{"id":7826,"date":"2018-12-29T10:42:11","date_gmt":"2018-12-29T10:42:11","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=7826"},"modified":"2018-12-29T10:42:11","modified_gmt":"2018-12-29T10:42:11","slug":"technical-report-container-security-iii-3","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/technical-report-container-security-iii-3\/","title":{"rendered":"Technical Report on Container Security (III)-3"},"content":{"rendered":"\n<h2><strong>Security Risks and Challenges \u2013 Container Application Security Threat<\/strong><\/h2>\n \n\n<strong>Container Application Security Threat<\/strong>\n\n \n<ul class=\"wp-block-list\">\n \t<li><strong>Microservice Security<\/strong><\/li>\n<\/ul>\n \n\nFrom traditional monolithic applications to modern microservice applications, security has always been a hot issue. A monolithic application usually exposes fewer services and ports,narrowing the attack surface. In addition, security professionals know common points from which attacks are often launched. Therefore, security is not that big of a problem for such applications as long as they are properly protected.<!--more-->\n\n \n\nBy contrast, the microservice model splits traditional monolithic application modules into separate services, resulting in a greater number of exposed ports and a broader attack surface. As for the traditional monolithic architecture, it is enough to protect only one entrance for access permissions, authorization, and isolation audits.\n\n \n\nThe microservice architecture contains a number of services, access to each of which should be properly monitored, controlled, and protected. Just imagine that an authentication token is leaked or a forged access credential is accepted for a service. This will put the entire system in jeopardy. Such threats undoubtedly add to the difficulty of microservice protection.\n\n \n\nA microservice architecture consists of a collection of small, autonomous services. Although this model lays particular emphasis on isolation, lightweight, independent development and deployment, and loose coupling of services, sometimes services need to be closely connected for a particular purpose, for example, sharing data. Connections between these services in the microservice architecture are usually point-to-point. With the increase of connections, once a service is compromised due to a vulnerability, other services connecting to it will also be affected, finally leading to the attacker taking control of the entire system.\n\n \n\nMoreover, microservices usually use containers as carriers. This means that applications are packaged into images and run in the microservice architecture as containers in a distributed manner. Containers themselves are vulnerable to threats, such as container escape and container network attacks.\n\n \n<ul class=\"wp-block-list\">\n \t<li><strong>DevOps Security<\/strong><\/li>\n<\/ul>\n \n\nIn the big data era that sees rapid growth of networks, many enterprises maintain an &#8220;agile&#8221; mindset and take &#8220;agile&#8221; actions. For example, DevOps, as a new development and operations model, shortens the wait time at various stages of the software lifecycle and reduces redundant and manual labor, thus significantly cutting down the problem resolving cost and enhancing the efficiency of agile development. But the preference of agility to security can be a dangerous signal, which has been repeatedly verified in practice<a href=\"#_edn1\">[I]<\/a>.\n\n \n\n<em>On November 22, 2017, Uber released a statement, acknowledging that the company suffered a breach in 2016 that exposed massive personal information. According to this statement, two hackers attacked Uber through a third-party cloud service, stealing data of 57 million users, including names and license numbers of drivers and names, email addresses, and mobile numbers of customers. The subsequent investigation found that the data breach had been caused by Uber engineers&#8217; storage of security keys for unlocking the database on a GitHub page that was publicly accessible.<\/em>\n\n \n\n<em>This is not the only case where data is disclosed because of misoperations. What deserves particular attention is that the rapid development of cloud environments and DevOps nowadays has brought forth much more security risks. Frans Ros\u00e9n, a security advisor from the security company Detectify, said in a report released on July 13, 2017 that network administrators too often glossed over rules for configuring AWS&#8217;s access control lists (ACLs) and the misconfiguration of servers had caused a large number of data breaches.<\/em>\n\n \n\nMore and more consumers, supervisory bodies, and markets have found that the cost of data breaches arising therefrom can be unacceptably exorbitant. Because of the leak of data, hundreds of millions of dollars may be lost in market capital overnight and consumers&#8217; confidence in organizations degraded. In certain circumstances, an organization&#8217;s executives may even meet their Waterloo in their careers. Some enterprises relying heavily on data may literally close down due to an unintentional negligence in the storage of keys.\n\n \n\n<strong>(To be continued)<\/strong>\n\n \n\n<hr class=\"wp-block-separator\" \/>\n\n \n\n<a href=\"#_ednref1\">[I]<\/a> 10 Things to Get Right for Successful DevSecOps, Gartner, October 2017, <a href=\"http:\/\/www.mottoin.com\/107385.html\">http:\/\/www.mottoin.com\/107385.html<\/a>\n\n","protected":false},"excerpt":{"rendered":"<p>Security Risks and Challenges \u2013 Container Application Security Threat Container Application Security Threat Microservice Security From traditional monolithic applications to modern microservice applications, security has always been a hot issue. A monolithic application usually exposes fewer services and ports,narrowing the attack surface. In addition, security professionals know common points from which attacks are often launched. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7827,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[15],"tags":[381,613,639],"class_list":["post-7826","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-research-reports","tag-devops","tag-report","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Technical Report on Container Security (III)-3 - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Technical Report on Container Security (III)-3 - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Security Risks and Challenges \u2013 Container Application Security Threat Container Application Security Threat Microservice Security From traditional\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-29T10:42:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Technical Report on Container Security (III)-3 - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Security Risks and Challenges \u2013 Container Application Security Threat Container Application Security Threat Microservice Security From traditional\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Technical Report on Container Security (III)-3\",\"datePublished\":\"2018-12-29T10:42:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/\"},\"wordCount\":663,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/1031-1.jpg\",\"keywords\":[\"DevOps\",\"Report\",\"security\"],\"articleSection\":[\"Research &amp; Reports\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/\",\"name\":\"Technical Report on Container Security (III)-3 - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/1031-1.jpg\",\"datePublished\":\"2018-12-29T10:42:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/1031-1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/1031-1.jpg\",\"width\":549,\"height\":389,\"caption\":\"Illustrated education theme with books and tools.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-report-container-security-iii-3\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technical Report on Container Security (III)-3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Technical Report on Container Security (III)-3 - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Technical Report on Container Security (III)-3 - NSFOCUS","og_description":"Security Risks and Challenges \u2013 Container Application Security Threat Container Application Security Threat Microservice Security From traditional","og_url":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/","og_site_name":"NSFOCUS","article_published_time":"2018-12-29T10:42:11+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Technical Report on Container Security (III)-3 - NSFOCUS","twitter_description":"Security Risks and Challenges \u2013 Container Application Security Threat Container Application Security Threat Microservice Security From traditional","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Technical Report on Container Security (III)-3","datePublished":"2018-12-29T10:42:11+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/"},"wordCount":663,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg","keywords":["DevOps","Report","security"],"articleSection":["Research &amp; Reports"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/","url":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/","name":"Technical Report on Container Security (III)-3 - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg","datePublished":"2018-12-29T10:42:11+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/1031-1.jpg","width":549,"height":389,"caption":"Illustrated education theme with books and tools."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/technical-report-container-security-iii-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Technical Report on Container Security (III)-3"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=7826"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7826\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/7827"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=7826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=7826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=7826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}