If you're just jumping into this series, you may want to start at the beginning:
Container Security Basics: Introduction
Container Security Basics: Pipeline
Container Security Basics: Orchestration
Container Secuirty Basicis: Workload
We’ve gone over a lot of material in this series of posts on container security and it’s time to kick back and summarize.
At this point, you’ve probably noticed some common security themes across this topic. While there are a number of security issues that are specific to containers – like those dealing with configuration and images – most of the basics for container security are techniques you’ve used elsewhere to secure traditional apps and infrastructure. Although the notion of a separate, isolated “management network” is largely disappearing, the use of strong credentials and least privilege security models is not.
- Lock the door. Authentication is not optional. Be sure to require strong credentials and rotate them often. Use two-factor authentication whenever possible – especially for privileged access to orchestration consoles and critical infrastructure.
- Hide your valuables. Don’t inadvertently share secrets (like keys and credentials) out in the open in a repository or easily accessible, shared source.
- Screen your calls. Not all requests are valid, and some are carrying malicious code. Whether it’s an app or an infrastructure service, inspect and evaluate content for malicious intent. Optimize by consolidating the scan with SSL/TLS termination to offset the slight performance hit.
- Patch the holes. If you know an image, service, workload, or other component is vulnerable, patch it. This is especially true for vulnerabilities in externally sourced components because they are high profile targets. This is because it’s a rich field of opportunities when a vulnerability shows up in commonly deployed applications or infrastructure like Apache Struts and requires little investment by an attacker to find and exploit.
We hope this series has been worth the time to read. We know there’s a lot more to cover when it comes to containers and security, but you have to start somewhere.
So, start with the basics. But most of all, start now if you haven’t. As Jordan says, “Customers don’t ask for security, they expect it.”
That’s true of any business, digital or physical. Customers expect security. Don’t disappoint them, and you’ll be on your way to success in this digital and increasingly containerized economy.
Stay safe.
About the Author
Related Blog Posts
Architecting for AI: Secure, scalable, multicloud
Operationalize AI-era multicloud with F5 and Equinix. Explore scalable solutions for secure data flows, uniform policies, and governance across dynamic cloud environments.
Rein in API sprawl with F5 and Google Cloud
Find out how F5 and Google Cloud can help you secure and manage your ever-increasing API integrations.
Nutanix and F5 expand successful partnership to Kubernetes
Nutanix and F5 have a shared vision of simplifying IT management. The two are joining forces for a Kubernetes service that is backed by F5 NGINX Plus.
AppViewX + F5: Automating and orchestrating app delivery
As an F5 ADSP Select partner, AppViewX works with F5 to deliver a centralized orchestration solution to manage app services across distributed environments.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.