Although containers present many advantages over traditional VM architecture, they also come with a number of inherent risks – some of which are elevated beyond those of a conventional VM environment.
For example, Docker kernels use the same namespace as the host system – which means any user who gains root access to a Docker container can potentially obtain root privileges over the entire runtime environment.
What’s more, container admins’ need to pull images from public repositories can result in unintentional installation of unverified images. If any of these images include security flaws, those weaknesses could potentially place the entire host system at risk.
But by taking a few key steps to proactively assess and address container security issues, it’s possible to take full advantage of the agility and simplicity of containers, without putting your host system and users at risk. Here’s an overview of a smart approach to Docker security.
It’s crucial to be aware of Docker’s risks.
The inherent risks associated with Docker containers fall into a few broad categories. One key set of risks hinge on the fact that Docker kernels are designed to run on top of the host kernel. Thus, any security flaws in a container – or in any image running within that container – translate to security weaknesses in the host system as a whole. One way of preventing this is to use a CIS vulnerability scanning tool like CLAIR to scan the contents of each container, and check whether each package is sufficiently secure.
A second set of risks are related to the possibility of pulling unverified images from compromised repositories. If a malicious hacker has tampered with an image, it could present a risk to the container – and to the host system. The third key set of Docker-related risks come from the fact that every kernel requires private information – usernames, passwords and so on – in order to run. Any secrets embedded in the container image are easy for hackers to obtain.
Securing clusters can be a complex process.
All three of these categories of security risks are equally important to understand and address. For example, risks associated with Docker’s need to run on top of the host kernel can be mitigated by always running Docker containers as an non-root users, never as root. It’s also crucial to use separate namespaces for each application or microservice, and to double-check and verify the validity of each repository and package to be used with Docker.
But these security measures only represent the tip of the iceberg. As resources like this article make clear, comprehensive Docker security plan involved a wide range of interlinked precautions, from container validation and privilege control to correct image flagging, container grouping, and credentials management. A misstep in just one of these areas can leave your containers open to harmful intrusions.
A container orchestration tool can greatly simplify cluster security.
As container infrastructure and security become ever more complex, it’s often unrealistic for any single user – or even any team – to manage and secure groups of containers across multiple types of infrastructure. This is where container orchestration tools come in. These tools greatly simplify the processes of managing containers at scale, by automatically controlling access to Kubelets, managing the privileges with which containers can run, restricting cloud metadata API access, and otherwise protecting cluster components from compromise.
When you’re ready to take your next step toward enterprise-level container management, get in touch with us at Magalix. Container orchestration and security are precisely what we do best.