Docker has certainly become one of the most important parts of business infrastructure. Equally important is the question on how to secure it.This HackerSploit course, made in cooperation with Linode, has the answer.

The HackerSploit: Docker Security Series aims to provide developers, system administrators and DevOps engineers the necessary skills to be able to audit, secure and manage Docker in the context of an organization or in their own personal projects.

Available as an on demand event, it comes in two parts which in order to be watched require a simple registration with Name and email. However Part 1 is already available as a YouTube playlist without any restrictions. It comprises 4 chapters and lasts for 2 hours and 40 minutes and also  has an extra, almost hour-long introductory video that is not part of the registered event!

Chapter 1: Auditing Docker Security

• An overview of the Docker platform
• Common security issues and pitfalls
• Docker security benchmarks and CVE's
• Auditing the Docker platform with docker-bench-security

Chapter 2: Securing the Docker Host

• Minimal operating systems
• Auditing the Host security with Lynis
• Securing and hardening the host OS
• Setting up audit rules

Chapter 3: Securing the Docker Daemon

• Managing access to the Docker daemon
• Implementing TLS encryption
• Implementing User Namespaces
• Disabling inter container communications (icc)

Chapter 4: Securing & Hardening Docker Containers

• Run containers with unprivileged users
• Disable the root user
• Prevent privilege escalation
• Limit container capabilities

Part 2 is more in depth and technical and looks into securing the Docker daemon, using Jails and implementing access control. It is currently only available on demand and requires registration. It comprises 5 chapters and lasts for 2 hours and 13 minutes:

Chapter 1: Controlling Container Resource Consumption With Control Groups

• Understanding control groups (cgroups)
• Controlling container resources consumption

Chapter 2: Implementing Access Control For Containers With App Armor

• Access control explained
• Types of access control
• Introduction to AppArmor
• Creating and using custom AppArmor profiles

Chapter 3: Limiting Container System Calls With Seccomp

• Seccomp
• The process of creating and implementing custom seccomp profiles

Chapter 4: Vulnerability Scanning For Docker Containers

• Vulnerability scanning for Docker containers
• Vulnerability scanning for trivy
• Vulnerability scanning for clair

Chapter 5: Building Secure Docker Images

• Scanning Docker images with Dockle
• Identifying misconfigurations
• Building secure Docker images

Registering is recommended as as well as gaining access to both parts you also get the opportunity to participate in live exercises on O'Reilly's Katakoda platform. While not specific to the HackerSploit series since these exercises are Docker- related.

Personally as an independent developer I've found Part 1 very useful and educational and I gained the most value out of it although I've found Part 2 still intriguing.

The important thing to realize is that the course looks at Docker not as just securing containers but as as a platform/environment.

It's a very useful Linode initiative acknowledging Docker's ever rising importance thus the need for ensuring its security.

The course is also accompanied by a freely available eBook. 

More Information

Linode Event

YouTube Playlist

Related Articles

The Linux Upskill Challenge

Learn Kubernetes by Example

The Cloud Native Application Architecture Nanodegree - Foundations

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info