Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security in a container based world

B114ea20c4172d8f92f3ff42a8cf8ea4?s=47 Laura Bell
September 04, 2015

Security in a container based world

Presented at Microsoft Ignite NZ 2015 by Laura Bell

B114ea20c4172d8f92f3ff42a8cf8ea4?s=128

Laura Bell

September 04, 2015
Tweet

Transcript

  1. None
  2. Security in a Container based World Laura Bell (@lady_nerd) M255

  3. None
  4. Modern

  5. caution: fast paced field ahead watch for out of date

    content
  6. here

  7. In this talk Container Fundamentals Some important points that are

    worth refreshing Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
  8. None
  9. !=

  10. None
  11. do not

  12. container implementations vary

  13. https://www.opencontainers.org/

  14. None
  15. Check your privileges

  16. there's no user ID isolation

  17. root-level privileges

  18. as soon as possible

  19. this may be easier said than done

  20. Use trusted sources

  21. a trusted source

  22. prebuilt containers and apps

  23. helps with trust

  24. decide run

  25. Vulnerability Management and Updates

  26. None
  27. system applications services software

  28. None
  29. Isolate your containers

  30. None
  31. (and manage it as such)

  32. essentials only

  33. Defense at every layer

  34. the most likely attack vector

  35. None
  36. Monitoring your environment

  37. like actually, for real, not just when you’re debugging

  38. Virtualization layer Application Components

  39. impact of compromise

  40. Seek assurance

  41. require frequent assessment by someone who understands the tech

  42. None
  43. None
  44. TL;DR Container Fundamentals Some important points that are worth refreshing

    Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
  45. Prevention Check your privilege Principle of least privilege at all

    stages Use trusted sources Not all container images are equal Vulnerability management and updates Prepare for survival and response Isolate your containers Principle of least privilege at all stages Layer your defenses Principle of least privilege at all stages
  46. Detection Monitoring and Logging Log and monitor all layers of

    your deployment architecture Seek Assurance Get appropriate penetration testing of both application and infrastructure components
  47. Container Security Cheat sheet Docker Security Benchmark Tool

  48. Securing Microservice Architectures Thursday 10:40am Find me later at… § 

    Hub Happy Hour Wed 5:30-6:30pm §  Hub Happy Hour Thu 5:30-6:30pm §  Closing drinks Fri 3:00-4:30pm 1 2 3 4 5 6
  49. Subscribe to our fortnightly newsletter http://aka.ms/technetnz http://aka.ms/msdnnz http://aka.ms/ch9nz Free Online

    Learning http://aka.ms/mva Sessions on Demand
  50. None
  51. © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and

    other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.