Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud...

18
Securing the Lids on Containers in the Cloud Raymond Lay 10 th April 2017

Transcript of Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud...

Page 1: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

SecuringtheLidsonContainersintheCloud

RaymondLay10th April2017

Page 2: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

HelloMotto

Page 3: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

WHYContainerTechnology

HOWSecureisit

WHATelsetoconsider

Page 4: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

WHYContainerTechnology

Page 5: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

SoftwareDesignEvolution…

FromMonolithic

ToMicroservices

FastDeployment,Efficientscaling,

DesignAutonomy

FromPhysicalServers

ToVMsToContainers

Page 6: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

Speed&Scale

Page 7: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

• MoreAgile• DeliverFaster• Better@Packaging&

Deployment• LowerResource

Constraint

Page 8: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

HowSecureisContainerTechnology

Page 9: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

IsContainerTechnologyInherentlyMORESecure

Page 10: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

IsContainerTechnologyInherentlyMORESecure

• NamespacesprovideIsolation• IsolateApplicationsfromHost• IsolateApplicationsfromeachother

• Cgroups provideresourcelimiting(CPU,Memoryetc)• ReducingSurfaceAreaoftheHost(Access)• ImprovedSecuritythroughrestrictingcapabilities• EncourageadoptionofPrinciplesofLeastPrivileges• Applicationspackageincontainersare“usually”moresecure

Page 11: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT
Page 12: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

• Relianceonkernelfeaturestoisolateandcontrolresources• Assumethatcontainer(containedprocesses)areworkingas

intendedandthecodesdeployedaresecure• TheunderlyingOSiswell-secured(hardenedappropriately)• Securitypatcheshavebeenintegratedintodeployment

Itdepends…

Page 13: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

WhatelsetoConsider

Page 14: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

DevilintheDetails…

• HostLevel“RootAccess”• HostLevelProtection• ContainerSecurity– Codes&Ownership• VulnerabilityAssessments• Orchestration,Scalability&PatchManagement• Deploymentwith/withoutVMs

Page 15: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

Container

Application

OtherContainers

UnderlyingOS

EXTERNALTHREATS

Threats&Defenses

Cgroups

Namespaces

CodeReviews

TraditionalDefenses Namespaces

Page 16: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

KEYTAKEAWAYS

Page 17: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

• ContainerTechnologycanprovideSpeed,Scale&Security

• TraditionalInfoSecapproachstillapplies- CIA

• Defaults<>Deployed

Page 18: Securing the Lids on Containers in the Cloud · Securing the Lids on Containers in the Cloud Raymond Lay 10thApril 2017. Hello Motto. WHY Container Technology HOW Secure is it WHAT

FOAM CUPS, CONTAINERS & LIDS - US Foods...CUPS CORRESPONDING LIDS APN Product Description Pack Size APN Product Description Pack Size 0765057 6 oz. White Foam Cup 20/50 ea. 0765032

FOAM CUPS, CONTAINERS & LIDS - US Foods...CUPS CORRESPONDING LIDS APN Product Description Pack Size APN Product Description Pack Size 0765057 6 oz. White Foam Cup 20/50 ea. 0765032

Securing Applications in Containers PDFs/DD 18 Präsentat… · Securing Applications in Containers Aqua Container Security Platform. 2 In 5 years ALL new software deployments will

Securing Applications in Containers PDFs/DD 18 Präsentat… · Securing Applications in Containers Aqua Container Security Platform. 2 In 5 years ALL new software deployments will

Gastronorm containers - BLANCO Professional · PDF fileGastronorm lids with form-fitting seal. ... Price on request. GN 2/1 GN 1/1 GN 1/2 GN 2/4 ... • All Gastronorm containers comply

Gastronorm containers - BLANCO Professional · PDF fileGastronorm lids with form-fitting seal. ... Price on request. GN 2/1 GN 1/1 GN 1/2 GN 2/4 ... • All Gastronorm containers comply

CQSTR: Securing Cross-Tenant Applications with Cloud ...pages.cs.wisc.edu/~swift/papers/socc16-cqstr.pdf · CQSTR: Securing Cross-Tenant Applications with Cloud Containers Yan Zhai

CQSTR: Securing Cross-Tenant Applications with Cloud ...pages.cs.wisc.edu/~swift/papers/socc16-cqstr.pdf · CQSTR: Securing Cross-Tenant Applications with Cloud Containers Yan Zhai

A MASTER’S GUIDE TO Container Securing - Madden · PDF fileA MASTER’S GUIDE TO CONTAINER SECURING IS THE ... Tony Bowman, Managing Director, TMC (Marine ... fifth tier containers

A MASTER’S GUIDE TO Container Securing - Madden · PDF fileA MASTER’S GUIDE TO CONTAINER SECURING IS THE ... Tony Bowman, Managing Director, TMC (Marine ... fifth tier containers

PLASTICS BOTTLES & CONTAINERS€¦ · bakery trays and cake domes, deli containers and trays, fruit and vegetable containers and . baskets, cups, tubs and lids. Empty and rinse containers;

PLASTICS BOTTLES & CONTAINERS€¦ · bakery trays and cake domes, deli containers and trays, fruit and vegetable containers and . baskets, cups, tubs and lids. Empty and rinse containers;

JUNE 2015 - Chinatown · •Plastic such as: containers, hard plastic, plastic cups, lids, bottles, plastic pails, buckets and garden pots. ... •Plastic bags •Styrofoam •Food

JUNE 2015 - Chinatown · •Plastic such as: containers, hard plastic, plastic cups, lids, bottles, plastic pails, buckets and garden pots. ... •Plastic bags •Styrofoam •Food

e Recycling Guide - Federal Way RULES AND DISPOSAL ALTERNATIVES ... lids, aluminum foil, foil trays, oil containers, paint cans with hardened paint ... blister packaging

e Recycling Guide - Federal Way RULES AND DISPOSAL ALTERNATIVES ... lids, aluminum foil, foil trays, oil containers, paint cans with hardened paint ... blister packaging

CATALOGUE · EURO CONTAINERS EURO CONTAINERS WITH LIDS Tel.: +420 565 534 000 u Fax: +420 565 534 001 u E-mail: obchod@tbaplast.cz u Web: EURO CONTAINERS WITH LIDS – ALWAYS PERFECT

CATALOGUE · EURO CONTAINERS EURO CONTAINERS WITH LIDS Tel.: +420 565 534 000 u Fax: +420 565 534 001 u E-mail: [email protected] u Web: EURO CONTAINERS WITH LIDS – ALWAYS PERFECT

STORAGE CONTAINERS - Polycarbonate · • Lids are tight-fitting • Perfect for food storage and portion control, completely stackable, extremely durable and long lasting • Dishwasher

STORAGE CONTAINERS - Polycarbonate · • Lids are tight-fitting • Perfect for food storage and portion control, completely stackable, extremely durable and long lasting • Dishwasher

SECURING CONTAINERS - CSCOUT · SECURING CONTAINERS They are Coming ... Docker FreeBSD Jails expand on Unix chroot to isolate files Linux-Vserver ports kernel isolation, but requires

SECURING CONTAINERS - CSCOUT · SECURING CONTAINERS They are Coming ... Docker FreeBSD Jails expand on Unix chroot to isolate files Linux-Vserver ports kernel isolation, but requires

ORGA-LINE and AMBIA-LINE - Baer Supply with ORGA-LINE. Items like pots and pans or plastic containers can be stored with their lids in one drawer, and the lids are always easy to find.

ORGA-LINE and AMBIA-LINE - Baer Supply with ORGA-LINE. Items like pots and pans or plastic containers can be stored with their lids in one drawer, and the lids are always easy to find.

RECYCLING SERVICES€¦ · Clean Paper, Magazines, Newspaper, Cardboard, Junk Mail Glass Bottles & Jars (Even broken) Empty Plastic Bottles, Rigid Plastic Containers (Lids should

RECYCLING SERVICES€¦ · Clean Paper, Magazines, Newspaper, Cardboard, Junk Mail Glass Bottles & Jars (Even broken) Empty Plastic Bottles, Rigid Plastic Containers (Lids should

Without lids! Mandatory food scrap diversion Without lids! · Glass food & beverage containers. Without lids! Plastic food & beverage containers. Without lids! Clean, plastic lids

Without lids! Mandatory food scrap diversion Without lids! · Glass food & beverage containers. Without lids! Plastic food & beverage containers. Without lids! Clean, plastic lids

Store food in containers with lids - origin.who.intorigin.who.int/emergencies/diseases/lassa-fever/lassa-fever-presentation.pdf · ©WHO2018 3 Lassa fever Disease •Lassa fever is

Store food in containers with lids - origin.who.intorigin.who.int/emergencies/diseases/lassa-fever/lassa-fever-presentation.pdf · ©WHO2018 3 Lassa fever Disease •Lassa fever is

Securing Cloud Containers through Intrusion Detection and ... · Securing Cloud Containers through Intrusion Detection and Remediation Amr Sayed Omar Abed GENERAL AUDIENCE ABSTRACT

Securing Cloud Containers through Intrusion Detection and ... · Securing Cloud Containers through Intrusion Detection and Remediation Amr Sayed Omar Abed GENERAL AUDIENCE ABSTRACT

Vacuum Sterilization Containers, Lids, Baskets & Accessories · 2017-01-20 · Vacuum Sterilization Containers, Lids, Baskets & Accessories 2 Integra ® Miltex ® Sterilization Containers

Vacuum Sterilization Containers, Lids, Baskets & Accessories · 2017-01-20 · Vacuum Sterilization Containers, Lids, Baskets & Accessories 2 Integra ® Miltex ® Sterilization Containers

Drop Cloth Blank canvas Various colors of acrylic paint Various circular containers such as buckets, cups and lids. Make sure they are of.

Drop Cloth Blank canvas Various colors of acrylic paint Various circular containers such as buckets, cups and lids. Make sure they are of.

If weather conditions prevent the safe collection of ...local.republicservices.com/site/washington/Documents/AllCities/... · Caps & lids (Under 3”, remove from containers.) Styrofoam

If weather conditions prevent the safe collection of ...local.republicservices.com/site/washington/Documents/AllCities/... · Caps & lids (Under 3”, remove from containers.) Styrofoam

Containers and Kubernetes Put a Lid on It: Securing for ... · Put a Lid on It: Securing Containers and Kubernetes on vSphere and AWS Steve Hoenisch, VMware, Inc. Nolan Karpinski,

Containers and Kubernetes Put a Lid on It: Securing for ... · Put a Lid on It: Securing Containers and Kubernetes on vSphere and AWS Steve Hoenisch, VMware, Inc. Nolan Karpinski,