August 31, 2018 at 5:55 pm #169135Haydn JohnsonParticipant
Containers are like BYOD (Bring Your Own Device). They are infiltrating our ranks, and InfoSec professionals’ gut reaction is to hesitate in including[See the full article at: Container Security Part 2 – Benchmarks to the Rescue]
- This topic was modified 1 year, 2 months ago by Don Donzal.
August 31, 2018 at 11:03 pm #169139
Hi Haydn, Thanks for the article.
Your article gave me a great chance to consider containers, and I am always glad to learn.
I must say that I was thrown a little bit by your BYOD bring your own device reference. Bring your own device expands the attack surface. The purpose of containers is to limit the attack surface through restricting interactions between applications. This happens by maintaining application resources within the container.
In that sense a container is like an application programming interface (API) but instead of limiting an applications access to the kernel, it is limiting access to the application by other applications. Of course the Cloud plays a big role in all of this. Containers are essentially modularity in the cloud.
Another analogy is virtual machines, but instead of segmenting up to an entire network, containers are a lightweight version that isolates and secures applications that then can be utilized on existing systems virtual or not.
I was glad to see that you included some of the challenges of hardening containers. There is a consistent tension between security and functionality, and functionality will win as long as it drives profits. Even though a container is modular in concept, an application still needs to interact with other resources to get the job done, and that will always include the introduction of vulnerabilities.
- This reply was modified 1 year, 2 months ago by MTGreen.
September 1, 2018 at 1:24 am #169141
I just read an interesting write up on a Docker for windows hack. The vulnerability was associated with third party access and the availability to join user groups. I think it is an interesting read. The third parties were not following best practices (only allow trusted users to control Docker Damon). The post is here https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
September 4, 2018 at 9:52 am #169147Don DonzalKeymaster
I took his analogy with BYOD to be more of a big picture comparison in that containers (like BYOD) are springing up and better to get ahead of it rather than ignore it until it gets into the realm of rogue activity. So instead of just complaining about those darned users, figure out how to best incorporate them into your environment and remain under your control.
He also made the comparison to VMs in the first article. But IMHO this also goes along with the BYOD analogy. Some containers hold minimal stuff while others can be an entire operating env with access to internal networks. They can also be spun up by individuals for their own purposes or groups/departments for dev work. One never knows what any of these ‘devices’ have or can do whether it be phones, tablets or containers.
September 5, 2018 at 9:37 am #169148
Good points, of course. It seems that containers are more about provisioning and functionality then anything else (Security). Early entry of security considerations will make products more viable in the long term. I read that containers can be distinguished from VMs in that VMs rely upon their own kernel, while containers rely upon the hardwired kernel. This gives less overhead to the container, and makes them easier to spin up, but it actually expands the attack surface because it is another avenue into the user’s kernel in the hardwired machine.
You must be logged in to reply to this topic.