Foundations of Container Security
What is a container?
A container is a small, lightweight, standardized piece of code that is designed to be modular and portable, allowing teams to deploy it easily on any computing environment. Containers are called such because they contain an application’s code along with the code’s dependencies that allow it to run, such as system libraries and various settings. Containers do not contain operating system code, however, and they operate on top of a shared OS environment, making them small and fast. The typical container is just a few hundred megabytes in size, whereas the typical virtual machine (which does include operating system code) can be 80 gigabytes or more.
Containers are a key element in the development of microservices, which break down code into single-function modules that are loosely coupled and independently deployable. Conceptually, microservices allow for rapid development and easier management of complicated applications. IDC recently predicted that “by 2023, more than 500 million new logical applications will be created — equivalent to the number of applications created in the past 40 years,” and that containers would be a critical component of that trend.
Container technology has congregated around two major platforms, Docker and Kubernetes. In addition, all of the major cloud service providers offer a range of tools designed to streamline container development, deployment and management.
What is driving container security?
As containerization has become the dominant environment for deploying applications, the need to secure them has correspondingly grown. One of the selling points for containers is that they are widely perceived as more secure than traditional applications, although in actuality they are neither more or less secure than other applications.
The biggest problem driving container security is attributed to the nature of containers. While code runs faster on containers, their inner workings are relatively invisible to operations. Security challenges emerge when the ops or security teams may unintentionally overlook threats, access control issues and other security problems, and container developers may be oblivious to the trouble spots in their code.
Container security is even more complex because of how broadly it impacts the environment, affecting not just the container runtime but also the development, build and orchestration environments and related security policies. Securing a container means ensuring that it does not contain malicious code while also protecting the larger ecosystem from attack.
Why is container security important?
As development increasingly migrates to containers, their security will become even more essential. Containers’ relative opacity as outlined above makes security, and associated security tools, critical in initial development. And because containers in general — and the techniques required to secure them — are relatively new, container security needs to be implemented correctly from the beginning, before a major incident occurs.
Security remains a significant concern (if not the top concern) for anyone involved with container development and deployment. Many believe that container security is already falling behind and that the industry has now been forced into a role of playing catch-up with remediation. Also, while numerous security tools are available to improve security posture, many organizations lack a true container security strategy.
What are the key components of container security?
Container security revolves around five key areas that include container development, container registries, container runtime environment, container orchestration and underlying network and architecture.
- Container development/build environment: As with any development project, malicious or badly written code represents a security risk if it slips into the shipping product, which can expose the enterprise to attack. Another common build- environment-based threat is the use of insecure or outdated system libraries — components often copied and reused from old projects or downloaded from the web without consideration to security.
- Container registry: Container registries, numerous repositories that store container images, are a key aspect of container security, enabling developers to store and secure their images while also allowing them to scan for vulnerabilities. Treating container images as artifacts allows organizations to enforce immutability and avoid untested configuration changes in production, which can expose services. It also accelerates an organization’s ability to roll back or replace high-risk containers with patched and updated ones.
- Container runtime environment: New types of security risks can develop once a container is released into the runtime environment. Security policies governing the behavior of containers during runtime, including those that alert administrators to violations, are critical for a secure container environment. Administrators also need to manage and monitor resources that the container uses to ensure that the stack is not exposed to attack.
- Container orchestration environment: One of the most significant components of container security revolves around the orchestration environment, namely Kubernetes. Due to the complexity of the container environment, orchestration tools are essential for running and scaling the environment as expected. This complexity also makes the environment a ripe target for security exploits, with configuration and permission management both common concerns. And because the environment can be distributed across multiple nodes, attackers can target each of them individually.
- Underlying network and server infrastructure: Lastly is the infrastructure on which all of the above are operating. Containers rely on a server’s operating system or virtual machine, representing another vector for attack. Underlying security vulnerabilities may include Windows or Linux servers or virtualized operating system instances, cloud service providers, network devices and devices used to manage the container environment, among others. Attacks against the enterprise’s underlying infrastructure can easily neutralize any container platform running upon it.
Container Security Threats and Vulnerabilities
Are cloud containers secure?
Containers themselves are not inherently more or less secure than non-containerized environments, but their complexity does create security challenges that teams must carefully manage. Many of these vulnerabilities are due to configuration errors: A recent study by Security Boulevard found that 67% of respondents had a serious misconfiguration in their container or Kubernetes environment and that 90% of respondents had experienced a security incident in their container or Kubernetes environment in the last 12 months.
Containers in cloud-native environments can and should be as secure as any other type of computer infrastructure, but as with any cloud security-related undertaking, a secure environment is often a work in progress.
What are container security threats?
A wide range of threats are common in a containerized environment. Some of the most common attacks and vulnerabilities include:
- Container image vulnerabilities: Malware embedded in container images, especially publicly available images residing in online repositories, is one of the most common container threats. One recent, widely publicized incident involves 17 publicly available hacked Docker images that included hidden cryptocurrency mining software. Attackers using base images to hijack a container environment and turn it into a member of a denial-of-service zombie network are also common techniques.
- Authentication vulnerabilities: One of the common yet problematic types of threats against container environments includes attacks directly against the orchestrator. If the Kubernetes environment is not properly secured, a compromised administrator account and password will allow attackers to easily enter the organization. These attacks allow them to access private information, inject malicious code or wreak havoc by infecting containers within the operating environment.
- Application vulnerabilities: As discussed earlier, container code is still code, and poor programming or application development (or malicious injections) represent significant security risks to containerized environments.
- Network vulnerabilities: Because containers are able to communicate with each other and the orchestration environment over the network, attacks such as SQL injections and XSS attacks targeting network services are just as dangerous to containerized environments as non-containerized ones.
How are container security threats different from cybersecurity threats in an IT environment? How is container security different from cybersecurity?
Container security and related container security solutions, along with cybersecurity, represent different disciplines and require different skill sets, largely because the tools that teams used to develop, manage and orchestrate containers are different from those they use for managing the network. Although both environments are likely to be the foundation for container operations, security in Kubernetes means something much different than security on an open source Linux server or an Amazon Web Service (AWS) environment.
However, almost any threat that can impact the enterprise network environment may also represent a threat against the container environment. And a container is only secure if the infrastructure it’s running on is also secure.
Docker and Kubernetes Security
Are Docker containers secure?
Docker cites four main considerations for security — the intrinsic security of the kernel, the Docker daemon attack surface, container configuration errors or loopholes and kernel hardening security features. If you address these issues thoughtfully, your Docker containers should be as secure as any other type of code.
Is Kubernetes secure?
As Kubernetes is a management and orchestration tool, “security” means something different than in the Docker environment. Kubernetes security revolves around the server(s) upon which the Kubernetes cluster is running, the cluster infrastructure, and the components and configuration of the cluster itself, making it closer to network-based cybersecurity than to security embedded in code development. While Kubernetes is widely regarded as a tool that has improved security for containerized environments, it is only as secure as the policies and principles of the people who manage it.
Container Security Best Practices
What are container security best practices?
There are several container security best practices that you can apply to create a solid foundation for your container defense strategy.
- Ensure any downloaded container image files are trustworthy and safe: Only download container images from a trusted source, and ensure any containers you do use are up-to-date and don’t contain old, insecure components. The Docker Content Trust system is a good step toward achieving safe and malware-free containers.
- Reduce container size and longevity whenever possible: Spin containers up when they’re needed, then decommission them when they’ve served their purpose. An attacker can’t access a container when it isn’t running, so for the sake of security, make short-lived containers a standard design and operations principle in your enterprise.
- Keep container platforms updated: It’s important to run updates and patches as soon as they’re available. Update core components like Docker Engine as often as once a week.
- Create container life cycle visibility: Organizations can't fix what they can't see, so it's critical to have visibility into a container's entire life cycle, from definition to production. Also important are automated vulnerability scanning and pipeline analytics capabilities.
- Audit your environment frequently: Tools like Docker Bench for Security and Kubernetes Auditing give administrators better access to container security tools that allow auditing of user activities and application transactions, among other capabilities.
- Define container privileges carefully: Defining access control and container privileges only to trusted sources will reduce or prevent escalation attacks.
- Lock down your host environment: It’s likely that your container host environment, including your host operating system, will only be dedicated to running containers and won’t need numerous additional services, such as print services, which may be vulnerable to attack. You can disable additional services in your host OS yourself or use a lightweight distribution built for containerized environments.
- Monitor the network in real time: A successful attack may still slip through the cracks, so it’s important to monitor network activity in real time to watch for suspicious behaviors, particularly those that exploit APIs in your container environment. Monitoring is a critical part of any container security process.
What are the biggest challenges of container security?
The most significant challenges with container security are around making security an integral part of the container environment. This entails following the below practices for the organization’s operational, supply chain and managerial processes:
- Guaranteeing that reused components are not compromised and using safe development practices for internal components so that container images are secure
- Managing communication and workflows among containers to comply with good network behavior and firewall rules
- Avoiding rogue processes by limiting container capabilities to what is only absolutely necessary
- Updating and strengthening all platforms and management applications against attack
- Refining software development skills internally so that developers and operation administrators know how to secure containers and can recognize an attack if one occurs
How can developers better secure containers?
The shift toward containers has given developers more responsibility around security. Consequently, developers will need to spend time learning what trusted container image development really means, how to properly vet code for security, and how to adopt continuous security assessment tactics and minimize the attack surface of the overall container by removing unnecessary components. To truly keep containers secure, developers also need to have end-to-end visibility into their entire container environment, allowing them to immediately detect and block malware and other security threats before they cause significant damage. With strong attention to some basic security best practices and benchmarks, administrators can make containers as secure as any type of code.
The Bottom Line: Security should be a top priority for container deployment
Container security deserves increasingly more thought and attention, especially as container technology continues to dominate the enterprise. As an evolving computing environment reveals new threats and vulnerabilities, it will be imperative for security professionals to include container security explicitly in their best practices and posture. Protecting the containerized environment is the first step to protecting the enterprise, its infrastructure and its customers.