Containers are exploding in popularity because they’re fast and efficient. While security is just as important as it is for virtual machines, securing containers requires a different approach. Because containers run on a shared host and typically use multiple components to deliver a complete solution, there are many considerations that are required to secure container environment.
There are three distinct layers in a container implementation that need to be secured:
- The containers that contain those images
- The host that’s running those containers
Securing the containers and images without securing the host is like building a strong house on quicksand. Securing the host without properly securing the containers is like building a house on rock, but leaving all the doors open with a big sign out front that says “Please rob me, thank you.”
As part of the three distinct levels of a container security implementation, there are five security controls you should instrument for implementing a complete container security solution.
The threat of privilege escalation through an attacker gaining access to even the least important containerized image is too great to leave to chance, so it’s key to ensure each and every image is free from vulnerabilities. It makes sense to run security assessments on images as part of your build process, along with continuous monitoring of images in your private registries.
Containers should always (and only) be deployed with a hardened configuration. You will want to ensure that all components are run using best practices with no privileged mode or SSH access.
Every container must be signed and authenticated and checks need to put into place that ensure they are verified before they are used. Typically, these checks can be integrated into Docker Content Trust.
All the images have their own secrets, passwords and keys that allow them to be authenticated whenever a container is brought up or down. These secrets should never need to be part of the deployment process and not be directly embedded in the images to ensure full content trust as described above.
The host is the most obvious point that needs security, since an attacker could easily gain access to everything through it. As the host is a traditional OS, usually Linux, this is something we’ve long been able to secure.
At this time, no commercially available container security product supports all three levels of a container implementation or the five specific security controls mentioned above. CloudPassage’s Project Azul, now in beta, is designed specifically to support this.
Containers are fast becoming a popular approach to delivering agile applications. Securing containers doesn’t come without challenges. Following these best practices ensures that your container implementation is secure.