Sunday, June 14, 2020

Container Security

Usually when deploying a network for the application it flows like below

Internet (User) Network ----> DMZ (demilitarized zone) ----> Internal Network

Internet (User) Network :- Usually all the web applications receives request over the Internet from the end users.

DMZ (demilitarized zone) :- This is a isolation from the internal network and usually the webservers/Loadbalancers comes under this network so it only proceeds to internal network when user is logged and verified to be a genuine request. In cloud usualy loadbalancers are deployed in public subnet and webservers can than reside in private subnet.

Internal Network :- This is the private network which comprises of the application servers and the database servers. So webservers cant connect directly to the database servers they have to interact with the application servers first and application servers connect with the database servers.

Further each of the network is secured via firewall.

Now usually the user requests are received by webservers/Apiservers which sends the request to the Applications servers usually running on the docker containers and connect to the backend databases.

All these application server containers have been spanned from the Master Image Container.

So the most important aspect is towards securing the Image from which all the containers get created. It is essential to make sure that the insecure code is not pushed in these images, settings etc on the production containers.

Few of the safeguards that can put into the place are listed below

1. Code Analysis (Both static and dynamic)
2. Vulnerability scanning of the master image before and after changes are made.
3. Access Management to lockdown access to that Image.
4. Automation has its own security uses. All steps should be automated as much as reasonably possible. This assists in removing human error and includes deployment and testing

One of the most overlooked things to secure containers is the hardening of the host on which they are running. Mis-configurations, or attackers gaining access to the host comprises the security of the containers running on those hosts.

Few of the methods for hardening the hosts are

1. Disable the unused services, ports and protocols, CIS Hardening provides some example. In security terms it limites the attack vector.
2. Follow a patch management system, which addresses the known Vulnerability by the vendor.
3. Enforce password policies.
4. Use encryption.
5. Install IDS/IPS systems.


Post a Comment