« Previous 1 2 3

Security issues when dealing with Docker images

The Crux with Leaks

Good Sources, Quick Scans

Many system administrators retrieve software from a variety of sources. It is always advisable to carefully consider the providers of these sources – this also applies to classic software without containers. In this regard, Docker and others are no less or more secure than traditional installations.

If you provide images for Docker, but also offer rkt or Project Atomic, you should disclose how you handle updates and known vulnerabilities. This is the only way to ensure permanently secure operation of such software. Whether a commercial product can be linked with higher quality has been the subject of much discussion since the early days of open source, because some promises relating to security quality can genuinely be purchased with commercial applications.

The different static security scanning offerings usually test signatures. The results of the current implementations are mediocre and contain many false positives. The question arises as to whether the additional overhead of reworking actually justifies the amount of money you pay.

Info

  1. Docker: https://www.docker.com
  2. Best practices for official images: https://github.com/docker-library/official-images#security
  3. Docker Notary: https://docs.docker.com/notary/getting_started/
  4. The Update Framework: https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt
  5. Docker Hub: https://hub.docker.com
  6. CoreOS Clair: https://github.com/coreos/clair
  7. Project Atomic Scan: https://developers.redhat.com/blog/2016/05/02/introducing-atomic-scan-container-vulnerability-detection/
  8. OpenSCAP: https://www.open-scap.org
  9. Nmap Scripting Engine: https://nmap.org/man/de/man-nse.html
  10. Nessus: http://de.tenable.com
  11. OpenVAS: http://www.openvas.org/index.de.html
  12. Lynis: https://cisofy.com/lynis/

The Author

As the Lead Consultant Security and Cloud Architecture, Nils Magnus advises his customers on how to design and operate scalable, resilient, and above all secure applications. As a member of the board of management, he plans and organizes conferences for LinuxTag and the German Unix Users Group.

« Previous 1 2 3

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus