Berta and Sol Ozzan, literally started with a description of how Docker containers worked and went all the way through a Kubernetes deployment. To get up to speed, I signed up for the Black Hat 2020 session entitled, “ From Zero to Hero: Pentesting and Securing Docker Swarm and Kubernetes Environments." The course, taught by Sheila A. Again, the concept sounds great, but the old adage of “as security increases, usability decreases” sat in my head, and with how easy everything container-related sounded, it also seemed like security was going to be an afterthought.Mac os x v10 5 download.With beta support for Kubernetes, Docker provides users end-to-end container-management software and services spanning from developer workstations running Docker for Mac or Docker for Windows, through test and CI/CD using Docker CE or Docker Enterprise Edition (EE), our container platform, through to production systems on-premises or in the cloud running. In addition, I had no idea how to actually secure them.For more information, see Docker official documentation. Enable the Docker Desktop Kubernetes engine. For more information, see Docker official documentation. Master Docker for Mac/Windows 2.1.5.0 Edge ( Docker CE 19.03.4 Kubernetes 1.15.5) Docker DesktopDocker -> About Docker Desktop Kubernetes v1.15.4, v1.15.4 git checkout v1.15.4Verify that you have installed Docker Desktop for Mac.
![]() Docker Kubernetes How To Actually SecureThat said, I wasn’t going into it expecting to be an expert after only 16 hours of training.Before getting into my high level observations, it's important to explain what a container is. Docker Desktop includes a standalone Kubernetes server that runs on your Windows.Unfortunately, while the course says you’ll be a “hero” at the end of two days, I feel like I am just starting down the road and have a lot more to learn. For more information, see System requirements.If you have a mac, my advise is to install both tools using Homebrew. ![]() While not fool-proof, it’s still better than using environment variables to pass secrets into the container.If this has peaked your curiosity on containers, you can install Docker and/or Microk8s (a small version of Kubernetes) fairly easily. While I won’t go into detail here, the Docker webpage has what appears to be a great article detailing how to lock it down.Use Docker Secrets instead of environment variables: Docker Secrets has been around since 2017. In addition to preventing the installation of tools, you should also make sure the container itself has only the minimum number of applications installed to still do its job.Protect the Docker Socket: The Docker socket is how communication is handled between container and cluster, so it must be protected. This also helps prevent Command and Control communication if someone does infect your machine. This is why you should always block any unused ports at your boundary.
0 Comments
Leave a Reply. |
Details
AuthorElizabeth ArchivesCategories |