Docker Security Concerns

Docker is a popular platform for OS-level virtualization instances known as containers. Flexible containerization is completely changing the way we build and maintain applications at scale.

With positivity and momentum of growth in mind, we must keep information security in mind. Let’s take a look at four potential threats and strategies to help secure your container deployments:

1. Vulnerable images:  Anyone can publish a new repository on Docker Hub, so check that you’re familiar with the project maintainer before deploying. Running untested builds from spurious sources may lead to the unintentional introduction of vulnerable components, or even malicious code execution. It is best to check for the official Docker Store and “Certified” program that offers a variety of assured and deployment-ready packages. Paid plans on the Hub feature a “Security Scanning” tool that can check images for known vulnerabilities.

2. IAM breaches:  Cloud providers, such as Amazon Web Services, aim to provide hardened Identity and Access Management (IAM) role structures by default. These can be used in tandem with your Elastic Compute Cloud (EC2) instances for example to ensure your users have been issued the appropriate access rights as per the Principle of Least Privilege. When deploying containers ensure that your registry is sufficiently protected, possibly with two-factor authentication.

3. Excess resource usage: By default, a Docker container has no resource constraints. As a result, actively deploying containers without resource limits could lead to severely degraded host performance. Make sure to set limits on memory, bandwidth and disk usage to mitigate performance issues. Such issues could be caused also by malicious code (such as denial of service code execution).

4. Container breakouts: An adversary that gains access to one of your containers should not be able to move laterally to other containers or the Docker host. However, Docker is evolving quickly and privilege escalation exploits may arise, so take care to build infrastructure with a layered defense-in-depth approach in mind.

Advertisements

Has Your Information Security Strategy Gone Obsolete?

The DDoS attacks of 2016 and the WannaCry ransomware that recently affected thousands of computer systems have compelled businesses to look into their security mechanisms and identify pitfalls that might make them prone to cyber threats. Verizon had already highlighted the intensity of upcoming challenges in their annual 2016 Data Breach Investigations Report as: “No locale, no industry or organization is bulletproof when it comes to the compromise of data.”

Although cyber security agencies, IT security teams, and security engineers are striving to overcome the menace of threats with all their might, the increasing number of incidents clearly indicates that cyber criminals have taken the lead and by a great margin. Statistics reveal no good signs for the future estimating that by 2021, the cost of the damage caused by cyber attacks will exceed more than $6 trillion. Here are five some signs that may indicate your IT security strategy needs a revamp:

1. System Performance has Changed: Computer systems connected in the circuitry of your overall organizational network are experiencing extreme fluctuations in terms of speed and performance. This could be a sign that your system is running a lot of programs, perhaps malicious payloads, in the background.

2. Malicious Login Activities: Unauthorized login is still the primary method of breaking into an organization’s system. Network administrators need to keep a check on the logins and their relevant IPs to identify any malicious activity in real time. Similarly,  one needs to keep an eye on any malicious insider activities.

3. Data Mines Have Been Compromised: If the backups you made recently have become unresponsive, some files went missing, or the arrangement of your data logs looks different, it is an indication that your IT security strategy needs a revamp.

4. Abrupt Increase in Spams: Unrecognized requests, spammy emails , pop-ups, and messages saying “Program Unresponsiveness, Click Ok to make it faster” or “New Version found: Click Ok to update” could all be signs that your system has been infected by malicious software.

5. Routine Shutdowns and Downtimes:  When a system is infected with a Trojan or virus, downtown and automatic shutdowns become routine. Merely notifying your IT department won’t resolve the issue. You need to address it through more stringent security measures.

With the number and sophistication of attacks on the rise, companies need to invest in sound security strategies in order to protect their valuable data. By revamping your security strategy, you’ll be in a better position to provide sufficient protection, allowing your business to continue to thrive without fear of becoming a victim.

More information: http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf