Container Security

Technical Report on Container Security (V)-2

March 20, 2019

Security Tools – NeuVector

About NeuVector

NeuVector[I] is the first company to take up development of Docker/Kubernetes security products. With a commitment to assuring the security of enterprise-wide container platforms, the company provides products that are suitable for deployment across multi-cloud and on-premises production environments. (more…)

Technical Report on Container Security (V)-1

March 13, 2019

Security Tools—Open-Source Security Tool Kubernetes

In addition to commercial software, open-source software projects can also provide some security functions. This document describes several open-source projects that are usually used for protection of non-critical business. (more…)

Technical Report on Container Security (IV)

February 27, 2019

Container Security Protection – Application Security

  • Application Security

The ecosystem of the container technology is gradually established and various solutions become available in specific segments of containers, both of which lay a solid foundation for the container deployment. On the basis of the enterprise container deployment, the emergence of business processes revolving around container applications, especially application logic-oriented microservice architecture, brings challenges to the application security. (more…)

Technical Report on Container Security (IV)-7

February 20, 2019

Container Security Protection – Orchestration Security

Orchestration Security

The maturity of the container technology pushes the development and implementation of microservices. More and more enterprises choose to adopt a mircoservice architecture to build their applications. Container orchestration tools are responsible for managing container clusters that carry various services. Arguably, it is container orchestration tools that support core services in a variety of projects adopting a mircoservice architecture. This document takes the most popular orchestration tool in the community, Kubernetes, as an example to describe security protection measures that container orchestration tools should take. (more…)

Technical Report on Container Security (IV)-6

February 14, 2019

Container Security Protection – Runtime Security

Runtime Security

  1. Security Configuration for Container Launch

A container runs on the host as a process. Running container processes are isolated from one another. Each has its own file system, networking, and isolated process tree separate from the host. The following sections detail how to use the docker run[1] command to define a container’s resources at runtime. (more…)

Technical Report on Container Security (IV)-5

January 30, 2019

Container Security Protection – Container Network Security

Container Network Security (more…)

Technical Report on Container Security (IV)-4

January 24, 2019

Container Security Protection – Image Security

Image Security

Images are the basis of containers. Therefore, their security speaks a lot for that of the entire container ecosystem. Container images are a series of images stacked layer by layer. They are distributed and updated through image repositories. The following sections describe how to secure images from the aspects of image build security, repository security, and image distribution security. (more…)

Technical Report on Container Security (IV)-3

January 16, 2019

Container Security Protection – Host Security Host Security Hardening of Basic Host Security Containers share the operating system kernel with the host. Therefore, host configuration determines whether containers can be executed in a secure manner. For example, vulnerable software puts the host at risk of arbitrary code execution; opening ports at will exposes the host […]

Technical Report on Container Security (IV)-2

January 8, 2019

Container Security Protection – Container Service Security Container Service Security The security of the container management and orchestration service has a direct bearing on that of the container control plane. Take Docker for example. Whether the Docker daemon is properly configured determines the security of Docker to some extent. It is recommended that the following […]

Technical Report on Container Security (IV)-1

January 7, 2019

Container Security Protection—Linux Kernel Security Mechanism

As a lightweight virtualized implementation, the container technology took into account security factors at the time of design, which constitute an important basis for container security protection. This chapter describes security risks and threats facing containers and common protection ideas and methods. (more…)