Containers have taken the IT world by storm with their speed, isolation and lightweight nature, redefining application packaging and execution. A vast majority of enterprises are migrating their IT systems into containers with Docker being the de-facto standard for container technology. Packaging applications as Docker images brings portability and resource optimization and is ideal for microservices deployment. Kubernetes, based on Google’s Borg system, eased running containerized applications at scale while managing multiple aspects of its ecosystem. As more and more enterprises graduate from a proof-of-concept stage to production deployments with container technology, the number of threats to Docker, Kubernetes and associated ecosystem components increase. If you want to adopt container technology, it is imperative for you to start focusing on the quintessential security aspect.
A typical container environment includes Linux or Windows hosts serving as the base operating system, a container orchestration environment comprising several ecosystem components running as Docker containers, a container runtime environment, Docker images, container registry to host images and running containers that interact with the host kernel. These components constitute the attack surface for a container environment and you must secure each component in its own way.
1. Kernel-level security: Containers use kernel namespaces to establish isolated workspaces, which block one container from accessing resources of another. However, unrestricted access (root user privileges) to a container can compromise the entire host or cluster. Leverage user namespaces to map users between the host operating system and container to restrict privileges. Containers get the CPU and memory resources they need from kernel control groups. You can use the API provided by Docker to allocate specific amounts of CPU and memory so that no single container can monopolize all the resources.
2. Host-level security: Docker commands require root privileges. Docker users, therefore, have privileged access to the host running Docker and its file system, making it vulnerable. To minimize risks of unrestricted file system access, Security-enhanced Linux should be enabled. Its policies will provide access only to required files and directories while restricting access to others.
3. Security of Docker images: Docker images are vulnerable because of the way they are built or their contents. A Docker image creation process must include only the minimum required application components. Docker images should be configured to run for a user with the least required privileges. Docker images must use only standard and vulnerability-free parent images. To warrant authenticity, you must ensure that the built images are digitally signed by a service like Docker Content Trust (DCT), and are published and managed by a secure service like Notary. Docker images must be stored and shared via a secure private registry working in tandem with Notary. They should be thoroughly scanned for vulnerabilities and license compliance. Tools like Dependency Track or TERN can be greatly helpful with this.
4. Security in running containers: Restricting the number and types of system calls available to a container makes it less vulnerable to attacks. This is possible using kernel-level features like secure computing mode, commonly known as seccomp. The Linux Capabilities feature can restrict privileges associated with a root user, further enhancing container security.
5. Security of container engine and container orchestration systems: The container engine and the container orchestration system contribute to a significant attack surface owing to the diversity of the components used inside them. Secure the components, their integration as well as their communication channel through mitigations such as certificate-based authentication, transport layer security and measures specific to each component. Configure conservative network and resource allocation policies inside the container system to avoid denial of service attacks and unauthorized resource access.
6. Environment security: Securing the operating system and the network serves to minimize threats that penetrate the container orchestration system running above them. Use a proprietary, vulnerability-free, hardened operating system for running Docker and Kubernetes. Install and properly configure traditional host security measures including firewalls and network access control devices to restrict unwanted traffic. Establishing a suitable antivirus software with regular patch updates, a strong authentication method along with a conservative access control policy can help avoid unsolicited access to the operating system and its resources.
CIS benchmarks for Docker and Kubernetes form a comprehensive set of guidelines and best practices for establishing a secure environment. Various options — both Open Source and Proprietary — are available to incorporate security through pluggable components and CI-CD pipelines.
With the proliferation of container technology and the widespread use of Docker and Kubernetes, containerized deployments are becoming new targets for all kinds of security attacks and exploitations. As the saying goes, any system is as strong as its weakest link; the same applies to container-based systems, highlighting the need for container security.
Start evaluating different container security options available in the market today and incorporate them in your enterprise ecosystem to deliver business value efficiently and securely