratoren, aber auch IT-Manager dar. Gewährleistung und Überwachung der Performance sowie eine möglichst genaue Kapazitätsplanung sind Herausforderungen, denen man sich zügig stellen muss.
Nach einer kurzen Einführung in die Thematik der Container, in der auch die Unterschiede zur Virtualisierung aufgezeigt wurde, widmeten sich die Referenten dem Umgang mit Conteinern am Beispiel von Docker mit VMware vSphere. Zum Abschluss wurde die Performanceüberwachung und Kapazitätsplanung behandelt.
Containers vs. VMs: It's All About the Apps!Steve Wilson
There has been much hype about whether Containers will replace Virtual Machines for use in Cloud architectures. We’ll look at the strengths of each technology and how they apply in real-world usage. By taking a top-down (Application-first) approach to requirements analysis, versus a bottoms-up (Infrastructure-first) approach, we can see how unique architectures will emerge that can balance the needs of Developers, DevOps and corporate IT.
Dockerized containers are the current wave that promising to revolutionize IT. Everybody is talking about containers, but a lot of people remain confused on how they work and why they are different or better than virtual machines. In this session, Black Duck container and virtualization expert Tim Mackey will demystify containers, explain their core concepts, and compare and contrast them with the virtual machine architectures that have been the staple of IT for the last decade.
Just as the roles of CIOs and CTOs have needed to rapidly evolve along with the pace of technology, it is now becoming critically important for lawyers to understand emerging software security challenges.
Mit Urs Stephan Alder (CEO Kybernetika), Michael Abmayer (Senior Consultant Opvizor) und Dennis Zimmer (CEO Opvizor) präsentierten gleich 3 hochkarätige Referenten an der vergangenen VMware@Night bei Digicomp. Sie zeigten zusammen auf, welche Auswirkungen Container in der Virtualisierung auf den täglichen Betrieb sowie die Performance- und Kapazitätsplanung haben.
Vor allem Docker ist derzeit in aller Munde und die bekannteste und meist genutzte Container-Technologie. Container werden vielfach in virtuellen Maschinen betrieben und stellen eine neue Herausforderung für VMware- Administratoren, aber auch IT-Manager dar. Gewährleistung und Überwachung der Performance sowie eine möglichst genaue Kapazitätsplanung sind Herausforderungen, denen man sich zügig stellen muss.
Nach einer kurzen Einführung in die Thematik der Container, in der auch die Unterschiede zur Virtualisierung aufgezeigt wurde, widmeten sich die Referenten dem Umgang mit Conteinern am Beispiel von Docker mit VMware vSphere. Zum Abschluss wurde die Performanceüberwachung und Kapazitätsplanung behandelt.
Containers vs. VMs: It's All About the Apps!Steve Wilson
There has been much hype about whether Containers will replace Virtual Machines for use in Cloud architectures. We’ll look at the strengths of each technology and how they apply in real-world usage. By taking a top-down (Application-first) approach to requirements analysis, versus a bottoms-up (Infrastructure-first) approach, we can see how unique architectures will emerge that can balance the needs of Developers, DevOps and corporate IT.
Dockerized containers are the current wave that promising to revolutionize IT. Everybody is talking about containers, but a lot of people remain confused on how they work and why they are different or better than virtual machines. In this session, Black Duck container and virtualization expert Tim Mackey will demystify containers, explain their core concepts, and compare and contrast them with the virtual machine architectures that have been the staple of IT for the last decade.
Just as the roles of CIOs and CTOs have needed to rapidly evolve along with the pace of technology, it is now becoming critically important for lawyers to understand emerging software security challenges.
Recording here: https://www.youtube.com/watch?v=5W4n9K3PIVg
Since Docker was open sourced in 2013, the community and adoption around Docker containers has grown to over 6 billion downloads and over 1000 contributors. Learn about why this is, and why you should start using containers for your own applications.
An In-depth look at application containersJohn Kinsella
Slides for a talk I gave to the NIST cloud security working group on the state of container security.
Due to this being a NIST talk, it's without branding or vendor mentions, where possible.
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!
** Edureka DevOps Training : https://www.edureka.co/devops **
This Edureka Video on Docker vs VM (Virtual Machine) video compares the Major Differences between Docker and VM. Below are the topics covered in the video:
1. What is Virtual Machine?
2. Benefits of Virtual Machine
3. What are Docker Containers
4. Benefits of Docker Containers
5. Docker vs VM – Main Differences
6. Use Case
Check our complete DevOps playlist here (includes all the videos mentioned in the video): http://goo.gl/O2vo13
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This "mini" version of my CSA Congress talk about building a secure cloud was given at the San Francisco Cloud Security Meetup in November, 2011.
I got some great feedback while giving this talk, and will be applying it to an updated version of this deck which will be released during the CSA Congress, November 15th and 16th 2011.
Presentation on Pesantren Kilat Code Security
Tangerang, 2016-06-06
We talk about docker. What it is? Why it matters? and how it can benefit us?
This presentation is an introduction and delivered to local meetup in Indonesia.
As Docker containers become the new standard, learn about what's catapulting them to the head of the pack and how to best protect their assets now and later with the help of Unitrends.
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
How to continuously improve security in software development and software operations by proactive collaboration, robust processes and readily available tooling to make sure the "paved path" (the path of least resistance) for developers is the correct/secure/supported path.
Talk held at the Security Chat on Mar 25th 2019 in Zürich, Switzerland
Containers - Transforming the data centre as we know it 2016Keith Lynch
These innovative technologies are at the heart of the microservices and DevOps revolution currently sweeping through the IT industry. They are fuelling digital transformation and accelerating cloud adoption. They're helping organisations develop infrastructure agnostic applications that can be deployed anywhere i.e. Bare Metal, Virtualised Data Centres, Private and Public Cloud. They’re helping organisations to significantly reduce infrastructure costs and accelerating agile application delivery by automating application deployments and operational management. After this talk you’ll know what these open source technologies and open standards are, what they mean to you and your organisation and where you can go to try them out.
Evolving to serverless
How the applications are transforming
A note on CI/CD
Architecture of Docker
Setting up a docker environment
Deep dive into DockerFile and containers
Tagging and publishing an image to docker hub
A glimpse from session one
Services: scale our application and enable load-balancing
Swarm: Deploying application onto a cluster, running it on multiple machines
Stack: A stack is a group of interrelated services that share dependencies, and can be orchestrated and scaled together.
Deploy your app: Compose file works just as well in production as it does on your machine.
Extras: Containers and VMs together
Docker - A high level introduction to dockers and containersDr Ganesh Iyer
A high level introduction to Dockers and Containers. Many of the slides are not mine.I used the slides I got from Internet and prepared the rest of the slides based on my understand form various blogs and other google info.
SUSECon 2015 Session CAS20148 covering Docker use cases, business use cases, and what environments and applications are most appropriate for containers.
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Recording here: https://www.youtube.com/watch?v=5W4n9K3PIVg
Since Docker was open sourced in 2013, the community and adoption around Docker containers has grown to over 6 billion downloads and over 1000 contributors. Learn about why this is, and why you should start using containers for your own applications.
An In-depth look at application containersJohn Kinsella
Slides for a talk I gave to the NIST cloud security working group on the state of container security.
Due to this being a NIST talk, it's without branding or vendor mentions, where possible.
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!
** Edureka DevOps Training : https://www.edureka.co/devops **
This Edureka Video on Docker vs VM (Virtual Machine) video compares the Major Differences between Docker and VM. Below are the topics covered in the video:
1. What is Virtual Machine?
2. Benefits of Virtual Machine
3. What are Docker Containers
4. Benefits of Docker Containers
5. Docker vs VM – Main Differences
6. Use Case
Check our complete DevOps playlist here (includes all the videos mentioned in the video): http://goo.gl/O2vo13
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This "mini" version of my CSA Congress talk about building a secure cloud was given at the San Francisco Cloud Security Meetup in November, 2011.
I got some great feedback while giving this talk, and will be applying it to an updated version of this deck which will be released during the CSA Congress, November 15th and 16th 2011.
Presentation on Pesantren Kilat Code Security
Tangerang, 2016-06-06
We talk about docker. What it is? Why it matters? and how it can benefit us?
This presentation is an introduction and delivered to local meetup in Indonesia.
As Docker containers become the new standard, learn about what's catapulting them to the head of the pack and how to best protect their assets now and later with the help of Unitrends.
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
How to continuously improve security in software development and software operations by proactive collaboration, robust processes and readily available tooling to make sure the "paved path" (the path of least resistance) for developers is the correct/secure/supported path.
Talk held at the Security Chat on Mar 25th 2019 in Zürich, Switzerland
Containers - Transforming the data centre as we know it 2016Keith Lynch
These innovative technologies are at the heart of the microservices and DevOps revolution currently sweeping through the IT industry. They are fuelling digital transformation and accelerating cloud adoption. They're helping organisations develop infrastructure agnostic applications that can be deployed anywhere i.e. Bare Metal, Virtualised Data Centres, Private and Public Cloud. They’re helping organisations to significantly reduce infrastructure costs and accelerating agile application delivery by automating application deployments and operational management. After this talk you’ll know what these open source technologies and open standards are, what they mean to you and your organisation and where you can go to try them out.
Evolving to serverless
How the applications are transforming
A note on CI/CD
Architecture of Docker
Setting up a docker environment
Deep dive into DockerFile and containers
Tagging and publishing an image to docker hub
A glimpse from session one
Services: scale our application and enable load-balancing
Swarm: Deploying application onto a cluster, running it on multiple machines
Stack: A stack is a group of interrelated services that share dependencies, and can be orchestrated and scaled together.
Deploy your app: Compose file works just as well in production as it does on your machine.
Extras: Containers and VMs together
Docker - A high level introduction to dockers and containersDr Ganesh Iyer
A high level introduction to Dockers and Containers. Many of the slides are not mine.I used the slides I got from Internet and prepared the rest of the slides based on my understand form various blogs and other google info.
SUSECon 2015 Session CAS20148 covering Docker use cases, business use cases, and what environments and applications are most appropriate for containers.
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Are Your Containers as Secure as You Think?DevOps.com
With the growing popularity of Container technology comes the growth of container-based attacks – but understanding your security needs will keep you ahead of the game.
Container adoption is skyrocketing, growing 40% in the last year. And it makes sense – the agility, operational efficiencies and cost savings of containerized environments are huge benefits. But as more organizations rush to leverage containers, security is increasingly becoming a major concern and is the top roadblock to container deployment. What do you need to know (and do) to keep your container environments safe?
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
Why should developers care about container security?Eric Smalling
Slides from my talk at SF Bay Cloud Native Containers Meetup Feb 2022 and SnykLive Stranger Danger on April 27, 2022.
https://www.meetup.com/cloudnativecontainers/events/283721735/
In the last few years, the popularity of DevSecOps and rich cloud services have been driving the adoption of containers in the software industry. Container architectures become increasingly complex, and organizations cannot escape using them. At the same time, attackers are finding new ways of exploiting containers and container architectures.
Are you still new to containerization and infrastructure as code? Do you feel that your knowledge of application security suddenly doesn’t apply to the way applications are built and deployed using containers? Do you get lost in the IaC and container terminology soup? If so, this talk will help clear things up and answer your questions.
We start with an introduction into container technologies, briefly go through the key terminology, explain the value that containers bring today, and why they are so popular. Then we will talk about the challenges that DevSecOps engineers have when using contains and the security aspects that they face. This presentation includes descriptions of common container threats and real-world examples of recent attacks. These threats will guide our discussion of the typical vulnerabilities and attack vectors. We will touch on well-known standards and resources for container security, such as OWASP Docker Top 10 project, Container Security Verification Standard, NIST Application Container Security Guide, and CIS Benchmarks. And we conclude with guidelines on how to secure containers and listing best practices that most organizations follow today.
Why Should Developers Care About Container Security?All Things Open
Presenting at All Things Open 2022
Presented by Eric Smalling
Title: Why Should Developers Care About Container Security?
Abstract: Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don’t have an appsec background to fully understand why they are important.
In this session, we will:
- go over several of the most common practices to best containerize applications
- show examples of how your application can be exploited in a container
- and most importantly, how to easily spot issues and fix your Dockerfiles and deployment manifests before you commit your code
Contain your risk: Deploy secure containers with trust and confidenceBlack Duck by Synopsys
Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck
Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption.
The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.
In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn:
• Why container environments present new application security challenges, including those posed by ever-increasing open source use.
• How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities.
• Best practices and methodologies for deploying secure containers with trust and confidence.
The continued adoption of containers for deployments has introduced a new path for security issues. In this talk, we will cover the most common areas of vulnerabilities, the challenges in securing your containers, some good practices to help overcome these issues and how to run container security scanning as part of your deployment pipeline.
Python Web Conference 2022 - Why should devs care about container security.pdfEric Smalling
https://2022.pythonwebconf.com/presentations/why-should-developers-care-about-container-security
Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don't have an appsec background to fully understand why they are important.
In this session, we will:
go over several of the most common practices to best containerize Python applications
show examples of how your application can be exploited in a container
and most importantly, how to easily spot issues and fix your Dockerfiles and deployment manifests before you commit your code
Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17.
To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.
Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:
1. Network security
2. Access control
3. Tamper management and trust
4. Denial of service and SLAs
5. Vulnerabilities
Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.
Watch the webinar on BrightTalk: http://bit.ly/2bpdswg
In the last few years, the popularity of DevSecOps and rich cloud services have been driving the adoption of containers in the software industry. Container architectures become increasingly complex, and organizations cannot escape using them. At the same time, attackers are finding new ways of exploiting containers and container architectures.
Are you still new to containerization and infrastructure as code? Do you feel that your knowledge of application security suddenly doesn’t apply to the way applications are built and deployed using containers? Do you get lost in the IaC and container terminology soup? If so, this talk will help clear things up and answer your questions.
We start with an introduction into container technologies, briefly go through the key terminology, explain the value that containers bring today, and why they are so popular. Then we will talk about the challenges that DevSecOps engineers have when using contains and the security aspects that they face. This presentation includes descriptions of common container threats and real-world examples of recent attacks. These threats will guide our discussion of the typical vulnerabilities and attack vectors. We will touch on well-known standards and resources for container security, such as OWASP Docker Top 10 project, Container Security Verification Standard, NIST Application Container Security Guide, and CIS Benchmarks. And we conclude with guidelines on how to secure containers and listing best practices that most organizations follow today.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Docker Containers Security
1. Security in the Container World
Stéphane Woillez
Technical Lead South Europe
Docker Inc.
2. From basic security to end to end secured operations….
• Different aspects of containers security
• Container ARE secure
• There are containers and containers
• Secure the infrastructure
• Secure the content
• Secure the access
Containers are Polymorphic entities that require a combined security approach
2
3. The security of Docker environments covers 3 aspects
+ +
Secure
Platform
Secure
Content
Secure
Access
Strong isolation and
secure by default
Authentication,
authorization and
access control
Content integrity and
trust
• Does not hinder speed or creativity
• Accelerate secure development
For Developers For IT ops
• Flexible and granular controls
• Proactive risk management
A secure platform, running secured content, managed with security constraints
5. State of the union : Containers are secure !
• Isolation of containers with NameSpaces
• Resource Usage Limits with CGroups
• Admin rights control with LibCap
• Kernel protection with AppArmor,
SELinux or Seccomp
• Prevent Compromising with immutable
image layers
• Limit attack surface with Images built best
practices
Readonly
Readonly
Readonly
Install only the required libraries in images
Even the more secured environment, if poorly managed, can be compromised
5
6. Containers are polymorphic entities
(micro)Service
Container
Virtual Machine
Container
The container hosts a few
number of processes
It executes a single task,
in general a simple one
It is one element of a
larger application
The container runs a large
number of processes
It executes a complex
activity
It is a whole application
7. Different behaviors need different management approaches
Type of Container Service Virtual Machine
Content Few processes A whole application
Size Few mega bytes Hundreds of mega bytes, even giga bytes
Lifespan Short, sometimes a few milliseconds Days / Weeks / Months
Patchs Never On a regular basis (by stop/start)
Storage None Regular (via volumes)
Monitoring Service availability (not the container) Regular
Access Never Regular for control, debug…
Backup Never Application Data
Security BEFORE execution Regular via Antimalware & Intrusion Detection
9. Security of the Engine
• Install & configure kernel protection using
AppArmor, SELinux or Seccomp
• Prevent root access to clusters, to ensure no one
can disable protection
• Limit the installed packages on host to reduce risk
• Use a tool like DockerBench for Security to assess
and fix the configuration of hosts
• On clusters, configure certificates rotation for TLS
sessions
Configure, control, and test…
9
10. Detection of intrusions and abnormal activities
• Very early stage. Attacks adapted to containers still
to be developed. Risk low for Micro Services Apps
• The security approach depends on the type of
containers managed
• For « Virtual Machines » containers
o Well, everything works like in VMs
o Host based Intrusion detection
o Anti malware
• For « Services » containers
o Containers may live for only milliseconds
o Vulnerability assessment BEFORE execution
What the hell are you doing inside my Docker cluster ?
10
11. What Docker brings to secure the infrastructure
• Cryptographic node identity
• Out of the box TLS
• Integrated Seamless PKI
• Automatic certificates rotation
• External CA integration
• Integration with 3rd party vendors
Manager Node
Certificate
Authority
TLS
Manager Node
Certificate
Authority
TLS
Manager Node
Certificate
Authority
TLS
Worker
TLS
Worker
TLS
Worker
TLS
13. Image Management
• Hub Images or my private images ?
o Allow developers to use hub images locally
o Deny uncontrolled images on clusters
• Build your own base images
o Tar the content of a chroot dir and use “scratch”
o Look for examples in the Docker Hub
• Reduce the size of images layers using multi
stage builds
• Tagging
o LATEST is your enemy in production
o Favor major versions, update using minors
o Some use extra tags like DEV,INTEGRATION...
FROM scratch
ADD <chroot_dir or tar file> /
CMD ["/bin/bash"]
Docker HUB Trusted Registry
Image quality is key to many aspects of Docker : security, efficiency, shareability…
13
14. Content trust : Run only trusted images
• Clusters should only run trusted images
• Images should pass security validation before been
granted for production
• Digital signing of images ensure trust. Engines do
not create containers from unsigned images
• Sophisticated signing policies can be used for
different purposes :
o Implement a validation chain
o Ensure all security tests have been applied
o Involve the responsibility of image providers
Don’t open the Pandora’s box, unless you know exactly what it contains
14
15. • Management
– Separation between the application
and the secrets it handles
– Exposed to a container at execution
time
• Authorization
– Not all admins should access secrets
• Delivery
– Encryption at every step of the
process
– Protection from unauthorized access
• Auditing
– Each user request for secret access
must be logged for auditing
WorkerWorker
Manager
Internal DistributedStore
Raft Consensus Group
ManagerManager
Worker
External
App
Web UI
Secrets Management for Applications
Separate applications secrets from the actual code of the application
16. What Docker brings to secure the content
• Private Registries
• Content trust
• Image Signing
• Image Scanning
• Read Only repositories
• Secrets Management
tag =
“latest”
personal/hello-world dev/hello-world
No ‘critical’ or ‘major’
vulnerabilities
qa/hello-world
18. Authentication and Access Control
• Basic Security
– Access the Docker cluster without ROOT
privileges
– Secure every administration channel
• Authentication
– Manage users by groups and organizations
– Delegate authentication to external directory
• Access Control
– Map Docker Admin roles to existing roles
– Admins only see what they are entitled to
• Auditing
– Each Admin action must be logged for
auditing
Node
Worker
Node
Worker
Node
Worker
Node
Worker
ProdDev
Dev Team A Dev Team B SecOpsOps Team
PHI
19. Multi tenancy
• Do not mix up platform multi tenancy and application
multi tenancy
• Two main usage of Multi Tenancy :
o Isolate users/apps from others
o Protect environments from unauthorized users
▪ Production vs Other environments
• Several combined technics allows multi tenancy :
o Authentication (not only for users)
o Role based access control
o Isolation of compute resources (pros & cons)
o Resource usage limits (ensure they are set)
Ensure & control good relationship between neighbors
19
20. What Docker brings to secure the operations
• Authentication
• Integration with AD/LDAP
• Access Control
• Role Segregation
• Advanced Customization
• Multi Tenancy
22. Conclusion
• Containers are secure
• 3+ years of experience in production
• Like any other environment, security best
practices are required
• New technologies means new approaches
to security (VM vs Services)
22