Securing your Containers
1 like214 views
Learn best practices in container security to make your containers seaworthy through the build, ship, and run lifecycle. Demos temporarily living at github.com/endophage/apps (look under wordpress dir)
1 of 17
Download to read offline
Ad
Recommended
Owning aws infrastructure services
Owning aws infrastructure servicesSuraj Khetani Presentation slides talking about AWS infrastructure basics, and abusing/exploiting several mis-configurations on AWS services.
Docker Basics
Docker BasicsPeter Perger This document provides information on virtualization and containers. It discusses the history and benefits of virtualization and containers. It also outlines some key virtualization and containerization software, security best practices, and differences between Docker Swarm and Kubernetes for orchestrating containers.
Container Security
Container SecuritySalman Baset Container security involves securing the host, container content, orchestration, and applications. The document discusses how container isolation evolved over time through namespaces, cgroups, capabilities, and other Linux kernel features. It also covers securing container images, orchestrators, and applications themselves. Emerging technologies like LinuxKit, Katacontainers, and MirageOS aim to provide more lightweight and secure container environments.
Docker Container Security
Docker Container SecuritySuraj Khetani This presentation covers the basics of dockers, its security related features and how certain misconfigurations can be used to escape from container to host
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCloud Security Alliance, UK chapter Csa container-security-in-aws-dw
Video: https://youtu.be/X2Db27sAcyM
This session will touch upon container security constructs and isolation mechanisms like capabilities, syscalls, seccomp and Firecracker before digging into secure container configuration recommendations, third-party tools for build- and run-time analysis and monitoring, and how Kubernetes security mechanisms and AWS security-focussed services interact.
A Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsSalman Baset This talk is an update of container security in 2016. It describes the security measures that containers provide, shows how containers provide security measures out of box that are prone to configuration errors when running applications directly on host, and finally lists the ongoing in container security in the community.
Container Security
Container SecurityJie Liau This slide is the speech provided by me for InfoSec2020 (https://2020.infosec.org.tw/) conference in Taiwan. It describes the container security, what issues is. how to exploit it and how to defense it.
Networking Overview for Docker Platform
Networking Overview for Docker PlatformAditya Patawari This document provides an overview of networking in the Docker platform. It discusses the default Docker networks of none, host and bridge. It also covers user-defined networks like bridge and overlay networks. The key challenges with applications are that they are multi-tiered, dependent on other applications and third party APIs, with components residing across different containers. Docker networking aims to address these challenges.
Docker Advanced registry usage
Docker Advanced registry usageDocker, Inc. The document discusses advanced configuration and usage of Docker registries. It describes what a registry is for storing Docker images and supporting various storage backends. It then covers configuring a registry to add features like a search index using SQLite, mirroring another registry, and adding a Redis cache. The document concludes by discussing extending the registry code for customization.
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatDocker, Inc. You can secure your containerized microservices without slowing down development. Through a combination of Linux kernel features and open source tools, you can isolate the host from the container and the containers from each other, as well as finding vulnerabilities and securing data. Two of Red Hat's Docker contributors will discuss the state of container security today, covering Linux namespaces, SElinux, cgroups, capabilities, scan, seccomp, and other tools you can use right now.
Docker Security and Content Trust
Docker Security and Content Trustehazlett Docker provides security features to secure content, access, and platforms. It delivers integrated security through content trust, authorization and authentication, and runtime containment using cGroups, namespaces, capabilities, seccomp profiles, and Linux security modules.
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSEmad Alashi Emad Alashi presented on RBAC in Azure Kubernetes Service (AKS). The presentation covered how RBAC works in both Azure Active Directory and Kubernetes, and how OAuth2 device flow authentication can be used to authenticate Kubernetes clients like Kubectl. Device flow allows authentication of CLI tools by redirecting the user to a browser to authenticate, then receiving an access token to use with the Kubernetes API.
Journey to Docker Production: Evolving Your Infrastructure and Processes - Br...
Journey to Docker Production: Evolving Your Infrastructure and Processes - Br...Docker, Inc. DevOps in the Real World is far from perfect, and we're all somewhere on the path to one day writing that "Amazing-Hacker-News-Post about your chat-bot fully-automated micro-service infrastructure." But until then, how can you *really* start using containers today, in meaningful ways that impact yours and your customers productivity? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. No Docker 101 here, this is for helping you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today.
Container Security Essentials
Container Security EssentialsDNIF In this presentation, we talk about:
- Introduction to Containers
- Container Security Overview
You can watch the complete session here:
https://youtu.be/w2-NtdAkrOI?t=1901
Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrog
Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrogDocker, Inc. Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? We will demonstrate how to implement a promotion model for docker images, and then show how to distribute them to any kind of consumer, being it a customer or a data center.
Docker Security - Continuous Container Security
Docker Security - Continuous Container SecurityDieter Reuter This document discusses Docker container security. It begins by outlining common container threats like ransomware, DDoS attacks, and privilege escalations. It then describes the need for continuous container security across the development, deployment and runtime phases. This includes techniques like image signing, user access controls, code analysis, image scanning, and host/kernel hardening. The document also discusses inspecting and protecting container network traffic and hosts from attacks. It emphasizes the challenges of monitoring large, complex deployments and automating security at scale across orchestration platforms and network overlays. Several demos are proposed to showcase micro-segmentation of applications and runtime vulnerability scanning using NeuVector.
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill This document discusses open-source tools for security and compliance using Docker containers. It introduces Anchore, an open-source tool that allows deep inspection of container images to check for compliance with policies. Anchore performs image scanning, analyzes operating system packages and artifacts, checks for secrets or source code, and validates Dockerfiles. It generates reports on findings and can integrate with DevOps pipelines using plug-ins for notifications and policy enforcement. Anchore is open-source, extensible, and provides both a web interface and command line tools.
Kubernetes security
Kubernetes securitySaiyam Pathak This document provides an overview of Kubernetes security concepts including the Kubernetes attack surface, TLS certificates, securing the Kubelet and etcd, authentication, authorization, admission controllers, tooling landscape, pod security policies, network policies, and secrets. It discusses key configuration recommendations and checks for securing different components like disabling privileged mode, setting TLS certificates, CIS benchmarks for etcd, and authentication methods in Kubernetes. The different types of admission controllers and CNCF security tooling are also briefly introduced.
Jenkins as a Service - Code all the way down
Jenkins as a Service - Code all the way downSteve Mactaggart This presentation walks through a Jenkins as Code approach that aims to fully automate and describe the creation of Infrastructure, Application and Configuration as Code.
We treat our applications with a strong 'as code' approach, but often forget about the critical operational tools. This presentation shows how it is possible to create a code first approach to creating and managing a Jenkins Service.
Working code repository is available at https://bitbucket.org/stevemac/dockerfiles
Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022Hussain Mansoor A walkthrough of what is Containers and why we need it in large scale software projects. Specially in corporate environments where automation and quality is critical.
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Michelle Antebi Swarm allows multiple Docker hosts to be clustered together into a single virtual Docker host. The document discusses how to set up a Swarm cluster in three steps: 1) Create a key-value store, 2) Run the Swarm manager container, and 3) Configure Docker daemon arguments on hosts. It also provides an example of running a microservices voting application on Swarm and references additional example repositories.
Veer's Container Security
Veer's Container SecurityJim Barlow Container security involves securing containers at both the host and application level. At the host level, Linux technologies like namespaces, cgroups, SELinux, and seccomp provide isolation between containers. Container images are also scanned for vulnerabilities. The OpenShift platform provides additional security features like role-based access control, network policies, encrypted communications, and controls over privileged containers and storage. Application security best practices within containers include using HTTPS, securing secrets, and API management tools.
Understanding container security
Understanding container securityJohn Kinsella This document discusses container security, providing a brief history of containers, security benefits and challenges of containers, and approaches to container vulnerability management and responding to attacks. It notes that while containers are not new, their adoption has increased rapidly in recent years. The document outlines security advantages like smaller surface areas but also challenges like managing vulnerabilities across many moving parts. It recommends strategies like using official images, hardening hosts, scanning for vulnerabilities, and practicing incident response for containers.
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, DockerDocker, Inc. Built-in security is one of the most important features in Docker. But to build a secure app, you have to understand how to take advantage of these features. Security begins with the platform, but also requires conscious secure design at all stages of app development. In this session, we'll cover the latest features in Docker security, and how you can leverage them. You'll learn how to add them to your existing development pipeline, as well as how you can and streamline your workflow while making it more secure.
Docker Security Overview
Docker Security OverviewSreenivas Makam This document summarizes Docker security features as of release 1.12. It discusses key security modules like namespaces, cgroups, capabilities, seccomp, AppArmor/SELinux that provide access control and isolation in Docker containers. It also covers multi-tenant security, image signing, TLS for daemon access, and best practices like using official images and regular updates.
How to be successful running Docker in Production
How to be successful running Docker in ProductionDocker, Inc. John’s presentation will cover his lessons learned from running Docker in Production @ SalesforceIQ. Learn how to scale your registry using AWS and S3. Should you use Device Mapper or AUFS? Why run Swarm, Mesos, Kubernetes, or neither. Finally, know how persistent storage (Kafka, Cassandra, or SQL) can be run successfully with Docker in Production
His team focuses on Docker based solutions to power their SaaS infrastructure and developer operations.
Oracle database on Docker Container
Oracle database on Docker ContainerJesus Guzman This document discusses running Oracle Database in Docker containers. It provides an overview of Docker and containers, and then describes how to run Oracle Database within a Docker container. Specifically, it outlines downloading prebuilt images from Docker Store or Oracle Store, or building a custom image using Dockerfiles in Oracle's GitHub repository. It also provides examples for running Docker commands to launch an Oracle Database container using these images.
SlideShare 101
SlideShare 101Amit Ranjan
The SlideShare 101 is a quick start guide if you want to walk through the main features that the platform offers. This will keep getting updated as new features are launched.
The SlideShare 101 replaces the earlier "SlideShare Quick Tour".
Habits at Work - Merci Victoria Grace, Growth, Slack - 2016 Habit Summit
Habits at Work - Merci Victoria Grace, Growth, Slack - 2016 Habit SummitHabit Summit Presented at the 2016 Habit Summit at Stanford (see: www.HabitSummit.com)
Merci Victoria Grace leads the Growth team at Slack.
Prior to joining Slack, she started a venture-backed game company, designed The Sims Social at Electronic Arts, and worked at a range of consumer, mobile and enterprise startups.
Here she shares insights on putting "Habits to Work at Work".
Ad
More Related Content
What's hot (19)
Docker Advanced registry usage
Docker Advanced registry usageDocker, Inc. The document discusses advanced configuration and usage of Docker registries. It describes what a registry is for storing Docker images and supporting various storage backends. It then covers configuring a registry to add features like a search index using SQLite, mirroring another registry, and adding a Redis cache. The document concludes by discussing extending the registry code for customization.
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatDocker, Inc. You can secure your containerized microservices without slowing down development. Through a combination of Linux kernel features and open source tools, you can isolate the host from the container and the containers from each other, as well as finding vulnerabilities and securing data. Two of Red Hat's Docker contributors will discuss the state of container security today, covering Linux namespaces, SElinux, cgroups, capabilities, scan, seccomp, and other tools you can use right now.
Docker Security and Content Trust
Docker Security and Content Trustehazlett Docker provides security features to secure content, access, and platforms. It delivers integrated security through content trust, authorization and authentication, and runtime containment using cGroups, namespaces, capabilities, seccomp profiles, and Linux security modules.
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSEmad Alashi Emad Alashi presented on RBAC in Azure Kubernetes Service (AKS). The presentation covered how RBAC works in both Azure Active Directory and Kubernetes, and how OAuth2 device flow authentication can be used to authenticate Kubernetes clients like Kubectl. Device flow allows authentication of CLI tools by redirecting the user to a browser to authenticate, then receiving an access token to use with the Kubernetes API.
Journey to Docker Production: Evolving Your Infrastructure and Processes - Br...
Journey to Docker Production: Evolving Your Infrastructure and Processes - Br...Docker, Inc. DevOps in the Real World is far from perfect, and we're all somewhere on the path to one day writing that "Amazing-Hacker-News-Post about your chat-bot fully-automated micro-service infrastructure." But until then, how can you *really* start using containers today, in meaningful ways that impact yours and your customers productivity? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. No Docker 101 here, this is for helping you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today.
Container Security Essentials
Container Security EssentialsDNIF In this presentation, we talk about:
- Introduction to Containers
- Container Security Overview
You can watch the complete session here:
https://youtu.be/w2-NtdAkrOI?t=1901
Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrog
Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrogDocker, Inc. Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? We will demonstrate how to implement a promotion model for docker images, and then show how to distribute them to any kind of consumer, being it a customer or a data center.
Docker Security - Continuous Container Security
Docker Security - Continuous Container SecurityDieter Reuter This document discusses Docker container security. It begins by outlining common container threats like ransomware, DDoS attacks, and privilege escalations. It then describes the need for continuous container security across the development, deployment and runtime phases. This includes techniques like image signing, user access controls, code analysis, image scanning, and host/kernel hardening. The document also discusses inspecting and protecting container network traffic and hosts from attacks. It emphasizes the challenges of monitoring large, complex deployments and automating security at scale across orchestration platforms and network overlays. Several demos are proposed to showcase micro-segmentation of applications and runtime vulnerability scanning using NeuVector.
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill This document discusses open-source tools for security and compliance using Docker containers. It introduces Anchore, an open-source tool that allows deep inspection of container images to check for compliance with policies. Anchore performs image scanning, analyzes operating system packages and artifacts, checks for secrets or source code, and validates Dockerfiles. It generates reports on findings and can integrate with DevOps pipelines using plug-ins for notifications and policy enforcement. Anchore is open-source, extensible, and provides both a web interface and command line tools.
Kubernetes security
Kubernetes securitySaiyam Pathak This document provides an overview of Kubernetes security concepts including the Kubernetes attack surface, TLS certificates, securing the Kubelet and etcd, authentication, authorization, admission controllers, tooling landscape, pod security policies, network policies, and secrets. It discusses key configuration recommendations and checks for securing different components like disabling privileged mode, setting TLS certificates, CIS benchmarks for etcd, and authentication methods in Kubernetes. The different types of admission controllers and CNCF security tooling are also briefly introduced.
Jenkins as a Service - Code all the way down
Jenkins as a Service - Code all the way downSteve Mactaggart This presentation walks through a Jenkins as Code approach that aims to fully automate and describe the creation of Infrastructure, Application and Configuration as Code.
We treat our applications with a strong 'as code' approach, but often forget about the critical operational tools. This presentation shows how it is possible to create a code first approach to creating and managing a Jenkins Service.
Working code repository is available at https://bitbucket.org/stevemac/dockerfiles
Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022Hussain Mansoor A walkthrough of what is Containers and why we need it in large scale software projects. Specially in corporate environments where automation and quality is critical.
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Michelle Antebi Swarm allows multiple Docker hosts to be clustered together into a single virtual Docker host. The document discusses how to set up a Swarm cluster in three steps: 1) Create a key-value store, 2) Run the Swarm manager container, and 3) Configure Docker daemon arguments on hosts. It also provides an example of running a microservices voting application on Swarm and references additional example repositories.
Veer's Container Security
Veer's Container SecurityJim Barlow Container security involves securing containers at both the host and application level. At the host level, Linux technologies like namespaces, cgroups, SELinux, and seccomp provide isolation between containers. Container images are also scanned for vulnerabilities. The OpenShift platform provides additional security features like role-based access control, network policies, encrypted communications, and controls over privileged containers and storage. Application security best practices within containers include using HTTPS, securing secrets, and API management tools.
Understanding container security
Understanding container securityJohn Kinsella This document discusses container security, providing a brief history of containers, security benefits and challenges of containers, and approaches to container vulnerability management and responding to attacks. It notes that while containers are not new, their adoption has increased rapidly in recent years. The document outlines security advantages like smaller surface areas but also challenges like managing vulnerabilities across many moving parts. It recommends strategies like using official images, hardening hosts, scanning for vulnerabilities, and practicing incident response for containers.
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, DockerDocker, Inc. Built-in security is one of the most important features in Docker. But to build a secure app, you have to understand how to take advantage of these features. Security begins with the platform, but also requires conscious secure design at all stages of app development. In this session, we'll cover the latest features in Docker security, and how you can leverage them. You'll learn how to add them to your existing development pipeline, as well as how you can and streamline your workflow while making it more secure.
Docker Security Overview
Docker Security OverviewSreenivas Makam This document summarizes Docker security features as of release 1.12. It discusses key security modules like namespaces, cgroups, capabilities, seccomp, AppArmor/SELinux that provide access control and isolation in Docker containers. It also covers multi-tenant security, image signing, TLS for daemon access, and best practices like using official images and regular updates.
How to be successful running Docker in Production
How to be successful running Docker in ProductionDocker, Inc. John’s presentation will cover his lessons learned from running Docker in Production @ SalesforceIQ. Learn how to scale your registry using AWS and S3. Should you use Device Mapper or AUFS? Why run Swarm, Mesos, Kubernetes, or neither. Finally, know how persistent storage (Kafka, Cassandra, or SQL) can be run successfully with Docker in Production
His team focuses on Docker based solutions to power their SaaS infrastructure and developer operations.
Oracle database on Docker Container
Oracle database on Docker ContainerJesus Guzman This document discusses running Oracle Database in Docker containers. It provides an overview of Docker and containers, and then describes how to run Oracle Database within a Docker container. Specifically, it outlines downloading prebuilt images from Docker Store or Oracle Store, or building a custom image using Dockerfiles in Oracle's GitHub repository. It also provides examples for running Docker commands to launch an Oracle Database container using these images.
Viewers also liked (13)
SlideShare 101
SlideShare 101Amit Ranjan
The SlideShare 101 is a quick start guide if you want to walk through the main features that the platform offers. This will keep getting updated as new features are launched.
The SlideShare 101 replaces the earlier "SlideShare Quick Tour".
Habits at Work - Merci Victoria Grace, Growth, Slack - 2016 Habit Summit
Habits at Work - Merci Victoria Grace, Growth, Slack - 2016 Habit SummitHabit Summit Presented at the 2016 Habit Summit at Stanford (see: www.HabitSummit.com)
Merci Victoria Grace leads the Growth team at Slack.
Prior to joining Slack, she started a venture-backed game company, designed The Sims Social at Electronic Arts, and worked at a range of consumer, mobile and enterprise startups.
Here she shares insights on putting "Habits to Work at Work".
TheFinalOdyssey.docx
TheFinalOdyssey.docxWilliam Holman Odyssey LLC is proposing to launch an online e-commerce company selling high-quality backpacks equipped with optional GPS trackers. The company would be based in Wichita, KS and sell to customers in the United States. Their backpacks would target adventurous men and women over 18 years old. Their key differentiator is their GPS tracking feature, which would allow customers to see the locations their backpacks have traveled through an online account. This could help parents track their children's backpacks or help hikers review routes. The proposal outlines their target market, product plans, supply chain, costs, revenues, and financial projections.
VMET_Document
VMET_DocumentAnthony Lampe This document provides a summary of Anthony Lampe's military experience from 2010 to 2015. It shows that he served as an Information Technology Specialist (25B) and Fire Support Specialist (13F) in the U.S. Army. During his service, he completed various military training courses in areas like networking, Microsoft Office applications, and structured self-development. The document also includes descriptions of the duties associated with his military occupations.
Gomyfrut
Gomyfruth3wbarsenal La empresa Gomyfrut ofrece un producto novedoso a base de gomitas con chile en polvo para deleitar a los clientes. Su misión es proporcionar un rico manjar de alta calidad para satisfacer el paladar de los consumidores, y su visión es convertirse en la primera opción de los clientes mediante la elaboración de un producto de calidad para aumentar las ventas y distribuirse en todo el estado.
FP Brochure Rev 7
FP Brochure Rev 7Tim Holbrook HDI Fire Proof Homes Corp proposes building completely fire proof homes made of non-combustible materials like steel, concrete, and stone that will last for hundreds of years. They request $6.5 million to build a factory and $3.5 million to build the first 12-unit apartment building using this new technology. The homes will be more affordable and efficient to run, as well as safer, as they cannot burn in a fire.
Interview In Suedtirol 2013
Interview In Suedtirol 2013Stefanie Zambelli CMP The document outlines the steps to properly scan documents using the CamScanner app. It shows how to select the document type, scan the pages, and edit or save the scanned file. The app allows users to easily digitize paper documents through their mobile device in just a few taps.
Visit Orlando Case Study Competition
Visit Orlando Case Study CompetitionStefanie Zambelli CMP The document discusses a 2009 marketing campaign called "Orlando é só Alegria" implemented by Visit Orlando to promote tourism to Orlando from Brazil. It provides context on Visit Orlando and the Brazilian travel market. The campaign was a collaborative effort between Visit Orlando and its 1,132 member partners to increase awareness of Orlando as a complete vacation destination, appeal to a varied segment of the Brazilian population, and encourage return visits. The campaign successfully demonstrated the benefits of collaborative destination marketing by bringing together stakeholders to accomplish shared objectives.
Young_Huang_Resume
Young_Huang_ResumeYoung Huang Young Huang is a senior software quality assurance engineer with over 15 years of experience in testing commercial computing systems. He has extensive experience designing and implementing test plans, cases, and processes using tools like Selenium, QTP, Xcode, and JIRA. Huang currently works at American Well, where he developed their Selenium and Xcode test frameworks and writes automated tests. Previously he worked at Curl and Programart Corp, contributing to major releases and testing software against specifications.
DockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc. This document summarizes the latest developments in Docker Engine. It discusses the activity and releases since the previous DockerCon, highlights of the new Docker Engine 1.9.0 release including improvements to networking and volume management, and outlines the future plans including additional platform support, security enhancements, and continued decoupling of Engine components. It also includes a demonstration of Linux namespaces and how containers leverage them to provide isolation.
DockerCon SF 2015: Docker Security
DockerCon SF 2015: Docker SecurityDocker, Inc. Least - Privilege Microservices; slides from Diogo Mónica and Nathan McCauley's Docker Security Talk at DockerCon SF 2015.
Ad
Similar to Securing your Containers (20)
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerDavid Currie IBM WebSphere Application Server can run in both traditional and Docker environments. Docker provides benefits like consistency across environments, faster build and deployment, higher server density, and separation of concerns between development and operations. IBM supports WebSphere Liberty and traditional editions running in Docker containers. Dockerfiles are available to build WebSphere images containing application servers, deployment managers, and other software components. Organizations can use Docker to improve the deployment and management of WebSphere environments.
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana This document provides an overview of Docker, including:
- Docker enables building applications from components and eliminates friction between development, QA and production environments.
- Other container options include LXC, LXD and OpenVZ, but Docker has gained popularity for its ease of use.
- Docker components include images, containers, registries, and more.
- Docker Hub and Quay.io are popular registries for finding and sharing Docker images.
- Docker Swarm and Docker Compose allow orchestrating multiple Docker containers.
DockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDocker, Inc. This document provides an overview of Docker including why Docker is useful, how the Docker platform works, and common Docker workflows. It discusses Docker's isolation, lightweight virtualization, simplicity, community support, and installation process. Key Docker concepts covered include images, containers, the Docker Engine, Docker Hub, and using volumes. The document demonstrates common Docker commands and workflows like building, running, and sharing images.
GlobalAzureBootCamp 2018
GlobalAzureBootCamp 2018girish goudar This document provides an agenda for a presentation that includes topics on .NET Core applications, containerization with Docker, running and scaling apps on Kubernetes, deployments using Helm, canary releases with service mesh (Istio), and demos of these technologies. It discusses .NET Core 2.1 features, containers, Docker, Kubernetes architecture and deployment, using Helm for deployments, Istio architecture and canary releases, and includes demos of setting up and using these technologies.
Containers 101
Containers 101Black Duck by Synopsys Dockerized containers are the current wave that promising to revolutionize IT. Everybody is talking about containers, but a lot of people remain confused on how they work and why they are different or better than virtual machines. In this session, Black Duck container and virtualization expert Tim Mackey will demystify containers, explain their core concepts, and compare and contrast them with the virtual machine architectures that have been the staple of IT for the last decade.
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc. This document provides an introduction to Docker. It discusses why Docker is useful for isolation, being lightweight, simplicity, workflow, and community. It describes the Docker engine, daemon, and CLI. It explains how Docker Hub provides image storage and automated builds. It outlines the Docker installation process and common workflows like finding images, pulling, running, stopping, and removing containers and images. It promotes Docker for building local images and using host volumes.
DockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDocker, Inc. This document discusses Docker Registry API V2, a new model for image distribution that addresses limitations in the previous V1 API. Key changes include making layers content-addressable using cryptographic digests for identification and verification. Images are now described by manifests containing layer digests. The registry stores content in repositories and no longer exposes internal image details. Early adoption shows V2 providing significantly better performance than V1 with 80% fewer requests and 60% less bandwidth used. Future goals include improving documentation, adding features like pull-through caching, and developing the Docker distribution components to provide a foundation for more advanced distribution models.
Docker Registry V2
Docker Registry V2Docker, Inc. This document discusses Docker Registry API V2, a new model for image distribution that addresses limitations in the previous V1 API. Key changes include making layers content-addressable using cryptographic digests for identification and verification. Images are now described by manifests containing layer digests. The registry stores content in repositories and no longer exposes internal image details. Early adoption shows V2 providing significantly better performance than V1 with 80% fewer requests and 60% less bandwidth used. Future goals include improving documentation, adding features like pull-through caching, and developing the Docker distribution components to provide a foundation for more advanced distribution models.
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciRajesh Kolla Technical Session on Containers , Azure ACR and Azure ACI -Oct 25,2020
Code: https://lnkd.in/ef5Ummd
Recorded session: https://lnkd.in/e-NnsRX
https://lnkd.in/en6S5ZB
docker technology in INTERNET WORLD.pptx
docker technology in INTERNET WORLD.pptxpoojadhanrajani THIS HELP TO PREPARE DOCKER AND HOW TO WORK IN DOCKER AND WHAT IS DOCKER, HOW IT IS USEFUL AND IN MARKET
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxCon ContainerCon CloudOpen China This document discusses container image management in enterprises and introduces Project Harbor, an open source container registry. It covers key topics like container image basics, Project Harbor features, maintaining consistency of images between environments, security and access control of images, image distribution strategies, and high availability of container registries. Project Harbor provides an enterprise-grade private registry with features for user management, image replication, security, and integration with systems like LDAP. It aims to help organizations securely manage the distribution and storage of container images.
Docker lxc win
Docker lxc winrahulmore01 Docker is an open platform that allows developers and sysadmins to build and run distributed applications using lightweight Linux containers. It provides portable deployments, fast application delivery, and allows applications to be easily scaled and deployed. Docker uses a client-server architecture with Docker daemons managing container operations. Images are packaged applications that serve as the basis for containers, which provide isolated execution environments for running applications.
Virtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesabhishek chawla In this presentation we take you through the concept of virtualization which includes the different types of virtualizations, understanding the Docker as a software containerization platform like Docker's Architecture, Building and running custom images in Docker containers, Scalable container management services which include overview of Amazon ECS & kubernetes and how at LimeTray we harnessed the power of kubernetes for scalable automated deployment of our microservices.
Containers and Security for DevOps
Containers and Security for DevOpsSalesforce Engineering Cem Gurkok presented on containers and security. The presentation covered threats to containers like container exploits and tampering of images. It discussed securing the container pipeline through steps like signing, authentication, and vulnerability scans. It also covered monitoring containers and networks, digital forensics techniques, hardening containers and hosts, and vulnerability management.
Virtualized Containers - How Good is it - Ananth - Siemens - CC18
Virtualized Containers - How Good is it - Ananth - Siemens - CC18CodeOps Technologies LLP This presentation was made as part of Container Conference 2018 : www.containerconf.in
"Typically enterprise applications are deployed as processes on Virtual Machines or as Containers. For example, applications can be deployed on Amazon EC2 instances or as Docker containers in on-premise Kubernetes cluster. Both the strategies have their own pros and cons. While VMs are portable and secure, they are also bulky and time consuming to bring up. Containers on the other hand are lightweight, portable and can be launched very quickly, but their security concerns remain.
Even though traditional containers (such as Docker) isolate the application process namespace from other containers, they share the host OS kernel. Considering the number of un-trusted applications that are run as containers, the entire host OS can be compromised. Even though the community has come up with a variety of tools for scanning vulnerabilities (such as Clair) and modules for enhancing the security (such as AppArmor & SELinux), the onus is on the administrator to use these tools and make the environment secure. In this presentation we explore Virtualized Containers, an evolving container technology which inherently provides security by design without compromising on speed and flexibility."
Virtualized containers
Virtualized containersAnanth Padmanabhan Virtualized containers like Kata containers provide the speed of traditional containers with the added security of virtual machines. Kata containers run each container in an isolated lightweight virtual machine using hardware virtualization to provide double isolation without compromising on performance. This reduces the risk of container breakouts compromising the host system. While Kata containers complement Docker and Kubernetes rather than replacing them, they interface with these technologies through standards like CRI-OCI to integrate virtualization capabilities for more secure multi-tenant container deployments at scale.
Alfresco TechQuest 2024 - Alfresco Container-based Installation and Configura...
Alfresco TechQuest 2024 - Alfresco Container-based Installation and Configura...Angel Borroy López Alfresco TechQuest 2024
Alfresco Container-based Installation and Configuration Best Practices
Practices available in https://github.com/aborroy/alfresco-containers
Docker & ci
Docker & ciPatxi Gortázar Kurento is a media server for real-time video communication that needed to test its software under many scenarios and environments. Its CI infrastructure originally used many virtual machines, each configured differently for testing. This led to high costs, configuration difficulties, and slow development cycles. By using Docker, Kurento was able to define environments as reusable images and run tests in isolated containers on fewer virtual machines. This simplified infrastructure management and sped up development.
ExpoQA 2017 Docker and CI
ExpoQA 2017 Docker and CIElasTest Project In the 2017 edition of ExpoQA we presented our experiences developing end-to-end automated tests for WebRTC applications. We talked about the architecture and the infrastructure used, and how leveraging the use of Docker containers eased the path towards a full suite of tests for real-time video over the Internet.
Introduction to docker
Introduction to dockerJohn Willis This document provides an introduction and overview of Docker. It discusses why Docker is useful for isolation, simplicity, and workflow. It also covers the Docker platform, including the Docker engine, images, containers, and networking. Key components are the Docker daemon, Docker CLI, and Docker Hub registry. Demos are provided on installing Docker and using Docker for building images, running containers with volumes, and configuring Docker networking.
Ad
Recently uploaded (20)
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Most consumers believe they’re making informed decisions about their personal data—adjusting privacy settings, blocking trackers, and opting out where they can. However, our new research reveals that while awareness is high, taking meaningful action is still lacking. On the corporate side, many organizations report strong policies for managing third-party data and consumer consent yet fall short when it comes to consistency, accountability and transparency.
This session will explore the research findings from TrustArc’s Privacy Pulse Survey, examining consumer attitudes toward personal data collection and practical suggestions for corporate practices around purchasing third-party data.
Attendees will learn:
- Consumer awareness around data brokers and what consumers are doing to limit data collection
- How businesses assess third-party vendors and their consent management operations
- Where business preparedness needs improvement
- What these trends mean for the future of privacy governance and public trust
This discussion is essential for privacy, risk, and compliance professionals who want to ground their strategies in current data and prepare for what’s next in the privacy landscape.
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?Daniel Lehner 𝙄𝙨 𝘼𝙄 𝙟𝙪𝙨𝙩 𝙝𝙮𝙥𝙚? 𝙊𝙧 𝙞𝙨 𝙞𝙩 𝙩𝙝𝙚 𝙜𝙖𝙢𝙚 𝙘𝙝𝙖𝙣𝙜𝙚𝙧 𝙮𝙤𝙪𝙧 𝙗𝙪𝙨𝙞𝙣𝙚𝙨𝙨 𝙣𝙚𝙚𝙙𝙨?
Everyone’s talking about AI but is anyone really using it to create real value?
Most companies want to leverage AI. Few know 𝗵𝗼𝘄.
✅ What exactly should you ask to find real AI opportunities?
✅ Which AI techniques actually fit your business?
✅ Is your data even ready for AI?
If you’re not sure, you’re not alone. This is a condensed version of the slides I presented at a Linkedin webinar for Tecnovy on 28.04.2025.
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity Join this UiPath Community Berlin meetup to explore the Orchestrator API, Swagger interface, and the Test Manager API. Learn how to leverage these tools to streamline automation, enhance testing, and integrate more efficiently with UiPath. Perfect for developers, testers, and automation enthusiasts!
📕 Agenda
Welcome & Introductions
Orchestrator API Overview
Exploring the Swagger Interface
Test Manager API Highlights
Streamlining Automation & Testing with APIs (Demo)
Q&A and Open Discussion
Perfect for developers, testers, and automation enthusiasts!
👉 Join our UiPath Community Berlin chapter: https://community.uipath.com/berlin/
This session streamed live on April 29, 2025, 18:00 CET.
Check out all our upcoming UiPath Community sessions at https://community.uipath.com/events/.
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityriccardosl1 Cyber awareness training educates employees on risk associated with internet and malicious emails
How analogue intelligence complements AI
How analogue intelligence complements AIPaul Rowe
Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results.
News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBrian McKeiver May 2nd, 2025 talk at StirTrek 2025 Conference.
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...Alan Dix Talk at the final event of Data Fusion Dynamics: A Collaborative UK-Saudi Initiative in Cybersecurity and Artificial Intelligence funded by the British Council UK-Saudi Challenge Fund 2024, Cardiff Metropolitan University, 29th April 2025
https://alandix.com/academic/talks/CMet2025-AI-Changes-Everything/
Is AI just another technology, or does it fundamentally change the way we live and think?
Every technology has a direct impact with micro-ethical consequences, some good, some bad. However more profound are the ways in which some technologies reshape the very fabric of society with macro-ethical impacts. The invention of the stirrup revolutionised mounted combat, but as a side effect gave rise to the feudal system, which still shapes politics today. The internal combustion engine offers personal freedom and creates pollution, but has also transformed the nature of urban planning and international trade. When we look at AI the micro-ethical issues, such as bias, are most obvious, but the macro-ethical challenges may be greater.
At a micro-ethical level AI has the potential to deepen social, ethnic and gender bias, issues I have warned about since the early 1990s! It is also being used increasingly on the battlefield. However, it also offers amazing opportunities in health and educations, as the recent Nobel prizes for the developers of AlphaFold illustrate. More radically, the need to encode ethics acts as a mirror to surface essential ethical problems and conflicts.
At the macro-ethical level, by the early 2000s digital technology had already begun to undermine sovereignty (e.g. gambling), market economics (through network effects and emergent monopolies), and the very meaning of money. Modern AI is the child of big data, big computation and ultimately big business, intensifying the inherent tendency of digital technology to concentrate power. AI is already unravelling the fundamentals of the social, political and economic world around us, but this is a world that needs radical reimagining to overcome the global environmental and human challenges that confront us. Our challenge is whether to let the threads fall as they may, or to use them to weave a better future.
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfRHCSA Guru Introduction to LPIC-1 Exam - overview, exam details, price and job opportunities
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxJon Hansen Procurement Insights integrated Historic Procurement Industry Archives, serves as a powerful complement — not a competitor — to other procurement industry firms. It fills critical gaps in depth, agility, and contextual insight that most traditional analyst and association models overlook.
Learn more about this value- driven proprietary service offering here.
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Artificial intelligence is changing how businesses operate. Companies are using AI agents to automate tasks, reduce time spent on repetitive work, and focus more on high-value activities. Noah Loul, an AI strategist and entrepreneur, has helped dozens of companies streamline their operations using smart automation. He believes AI agents aren't just tools—they're workers that take on repeatable tasks so your human team can focus on what matters. If you want to reduce time waste and increase output, AI agents are the next move.
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdffjgm517 descaripcion detallada del avance de las tecnologias en mesopotamia, egipto, roma y grecia.
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsInData Labs In this infographic, we explore how businesses can implement effective governance frameworks to address AI data privacy. Understanding it is crucial for developing effective strategies that ensure compliance, safeguard customer trust, and leverage AI responsibly. Equip yourself with insights that can drive informed decision-making and position your organization for success in the future of data privacy.
This infographic contains:
-AI and data privacy: Key findings
-Statistics on AI data privacy in the today’s world
-Tips on how to overcome data privacy challenges
-Benefits of AI data security investments.
Keep up-to-date on how AI is reshaping privacy standards and what this entails for both individuals and organizations.
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADVICTOR MAESTRE RAMIREZ Cybersecurity Identity and Access Solutions using Azure AD
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Splunk Security Update
Sprecher: Marcel Tanuatmadja
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptxSamuele Fogagnolo Cloudflare Q4 Financial Results Presentation
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat The MCP (Model Context Protocol) is a framework designed to manage context and interaction within complex systems. This SlideShare presentation will provide a detailed overview of the MCP Model, its applications, and how it plays a crucial role in improving communication and decision-making in distributed systems. We will explore the key concepts behind the protocol, including the importance of context, data management, and how this model enhances system adaptability and responsiveness. Ideal for software developers, system architects, and IT professionals, this presentation will offer valuable insights into how the MCP Model can streamline workflows, improve efficiency, and create more intuitive systems for a wide range of use cases.
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Sparkcarlyakerly1 Spark is a powerhouse for large datasets, but when it comes to smaller data workloads, its overhead can sometimes slow things down. What if you could achieve high performance and efficiency without the need for Spark?
At S&P Global Commodity Insights, having a complete view of global energy and commodities markets enables customers to make data-driven decisions with confidence and create long-term, sustainable value. 🌍
Explore delta-rs + CDC and how these open-source innovations power lightweight, high-performance data applications beyond Spark! 🚀
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungenpanagenda Webinar Recording: https://www.panagenda.com/webinars/hcl-nomad-web-best-practices-und-verwaltung-von-multiuser-umgebungen/
HCL Nomad Web wird als die nächste Generation des HCL Notes-Clients gefeiert und bietet zahlreiche Vorteile, wie die Beseitigung des Bedarfs an Paketierung, Verteilung und Installation. Nomad Web-Client-Updates werden “automatisch” im Hintergrund installiert, was den administrativen Aufwand im Vergleich zu traditionellen HCL Notes-Clients erheblich reduziert. Allerdings stellt die Fehlerbehebung in Nomad Web im Vergleich zum Notes-Client einzigartige Herausforderungen dar.
Begleiten Sie Christoph und Marc, während sie demonstrieren, wie der Fehlerbehebungsprozess in HCL Nomad Web vereinfacht werden kann, um eine reibungslose und effiziente Benutzererfahrung zu gewährleisten.
In diesem Webinar werden wir effektive Strategien zur Diagnose und Lösung häufiger Probleme in HCL Nomad Web untersuchen, einschließlich
- Zugriff auf die Konsole
- Auffinden und Interpretieren von Protokolldateien
- Zugriff auf den Datenordner im Cache des Browsers (unter Verwendung von OPFS)
- Verständnis der Unterschiede zwischen Einzel- und Mehrbenutzerszenarien
- Nutzung der Client Clocking-Funktion
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company Explore the benefits and features of advanced logistics management software for businesses in Riyadh. This guide delves into the latest technologies, from real-time tracking and route optimization to warehouse management and inventory control, helping businesses streamline their logistics operations and reduce costs. Learn how implementing the right software solution can enhance efficiency, improve customer satisfaction, and provide a competitive edge in the growing logistics sector of Riyadh.
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat
Securing your Containers
- 1. Securing your Containers Steps to becoming Seaworthy Riyaz Faizullabhoy - @riyazdf Docker Security Team
- 2. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
- 4. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
- 5. Official Images • Vetted for best practices • Scanned for CVEs • Lobby upstream to fix security problems • Promptly updated
- 6. • Check for secure daemon + system configuration • Audit containers in context • Check for best practices Docker Bench for Security
- 7. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
- 8. Docker Content Trust • Sign images at point of authorship (using Notary) • Removes implicit trust of storage service and network • Guarantee integrity of your images when pulled
- 9. Nautilus • Scan images for CVEs • Detects vulns in libraries statically compiled into binaries
- 10. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
- 11. User Namespaces • Map users and groups to their own UID/GID range • TL;DR - Root in a container is not root outside a container Docker Host Container 1 Container 2 Container 3
- 12. Control Groups • a.k.a cgroups • Control resource usage of a container • Good for container multitenancy
- 13. Capabilities • No longer root vs. non-root • Finer grained control on what the process can do
- 14. Seccomp • SECure COMPuting mode. • Filter permitted system calls
- 15. AppArmor • Per process security profiles • Define once, apply many times • Finest grained control
- 16. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
- 17. THANK YOU