Kubernetes is a multi-functional, container-centric platform for managing workloads and services. Given the fact that containers and container orchestration can dramatically improve costs, flexibility, and resilience, it’s no mystery why Kubernetes has soared in popularity since Google open-sourced it in 2014.
On one hand, it’s a powerful orchestration tool; on the other, it’s not a silver bullet that will solve all your problems. In fact, at the same time that it helps to manage dynamic infrastructure, it also introduces new vulnerabilities that pose a threat to security. To understand the value of Kubernetes, how to integrate it in a way that improves operational efficiency, and how to guard against the new vulnerabilities that container orchestration introduces, it’s critical that you have more than a passing knowledge.
So if you’re ready to start diving into Kubernetes, you’ve come to the right place. Below, we’ve curated a list of 50 top quality tutorials to help you fully understand Kubernetes architecture and best practices. Read more “50 Best Kubernetes Architecture Tutorials”
When Threat Stack security analyst Ethan Hansen saw an alert in a customer’s environment that read /temp [RANDOM] cnrig, he knew his afternoon was about to get interesting. As part of his role in the Threat Stack Cloud SecOps Program℠, Ethan regularly monitors customer environments and proactively investigates alerts like this on the customer’s behalf. In this case, his suspicions were warranted, and Threat Stack had identified an active Docker cryptojacking attack.
Ethan and Threat Stack Security Solutions Engineer John Shoenberger recently sat down with “Your System Called: A Threat Stack Podcast” to recount this investigation into a Docker cryptojacking attack, his process of putting together a specific list of actionable recommendations, and how he worked with the customer within an hour of the alert to mitigate the threat.
Containers provide very important functionality: They package various software applications in “containers” to ensure that they are able to run correctly when moved from one computing environment to another.
The container model has all its dependencies packaged into virtual containers. A container not only contains an application but all supporting packages that are needed to run the application effectively. Thus, they provide flexibility, ease of use, and the ability to share resources. However, security is a primary concern when any new technology is pushed into production. Therefore, it is vital to focus on container security because poor security can put various applications and processes at risk for the entire enterprise. Threat Stack’s container security solutions monitor your containerized environments for risky and anomalous behavior and provide the visibility you need, no matter where your container strategy stands. You can deploy the Threat Stack agent on your host or even as a containerized agent to gain visibility into your containers. If you see risky behavior in a container, you’ll be able to follow the path of your attacker across your infrastructure.
Whether you’re using Docker or Docker with Kubernetes, security considerations must be paramount. Below, we discuss security tips and best practices that need to be incorporated for secure and safe utilization of containers. Read more “Container Security Tips and Best Practices”
Now is a good time to review Threat Stack’s Docker integration in the wake of the recent runc CVE. The headline reporting gets a little hyperbolic, but I still think we should use this as an opportunity to reflect. Containers represent a powerful abstraction for a unit of software. The container abstraction provides some isolation, facilitation, and control, but also some opaqueness. Threat Stack’s solution adds security visibility to your deployment, and our Docker integration provides visibility into your Docker containers.
Threat Stack announced the release of its Docker integration during Amazon’s 2015 re:Invent Conference and has continued to maintain and expand its capabilities in subsequent releases. This feature augments detected host events with Docker information when the Threat Stack agent identifies the event as originating from a container. Augmented information consists of the Docker container ID and the image name. We collect that data with a host-based agent that does not stick some additional agent into each container. Per-container agents would cause performance issues for typically small footprint containers. Our daemon runs in user space and does not hook into the kernel, allowing us to stay lean and lightweight. Let me to explain a bit about how this all works. Read more “How to Identify Threats Within Your Docker Containers”
Earlier this week security researchers Adam Iwaniuk and Borys Poplawski published details on a vulnerability in runC, the underlying container runtime for Docker, Kubernetes, cri-o, containerd, and other container-dependent programs. The vulnerability, CVE-2019-5736 allows malicious containers to overwrite the host runC binary and gain root-level code execution on the host. This would give attackers the ability to run any command as a root-level user including the ability to create new containers using an attacker-controlled image or attach executables into an existing container that they have write access to.
A patch has been issued for CVE-2019-5736, and all users should update to the latest version of all their container management programs as soon as possible.
Read more “How to Defend Against the runC Container Vulnerability”
Containerized environments are increasingly popular, and Docker remains the most popular container solution for developers. But the process of moving from virtual machines to containers is complex. If you’re just getting started with Docker, check out our list of 50 useful Docker tutorials for IT professionals, which includes tutorials for beginners, intermediate users, and advanced Docker pros.
It’s common to make mistakes during the transition from VMs to Docker containers, and it’s important to remember that Docker won’t fix all your problems in the cloud. There are also security issues you need to weigh in order to keep your environment fully secure both during and after the transition. Threat Stack’s Docker integration offers full visibility into your container environment, alerting you to internal and external threats — along with the context needed to understand what happened during a security event so you can take appropriate action.
Aside from failing to implement robust security measures for your containerized environment, people make other common mistakes make when switching to Docker containers. To gain some insight into the most common, we reached out to a panel of Docker experts and asked them to answer this question:
“What’s the biggest mistake people make in switching to Docker containers?”
Recently, there has been a significant upswing in the adoption of containerized environments. In light of this, we’ve written a number of posts that focus on the advantages that containers afford and ways to ensure that you’re following security best practices when deploying and operating them. Most recently, we published Docker Security Tips & Best Practices, which identifies common container security issues together with best practices for reducing risk and increasing operational efficiency in containerized environments.
Along with the spike in container adoption, there has been a corresponding uptake in the use of container orchestration platforms, so in this post, we’re providing tips on how to address security issues when using Kubernetes, the most widely adopted container orchestration platform. Read more “Kubernetes Security Tips & Best Practices”
Docker is a software platform that makes it easier to create, deploy, and run applications. Recently there has been a major surge in the adoption of this technology — and while it offers significant benefits, it also presents security challenges. Some of the advantages center on the fact that your applications are loaded into a private namespace and the required dependencies are codified, and when using Docker, developers can package all the parts needed to run an application stack and ship it out as one unit. But if container ecosystems aren’t properly designed, deployed, and managed, they can create problems that offset or undermine the benefits.
To put you on the path to effective and secure usage, this post identifies common security issues and outlines best practices for reducing risk and increasing operational efficiency in containerized environments. (If you want additional resources to brush up on your Docker skills, take a look at our list of 50 useful Docker Tutorials for IT professionals.) Read more “Docker Security Tips & Best Practices”
Making the transition from virtual machines to containers is a complex process that can take some time, particularly for larger, more complex environments. Users are drawn to Kubernetes’ container-centric environment, as well as its ability to enable portability across infrastructure providers. Kubernetes also offers broad applicability; for the most part, an application that runs well in a container will run well on Kubernetes. These, along with myriad other benefits, are what make the transition to Kubernetes worthwhile for many applications. Not up-to-date on the ins and outs of Kubernetes? Check out our list of 50 Useful Kubernetes Tutorials for IT Professionals to get started.
Because the process can be both lengthy and complex, mistakes are common during a transition. First, it’s important to understand that Kubernetes is not a silver bullet. Organizations that adopt container orchestration platforms like Kubernetes before they really understand the technology are more vulnerable to configuration errors. There are also some important Kubernetes security considerations, such as blast radius (how far a malicious party can gain access beyond the initial point of compromise), that leave certain components of a cluster more vulnerable. That’s why it’s important to build security into your deployment as early as possible. To find out where your security maturity level stands, take our Cloud SecOps Maturity Assessment, and learn more about how Threat Stack can secure your containerized environments.
If you’re ready to get started with your infrastructure transformation, there are other pitfalls you’ll want to avoid. To help you get off on the right foot and avoid common mistakes, we reached out to a panel of developers and Kubernetes experts and asked them to answer this question: