Rating: 0 out of 5 stars
0 ratings
Ebook229 pages1 hour
Securing Docker
Rating: 0 out of 5 stars
()
About this ebook
Learn how to secure your Docker environment and keep your environments secure irrespective of the threats out there
About This Book- Gain confidence in using Docker for containerization without compromising on security
- This book covers different techniques to help you develop your container security skills
- It is loaded with practical examples and real-world scenarios to secure your container-based applications
This book is for developers who wish to use Docker as their testing platform as well as security professionals who are interested in securing Docker containers. You must be familiar with the basics of Docker.
What You Will Learn- Find out how to secure your Docker hosts and nodes
- Secure your Docker components
- Explore different security measures/methods for Linux kernels
- Install and run the Docker Bench security application
- Monitor and report security issues
- Familiarize yourself with third-party tools such as Traffic Authorization, Summon, sVirt, and SELinux to secure your Docker environment
With the rising integration and adoption of Docker containers, there is a growing need to ensure their security.
The purpose of this book is to provide techniques and enhance your skills to secure Docker containers easily and efficiently. The book starts by sharing the techniques to configure Docker components securely and explore the different security measures/methods one can use to secure the kernel.
Furthermore, we will cover the best practices to report Docker security findings and will show you how you can safely report any security findings you come across. Toward the end, we list the internal and third-party tools that can help you immunize your Docker environment.
By the end of this book, you will have a complete understanding of Docker security so you are able to protect your container-based applications.
Style and approachThis book is your one-stop solution to resolve all your Docker security concerns. It will familiarize you with techniques to safeguard your applications that run on Docker containers.
Related to Securing Docker
Related ebooks
Implementing DevSecOps with Docker and Kubernetes: An Experiential Guide to Operate in the DevOps Environment for Securing and Monitoring Container Applications DevOps and Containers Security: Security and Monitoring in Docker Containers Rating: 0 out of 5 stars0 ratingsDocker High Performance Rating: 0 out of 5 stars0 ratingsExtending Docker Rating: 0 out of 5 stars0 ratingsBeginning DevOps with Docker: Automate the deployment of your environment with the power of the Docker toolchain Rating: 0 out of 5 stars0 ratingsDeveloping with Docker Rating: 0 out of 5 stars0 ratingsDocker: Up and Running: Build and deploy containerized web apps with Docker and Kubernetes (English Edition) Rating: 0 out of 5 stars0 ratingsDocker Essentials: Simplifying Containerization: A Beginner's Guide Rating: 0 out of 5 stars0 ratingsPuppet for Containerization Rating: 0 out of 5 stars0 ratingsDocker Deep Dive.: Zero to Docker in a Single Book Rating: 0 out of 5 stars0 ratingsLearning Docker Rating: 5 out of 5 stars5/5Docker High Performance: Complete your Docker journey by optimizing your application's work?ows and performance, 2nd Edition Rating: 0 out of 5 stars0 ratingsDocker for Serverless Applications: Containerize and orchestrate functions using OpenFaas, OpenWhisk, and Fn Rating: 0 out of 5 stars0 ratingsPractical Docker with Python: Build, Release and Distribute your Python App with Docker Rating: 0 out of 5 stars0 ratingsMastering Docker: Unlock new opportunities using Docker's most advanced features, 3rd Edition Rating: 0 out of 5 stars0 ratingsDocker, Containers And All The Rest: First Edition, #1 Rating: 0 out of 5 stars0 ratingsLearning Docker Networking Rating: 0 out of 5 stars0 ratingsThe Ultimate Docker Container Book: Build, test, ship, and run containers with Docker and Kubernetes Rating: 0 out of 5 stars0 ratingsUltimate Docker for Cloud Native Applications Rating: 0 out of 5 stars0 ratingsNative Docker Clustering with Swarm: Create and manage clusters of any size Rating: 0 out of 5 stars0 ratingsDocker pour Débutants:Guide Pratique et Maîtrise de la Conteneurisation Rating: 0 out of 5 stars0 ratingsLearn Docker – Fundamentals of Docker 19.x: Build, test, ship, and run containers with Docker and Kubernetes, 2nd Edition Rating: 0 out of 5 stars0 ratingsDocker Unveiled: The Comprehensive Handbook to Streamlined Development Rating: 0 out of 5 stars0 ratings
Security For You
Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTia Security 701: Fundamentals of Security Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 5 out of 5 stars5/5Codes and Ciphers Rating: 5 out of 5 stars5/5CompTIA CySA+ Study Guide: Exam CS0-003 Rating: 2 out of 5 stars2/5Cybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Advanced OSINT Strategies: Online Investigations And Intelligence Gathering Rating: 0 out of 5 stars0 ratingsEthical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-003 Rating: 1 out of 5 stars1/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5
Related podcast episodes
How to Secure DevOps 0% found this document usefulLessons Learned from a Decade of CNCF Projects 0% found this document usefuleBPF Cloud-native Networking 0% found this document useful2022 Look Ahead, Developer Careers 0% found this document usefulVictor Adossi on Yak Shaving: Victor talks about his stack and side projects 0% found this document usefulEpisode 434: RR 426: Dockerized Development Environments with Julian Fahrer 0% found this document usefulEpisode 422: RR 414: Docker Talk 0% found this document usefulReal-World SRE Perspectives 0% found this document usefulSoftware Security: Catching Bugs Before They Catch You 0% found this document usefulAcorns for AWS 0% found this document usefulNew Tools for Cloud Native Developers 0% found this document useful2015 - DevOpsDays Pittsburgh - Application Orchestration with Kubernetes: Steve Sloka 0% found this document useful
Related articles
HotPicks Linux FormatUNLIMITED
HotPicks
Jun 27, 2023
12 min readManage Your Apps! Linux FormatUNLIMITED
Manage Your Apps!
Nov 14, 2023
17 min readDocker vs Podman APCUNLIMITED
Docker vs Podman
Dec 4, 2023
4 min readGet To Grips With Kali Linux FormatUNLIMITED
Get To Grips With Kali
May 2, 2023
5 min readDo Docker Like An Adult! Linux FormatUNLIMITED
Do Docker Like An Adult!
Feb 6, 2024
In the world of ephemeral services, Docker images provide a great way to have disposable I services on a ‘quick in, quick out’ scenario. With that ease of use, bad practice can creep in. Here we’re discussing some of the ways to optimise production u
4 min readJoin the Pod, Man! Linux FormatUNLIMITED
Join the Pod, Man!
May 30, 2023
8 min readRclone Linux FormatUNLIMITED
Rclone
Nov 12, 2024
1 min readTips For Managing Docker Containers Linux FormatUNLIMITED
Tips For Managing Docker Containers
Apr 2, 2024
4 min readIntroducing Kali Linux FormatUNLIMITED
Introducing Kali
Nov 17, 2020
4 min readMark Your Media Files Linux FormatUNLIMITED
Mark Your Media Files
Nov 17, 2020
When using an embedded system as a media centre, you need to know about NFO files. The files keep track of the meta data for your titles. They’re XML files that contain information on the song, movie or other media that you’re accessing. For example,
6 min readIntroducing Kali Maximum PCUNLIMITED
Introducing Kali
Mar 2, 2021
4 min readGetting To Grips With Docker Linux FormatUNLIMITED
Getting To Grips With Docker
Jan 12, 2021
9 min readPut A Little Linux Into Your Android Device Linux FormatUNLIMITED
Put A Little Linux Into Your Android Device
Sep 24, 2019
9 min readNextcloud And Docker Containers Made Easy Linux FormatUNLIMITED
Nextcloud And Docker Containers Made Easy
Feb 11, 2020
We’re going to demystify and make Docker easy to use, explaining how to run it and expose services to the internet. For our case study we will use Nextcloud and a fresh installation of Ubuntu Server 18.04. The goal here is not to demonstrate a ‘bette
8 min readAcronis Cyber Protect Home Office: Top-tier do-it-all PC backup PCWorldUNLIMITED
Acronis Cyber Protect Home Office: Top-tier do-it-all PC backup
Apr 30, 2024
4 min readOther Uses Linux FormatUNLIMITED
Other Uses
Nov 17, 2020
1 min readPoisoning The Well Linux FormatUNLIMITED
Poisoning The Well
Jan 11, 2022
4 min readDirect From the Source Linux FormatUNLIMITED
Direct From the Source
Oct 22, 2019
8 min readIntroducing Kali APCUNLIMITED
Introducing Kali
Apr 19, 2021
4 min readHow To Control Docker Over The Internet APCUNLIMITED
How To Control Docker Over The Internet
Aug 8, 2022
10 min readNextcloud Maximum PCUNLIMITED
Nextcloud
Jan 5, 2021
4 min readPersonal Cloud Servers Linux FormatUNLIMITED
Personal Cloud Servers
Sep 19, 2023
1 min readDocker vs Podman Maximum PCUNLIMITED
Docker vs Podman
Nov 7, 2023
4 min readA Quick Reference To… Containers Linux FormatUNLIMITED
A Quick Reference To… Containers
Sep 22, 2020
A container in Linux is an area of the computer that is isolated from most of the rest of the system. It may contain a program and all the files and libraries needed to run that program, or it may contain an entire operating system. Programs running
1 min readAre Docker Containers A Good Idea For Laptops? APCUNLIMITED
Are Docker Containers A Good Idea For Laptops?
Jun 15, 2020
2 min readEasily Secure Your Cloud Backups Linux FormatUNLIMITED
Easily Secure Your Cloud Backups
May 5, 2020
You can’t have too many backups, and that at least one of those backups should ideally be stored offsite – which typically means in the cloud. But can you trust the cloud with your sensitive data? Can you be sure your cloud provider is telling the tr
8 min readAre Docker Containers a Good Idea for Laptops? Maximum PCUNLIMITED
Are Docker Containers a Good Idea for Laptops?
Mar 31, 2020
Docker containers are cool. If you haven’t yet played with Docker, you’re missing a large world of easily deployed applications. For example, I can deploy NodeRed, Plex, Jupyter Lab, and Nextcloud servers, and run them behind a Traefik reverse proxy
2 min readInstall Nextcloud Linux FormatUNLIMITED
Install Nextcloud
May 4, 2021
4 min readUse Tailscale To Create A Mesh VPN Linux FormatUNLIMITED
Use Tailscale To Create A Mesh VPN
Nov 12, 2024
We are going to investigate how we can use VPNs to keep our home networks safe, while being able to access resources when we are away from home. We are also considering how to use a VPN to provide remote support while not opening up all the devices t
10 min readRun Kali Linux NetHunter on Android Linux FormatUNLIMITED
Run Kali Linux NetHunter on Android
Jan 14, 2020
7 min read
Reviews for Securing Docker
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Securing Docker - Gallagher Scott
(missing alt)
Table of Contents
Securing Docker
Credits
About the Author
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Securing Docker Hosts
Docker host overview
Discussing Docker host
Virtualization and isolation
Attack surface of Docker daemon
Protecting the Docker daemon
Securing Docker hosts
Docker Machine
SELinux and AppArmor
Auto-patching hosts
Summary
2. Securing Docker Components
Docker Content Trust
Docker Content Trust components
Signing images
Hardware signing
Docker Subscription
Docker Trusted Registry
Installation
Securing Docker Trusted Registry
Administering
Workflow
Docker Registry
Installation
Configuration and security
Summary
3. Securing and Hardening Linux Kernels
Linux kernel hardening guides
SANS hardening guide deep dive
Access controls
Distribution focused
Linux kernel hardening tools
Grsecurity
Lynis
Summary
4. Docker Bench for Security
Docker security – best practices
Docker – best practices
CIS guide
Host configuration
Docker daemon configuration
Docker daemon configuration files
Container images/runtime
Docker security operations
The Docker Bench Security application
Running the tool
Running the tool – host configuration
Running the tool – Docker daemon configuration
Running the tool – Docker daemon configuration files
Running the tool – container images and build files
Running the tool – container runtime
Running the tool – Docker security operations
Understanding the output
Understanding the output – host configuration
Understanding the output – the Docker daemon configuration
Understanding the output – the Docker daemon configuration files
Understanding the output – container images and build files
Understanding the output – container runtime
Understanding the output – Docker security operations
Summary
5. Monitoring and Reporting Docker Security Incidents
Docker security monitoring
Docker CVE
Mailing lists
Docker security reporting
Responsible disclosure
Security reporting
Additional Docker security resources
Docker Notary
Hardware signing
Reading materials
Awesome Docker
Summary
6. Using Docker's Built-in Security Features
Docker tools
Using TLS
Read-only containers
Docker security fundamentals
Kernel namespaces
Control groups
Linux kernel capabilities
Containers versus virtual machines
Summary
7. Securing Docker with Third-party Tools
Third-party tools
Traffic Authorization
Summon
sVirt and SELinux
Other third-party tools
dockersh
DockerUI
Shipyard
Logspout
Summary
8. Keeping up Security
Keeping up with security
E-mail list options
The two e-mail lists are as follows:
GitHub issues
IRC rooms
CVE websites
Other areas of interest
Summary
Index
Securing Docker
Securing Docker
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: March 2016
Production reference: 1230316
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-885-4
www.packtpub.com
Credits
Author
Scott Gallagher
Reviewer
Harald Albers
Commissioning Editor
Priya Singh
Acquisition Editor
Prachi Bisht
Content Development Editor
Arshiya Ayaz Umer
Technical Editor
Suwarna Patil
Copy Editor
Vibha Shukla
Project Coordinator
Shweta H Birwatkar
Proofreader
Safis Editing
Indexer
Monica Ajmera Mehta
Graphics
Disha Haria
Production Coordinator
Nilesh Mohite
Cover Work
Nilesh Mohite
About the Author
Scott Gallagher has been fascinated with technology since he was in elementary school, when he used to play Oregon Trail. His love continued through middle school, working on more Apple IIe computers. In high school, he learned how build computers and program in BASIC! His college years were all about server technologies such as Novell, Microsoft, and Red Hat. After college, he continued to work on Novell, all while keeping an interest in all the technologies. He then moved into managing Microsoft environments and eventually into what he is the most passionate about, Linux environments, and now his focus is on Docker and cloud environments.
I would like to thank my family for the support they have given me, not only throughout the work on this book, but throughout my life and career. I would like to thank my wife, who is my soulmate, the love of my life, and the most important person in my life and the reason I push myself to be the best I can be each day. I would also like to thank my kids, who are the most amazing kids in this world, for being able to watch them grow each day; I truly am blessed. Finally, I would like to thank my parents, who have helped me become the person I am today.
About the Reviewer
Harald Albers works as a Java developer and security engineer in Hamburg, Germany.
In addition to developing distributed web applications, he also sets up and maintains the build infrastructure, staging, and production environments for these applications.
Most of his work is only possible because of Docker's simple and elegant solutions for the challenges of provisioning, deployment, and orchestration.
He started using Docker and contributing to the Docker project in mid-2014. He is a member of the Docker Governance Advisory Board, 2015-2016.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
eBooks, discount offers, and morehttps://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Preface
Docker is the hottest buzzword in technology these days! This book helps you to ensure that you are securing all the pieces in the Docker ecosystems of tools. Keeping your data and systems safe is of utmost importance these days, and with Docker, it's the same exception. Learn how Docker is inherently secure and how to secure the pieces around it even more and be on the lookout for potential vulnerabilities as they take place.
What this book covers
Chapter 1, Securing Docker Hosts, starts off the book by discussing how to secure the first part of getting your Docker environment up and running, and that is by focusing on your Docker hosts. The Docker hosts are the platform that your containers will run on. Without securing these first, it's like leaving the front door to your house wide open.
Chapter 2, Securing Docker Components, focuses on securing the components of Docker, such as the registry you can use, the containers that run on your hosts, and how to sign your images.
Chapter 3, Securing and Hardening Linux Kernels, explains hardening guides that are out there as well as different security measures/methods you can use to help secure the kernel that is being used to run your containers as it's important to secure it.
Chapter 4, Docker Bench for Security, informs how well you have set up your Docker environment with the Docker Bench Security application, get recommendations for where you should focus your efforts to fix right away, and what you don't really have to fix right now, but should keep yourself aware of.
Chapter 5, Monitoring and Reporting Docker Security Incidents, covers how to stay on top of the items that Docker has released regarding the security findings to help keep you aware of your environments. Also, we will take a look at how to safely report any security findings you come across to ensure that Docker has a chance to alleviate the concern before it becomes public and widespread.
Chapter 6, Using Docker's Built-in Security Features, introduces the use of Docker tools to help secure your environment. We will go over all of them to give you a baseline of what you can use that is provided by Docker itself. You can learn what command-line and GUI tools you can use for your security needs.
Chapter 7, Securing Docker with Third-party Tools, covers the third-party tools that are out there to help you keep your Docker environment
Enjoying the preview?
Page 1 of 1