+1 (512) 588 6950
Photo by Hacker Noon on Unsplash
What is Docker and why is it being used?
Before we actually dive into the technical part, let’s imagine that you work for a company which has two departments concerned with the development and the deployment of services, products, etc.
They are called the production team and the operations team. After countless hours of discussions and meetings it is finally decided what the company needs on their website. The requirements are sent to the development team. It is now their time to work on the website. As you and I know, the more features and functionalities that need to be incorporated into a website, the more libraries and packages will be imported. Suppose they are working on NodeJS, with an express framework and MongoDB as the server. When the website is finally complete, they will check on their end if it’s working fine on their end, on a development server, before sending it to the Operations team, whose work is to deploy it on the production server.
Did it occur to you that the versions of node, express and other libraries that were used when the website was actually developed, on the development server, could be different than the one which is installed on the production server.
What will be the outcome? When the website is deployed, there are good odds that it will throw errors on the production server. The production server might have deprecated libraries, versions installed, configuration issues or the development server could have deprecated libraries, versions installed. Either way it is a losing situation because the end result is that the website couldn’t be installed.
Now consider a different scenario. The development team makes the website, but now instead of sending the raw code directly to the operations team, what they do is make a container and keep it inside a container. Consider this container as a type of sandbox. It’ll have the code, the database, along with their configuration files and the team can install all the dependencies they want to include in the container. Now all that the operations team has to do is to connect the container to the network and then run this container to bring the website to live. This is docker in short. All the dependencies, artefacts and configurations can be saved in the container. This container will run separately, without interfering with the other packages, dependencies, etc. just like a sandbox or a virtual machine.
Why Docker Installation Becomes Vulnerable?
Container technology isn’t new, but for many of us it is. To prevent it from being exploited by the adversaries, it is extremely necessary to follow best practises.
Following are the scenarios in which your docker installation could become vulnerable.
What can we do to secure the installation?
Now that we are aware of some of the ways in which we can make our docker installations vulnerable, let’s go through some of the ways in which we can make them secure.
docker context use rootlessdocker run –d –p 8080:80 nginx
To check if the container is running in privileges mode,
docker inspect –format = ‘ ‘ [container_id]
If it returns true, then it is running in privileged mode. If it throws an error, it is not.
5. Leaking Sensitive information using docker files can lead to the attacker quickly compromising your container. Container orchestrators like Kubernetes and Docker Swarn provide secret management capability which can solve the problem of leaking sensitive information using docker files.
6. Try to use base images with minimum components. Even if you have some components installed, it is important that you understand them well. Because if you do, it will definitely add to the attack surface.
7. Allowing system calls can be used by the user to escalate privileges. You can choose to allow or deny system calls. Additionally, just like in Linux you can obtain the list of commands made using the .bash_history file, you can also monitor the system command made.
Docker has made it really simple and effective for Developers to develop and Operations team to deploy them in production servers. It might look simple from the outside, and it is, but overlooking security implications can be quite easy. Therefore, before you deploy your docker container, it is important that you consider the security implications. You can start off by considering the above security measures.