A few of points that less of people concerns about – or even implement it – but that might eventually harm the Application or event the Business by itself. Today is about Security.
Below I am going to list the Top 5 Security Matters for a Stable and Secure Containerization in IBM Cloud repository. Look at that and enjoy:
1 – Kernel Expoitation
Different than a Virtual Machine, where Hypervisor does not share the same Kernel as it’s Host, the kernel is shared between all the containers inserted at same Host. It increases the pervasiveness exploitation.
Recommendation: Keep Patch Management Up to Date.
2 – Denial-of-Service Attacks
Since all containers within same Host shares the same kernel’s resrouces, if one container monopolizes the resources’s access, including memory or even UIDs, the exposure of lack of resources to others container may unleash a DoS.
Recommendation: Make sure containers are one-directional to access resources and create Keys to communicate between them.
3 – Hacking Containers
The premise is: A hacker must not access the Host through Container breakout.
Recommendation: Do not use root in the Container, because he will be root on Host.
4 – Images Integrity
How do you know and make sure the images are not poisoned?
Recommendation: Make sure the namespaces IBM Cloud are used all time on every commit as well.
5 – Application Data Leak
When a container accesses some database or service, usually uses a password and username for.
Recommendation: Use an isolate container for Data and don’t leave it running, Use as well keys not explicit in Dockerfiles during it’s build.