If you're just jumping into this series, you may want to start at the beginning:
Container Security Basics: Introduction
Container Security Basics: Pipeline
Container Security Basics: Orchestration
Container Secuirty Basicis: Workload
We’ve gone over a lot of material in this series of posts on container security and it’s time to kick back and summarize.
At this point, you’ve probably noticed some common security themes across this topic. While there are a number of security issues that are specific to containers – like those dealing with configuration and images – most of the basics for container security are techniques you’ve used elsewhere to secure traditional apps and infrastructure. Although the notion of a separate, isolated “management network” is largely disappearing, the use of strong credentials and least privilege security models is not.
- Lock the door. Authentication is not optional. Be sure to require strong credentials and rotate them often. Use two-factor authentication whenever possible – especially for privileged access to orchestration consoles and critical infrastructure.
- Hide your valuables. Don’t inadvertently share secrets (like keys and credentials) out in the open in a repository or easily accessible, shared source.
- Screen your calls. Not all requests are valid, and some are carrying malicious code. Whether it’s an app or an infrastructure service, inspect and evaluate content for malicious intent. Optimize by consolidating the scan with SSL/TLS termination to offset the slight performance hit.
- Patch the holes. If you know an image, service, workload, or other component is vulnerable, patch it. This is especially true for vulnerabilities in externally sourced components because they are high profile targets. This is because it’s a rich field of opportunities when a vulnerability shows up in commonly deployed applications or infrastructure like Apache Struts and requires little investment by an attacker to find and exploit.
We hope this series has been worth the time to read. We know there’s a lot more to cover when it comes to containers and security, but you have to start somewhere.
So, start with the basics. But most of all, start now if you haven’t. As Jordan says, “Customers don’t ask for security, they expect it.”
That’s true of any business, digital or physical. Customers expect security. Don’t disappoint them, and you’ll be on your way to success in this digital and increasingly containerized economy.
Stay safe.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...