$30 off During Our Annual Pro Sale. View Details »

Security in a container based world

Laura Bell
September 04, 2015
Technology
0
120

Security in a container based world

Presented at Microsoft Ignite NZ 2015 by Laura Bell

Laura Bell

September 04, 2015
Tweet

More Decks by Laura Bell

See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
160
Hackcon 11 - Protecting our people
ladynerd
0
170
Securing Microservice Architectures
ladynerd
2
330
Better Connected
ladynerd
0
45
Continuous Security
ladynerd
3
910
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.5k
Blindsided by security
ladynerd
0
75
Practical tools for privacy audit
ladynerd
0
98
For the greater good? Open sourcing weaponisable code
ladynerd
1
240

Other Decks in Technology

See All in Technology
從心開始的純軟之路
line_developers_tw
PRO
0
220
プライベートプロダクト戦略 - フロントエンドカンファレンス沖縄 / private_product_frontend
rdlabo
3
2.2k
20年以上続くサービスの 管理画面リプレイスを行いながら 技術的負債と向き合った話
radkmb
0
1.7k
Kotlin製のGraphQLサーバーをNode.jsでモジュラモノリス化している話
hokaccha
1
2k
リアルで価値を発揮するデジタルプロダクトを開発する
aki_iinuma
0
820
APIテスト導入から2年。アジャイルな組織で見えてきたmabl活用の道
bengo4com
0
1.9k
GraphQLクライアントの技術選定 2023冬
kazukihayase
6
2.5k
3つの⽴場で考える技術的負債への組織的アプローチ
sansantech
PRO
14
4.3k
急成長スタートアップにおける技術的負債とトレードオフ・スライダー / Technical Debt and Trade-off Sliders in Fast-Growing Startups
codenote
2
1.8k
新卒エンジニアでも技術的負債に向き合いたい!
smasato
1
1.4k
Snowflake x Terraformに自動テストを導入した話
kddisnowvillage
0
150
GPT APIを使ったテキスト生成コンペ@YANS2023に参加した話
naohachi89
2
300

Featured

See All Featured
Building Your Own Lightsaber
phodgson
97
5.4k
Building an army of robots
kneath
299
41k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.9k
Bash Introduction
62gerente
603
210k
Stop Working from a Prison Cell
hatefulcrawdad
265
18k
Designing for humans not robots
tammielis
246
24k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
113
17k
BBQ
matthewcrist
76
8.5k
Navigating Team Friction
lara
177
13k
Six Lessons from altMBA
skipperchong
18
2.7k
Optimising Largest Contentful Paint
csswizardry
6
2k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
57k

Transcript

  1. View Slide

  2. Security in a Container
    based World
    Laura Bell (@lady_nerd) M255

    View Slide

  3. View Slide

  4. Modern

    View Slide

  5. caution:
    fast paced field ahead
    watch for out of date content

    View Slide

  6. here

    View Slide

  7. In this talk
    Container Fundamentals
    Some important points that are worth refreshing
    Prevention
    Avoid common vulnerabilities and avoid mistakes
    Detection
    Prepare for survival and response

    View Slide

  8. View Slide

  9. !=

    View Slide

  10. View Slide

  11. do not

    View Slide

  12. container implementations vary

    View Slide

  13. https://www.opencontainers.org/

    View Slide

  14. View Slide

  15. Check your privileges

    View Slide

  16. there's no user ID isolation

    View Slide

  17. root-level privileges

    View Slide

  18. as soon as possible

    View Slide

  19. this may be easier said than done

    View Slide

  20. Use trusted sources

    View Slide

  21. a trusted source

    View Slide

  22. prebuilt containers and apps

    View Slide

  23. helps with trust

    View Slide

  24. decide
    run

    View Slide

  25. Vulnerability Management
    and Updates

    View Slide

  26. View Slide

  27. system
    applications
    services
    software

    View Slide

  28. View Slide

  29. Isolate your containers

    View Slide

  30. View Slide

  31. (and manage it as such)

    View Slide

  32. essentials only

    View Slide

  33. Defense at every layer

    View Slide

  34. the most likely attack vector

    View Slide

  35. View Slide

  36. Monitoring your environment

    View Slide

  37. like actually,
    for real,
    not just when you’re debugging

    View Slide

  38. Virtualization layer
    Application
    Components

    View Slide

  39. impact of
    compromise

    View Slide

  40. Seek assurance

    View Slide

  41. require frequent assessment
    by someone who understands the tech

    View Slide

  42. View Slide

  43. View Slide

  44. TL;DR
    Container Fundamentals
    Some important points that are worth refreshing
    Prevention
    Avoid common vulnerabilities and avoid mistakes
    Detection
    Prepare for survival and response

    View Slide

  45. Prevention
    Check your privilege
    Principle of least privilege at all
    stages
    Use trusted sources
    Not all container images are
    equal
    Vulnerability management
    and updates
    Prepare for survival and
    response
    Isolate your containers
    Principle of least privilege at all
    stages
    Layer your defenses
    Principle of least privilege at all
    stages

    View Slide

  46. Detection
    Monitoring and Logging
    Log and monitor all layers of
    your deployment architecture
    Seek Assurance
    Get appropriate penetration
    testing of both application and
    infrastructure components

    View Slide

  47. Container Security Cheat sheet
    Docker Security Benchmark Tool

    View Slide

  48. Securing Microservice
    Architectures
    Thursday 10:40am
    Find me later at…
    §  Hub Happy Hour Wed 5:30-6:30pm
    §  Hub Happy Hour Thu 5:30-6:30pm
    §  Closing drinks Fri 3:00-4:30pm
    1
    2
    3
    4
    5
    6

    View Slide

  49. Subscribe to our fortnightly newsletter
    http://aka.ms/technetnz http://aka.ms/msdnnz
    http://aka.ms/ch9nz
    Free Online
    Learning
    http://aka.ms/mva
    Sessions on Demand

    View Slide

  50. View Slide

  51. © 2015 Microsoft Corporation. All rights reserved.
    Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
    MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

    View Slide