Whether you know it or not, I believe that a significant number of software (or virtual) containers are running in your enterprise and even start to work in a production environment. Unfortunately, most security teams still don't understand the security implications of container technology, or even the container factor in their own environment.
In general, container technologies such as Docker and CoreOS Rkt can virtualize applications—not full servers. The container has the advantage of being lightweight and does not require copying the guest operating system. It's flexible, scalable, and easy to use, while being able to include more applications within a single physical infrastructure. Because of the shared operating system rather than a single system, containers tend to be booted in an instant (virtual machines typically take seconds or even minutes).
Given the widespread acceptance of container technology by developers and the DevOps team, we must face the negative impact of this – that is, containers pose new security challenges.
1. Introducing source code for vulnerabilities: Since container technology is mostly open source projects, images created by developers need to be updated frequently for use when necessary. This means that there may be issues such as weak code control, vulnerabilities, or unexpected conditions.
2. Increase the attack surface: In a given environment, there are often more containers than applications, virtual machines, databases, and other objects that need to be protected. The more the number of containers, the more difficult it is to track them, and detecting abnormal conditions is naturally more difficult to achieve.
3. Lack of observability: Containers are run by the container engine, such as Docker or Rkt, while interfacing with the Linux kernel. The resulting new level of abstraction will make it difficult to find activity in a particular container or the actions that a particular user performs in it.
4. Devops speed: The life cycle of a container is on average only a quarter of a virtual machine. The container can be executed immediately, run for a few minutes, then stopped and deleted. This means that a malicious person can use this to launch a lightning strike, and then disappear immediately.
5. Inter-container interference: Containers can collaborate with each other for establishing DoS attacks. For example, repeatedly opening a nest can quickly cause the overall host device to get stuck and eventually crash.
6. The container breaks through the host: The container can be run as a root user, which enables it to take advantage of high privileges to break through the "enclosure" and access the host operating system.
7. Horizontal network attack: The destruction of a single container may cause the entire network to be invaded, especially if the external network connection is not properly restricted.
Taking into account the above points, I have compiled a list of best practices, hoping to bring inspiration for everyone's container security work.
1. Adopt a comprehensive vulnerability management solution. Security vulnerability management is not limited to scanning images. It also requires access control throughout the entire container development cycle and other policies, which may result in application crashes or runtime intrusions. Strict vulnerability management solutions should use a multi-initiative check to complete the “cradle to grave†monitoring, while using an automated trigger mechanism to control development, testing, segmentation and production environments.
2. Be sure to run approved mirrors only in your environment. Controlling the imported container image in the development environment can effectively reduce the attack surface and prevent developers from causing fatal security errors. This means that only approved images and corresponding versions are used. For example, you can specify a single Linux distribution as the base image and use this to maximize the potential attack surface.
3. Implement an active integrity check throughout the lifecycle. As an important part of the container lifecycle security management, we need to ensure that the container image in the registry has the desired integrity and to perform further control when the image is changed or corrupted. Mirrored signatures or fingerprints provide a chain of custody that helps you easily verify container integrity.
4. The principle of least privilege is enforced at runtime. As a basic safety best practice, it is equally applicable to container technology. When an attacker exploits a vulnerability, it typically gains access to the compromised application or process and other operational privileges. Ensuring that the container always has only the lowest privilege can significantly reduce the risk of exposure caused by the invasion.
5. Whitelist the files and executables that the container is allowed to access or run. Whitelisting helps you control and manage files and executables while ensuring they are only used when certain features are needed. As a result, our environment will be more stable and reliable. Establishing a pre-approval or whitelisting mechanism can significantly reduce the attack surface and serve as a baseline reference to prevent container interference and container intrusion.
6. Network isolation on the running container. Maintain network isolation for container clustering or container partitioning by application or workload. In addition to being an effective best practice, this initiative is also a mandatory container application principle managed by PCI DSS, and it also prevents horizontal attacks.
7. Proactively monitor container activity and user access. As with other IT environments, you also need to monitor activity and user access to the container ecosystem to quickly detect anomalies or malicious activity.
8. Record all administrative user access activities for auditing. While powerful user access control mechanisms can limit most people-container interactions, administrators are undoubtedly outside the scope of control. Therefore, we must set up log management to record various administrative operations to provide forensic information and clear audit trails when necessary.
Although the level of safety of container technology is naturally higher than other early solutions. However, because it has not been born for a long time and has been widely used, we must incorporate active detection and response programs into the management system to ensure container safety. In addition, although container safety related knowledge has been highly valued, a large number of container-specific vulnerabilities have begun to appear, and this unfavorable trend will continue in the future.
The good news is that container technology has been able to incorporate powerful security automation control capabilities into the container environment at the beginning of development. The bad news is that security teams need to be prepared for this new technology while enhancing learning and early awareness of potential security improvements. However, finding problems is a necessary prerequisite for solving problems, so friends who realize their importance have taken an important step in securing containers.
Industrial LCD Monitor / Computer
Industrial Touch Monitor which has strong waterproof ability, and fully meets the dustproof and waterproof standards. When it is installed in a control cabinet, it can prevent water droplets and water vapor from splashing into the site and avoid affecting the operation of the equipment. In addition, it also has excellent heat dissipation. Many industrial touch monitors are made of aluminum alloy, which is not only beautiful and texture, but also the heat dissipation performance of the product has been improved.
industrial all in one,industrial display,industrial lcd monitors,industrial computers,open frame monitors,touch screen monitor
Shenzhen Hengstar Technology Co., Ltd. , https://www.angeltondal.com