Security in a container based world

Transcript

1. None

2. Security in a Container based World Laura Bell (@lady_nerd) M255

3. None

4. Modern

5. caution: fast paced field ahead watch for out of date

   content

6. here

7. In this talk Container Fundamentals Some important points that are

   worth refreshing Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
8. None

9. !=

10. None

11. do not

12. container implementations vary

13. https://www.opencontainers.org/

14. None

15. Check your privileges

16. there's no user ID isolation

17. root-level privileges

18. as soon as possible

19. this may be easier said than done

20. Use trusted sources

21. a trusted source

22. prebuilt containers and apps

23. helps with trust

24. decide run

25. Vulnerability Management and Updates

26. None

27. system applications services software

28. None

29. Isolate your containers

30. None

31. (and manage it as such)

32. essentials only

33. Defense at every layer

34. the most likely attack vector

35. None

36. Monitoring your environment

37. like actually, for real, not just when you’re debugging

38. Virtualization layer Application Components

39. impact of compromise

40. Seek assurance

41. require frequent assessment by someone who understands the tech

42. None
43. None

44. TL;DR Container Fundamentals Some important points that are worth refreshing

    Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response

45. Prevention Check your privilege Principle of least privilege at all

    stages Use trusted sources Not all container images are equal Vulnerability management and updates Prepare for survival and response Isolate your containers Principle of least privilege at all stages Layer your defenses Principle of least privilege at all stages

46. Detection Monitoring and Logging Log and monitor all layers of

    your deployment architecture Seek Assurance Get appropriate penetration testing of both application and infrastructure components

47. Container Security Cheat sheet Docker Security Benchmark Tool

48. Securing Microservice Architectures Thursday 10:40am Find me later at… § 

    Hub Happy Hour Wed 5:30-6:30pm §  Hub Happy Hour Thu 5:30-6:30pm §  Closing drinks Fri 3:00-4:30pm 1 2 3 4 5 6

49. Subscribe to our fortnightly newsletter http://aka.ms/technetnz http://aka.ms/msdnnz http://aka.ms/ch9nz Free Online

    Learning http://aka.ms/mva Sessions on Demand
50. None

51. © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and

    other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.