Since the launch of Docker, it has undergone a series of updates and changes to enhance its functionality and security. Nevertheless, as any programmer knows, there is no absolutely secure platform and Docker is no exception. Plus, more often than not, security is affected by how a user interacts with Docker, making several issues cases of human error.
A study conducted by Cloud Foundry last year which involved over 700 companies from several highly-developed countries found that more than 50% were already using – or assessing the use of – containers. Among them, 64% planned to mainstream the utilisation of the technology. Seeing this rapid increase in container usage, new security challenges constantly come into light as well. Docker is the most used container hub today and just like any other similar platform, it has security issues, many of which are unique to the protocol. Read on to find out the common Docker vulnerabilities as well as how to address them.
Common Docker vulnerabilities, failures and issues
Masked activity within containers
Given that containers function via a container engine interfaced through Linux kernel, there are layers of abstraction that create a lack of visibility on specific containers or what activities certain users have regarding the files. This might also lead to kernel exploits considering that the kernel is shared among all containers and the host as explained by O’Reilly.
The best way around this is to be highly proactive in monitoring container activity. Implementing identity and access management processes can help as well in order to oversee the container ecosystem more effectively and to easily identify or trace any malicious activity. You should do this not only with regular users, but with system admins as well to ensure the availability of complete records in case a threat arises.
Using non-updated or non-maintained images
Although many Docker images are well-maintained, there are still those that haven’t been updated for a long time and using unmaintained images opens up a plethora of vulnerabilities. The Morning Paper published an analysis of Docker security and listed image vulnerabilities, with overflow, denial-of-service, restriction bypass and privilege gains being among the most common.
In line with the above, you should control your container image inflow and use only registries as well as images that are approved. It’s a good practice to always update the Docker Hub as well given to setup Docker security analysis continuously.
This is one of the biggest threats in using containers and even a single vulnerable container may open up an opportunity for attacking a whole network. “East-West” attacks usually affect networks and sockets that lack proper restrictions.
To prevent such an attack, implement network segmentation and segregate containers on preset categories such as by workload or by application for instance. This way, even if a container is breached, the damage would not be spread easily across your entire network and it can even buy you time to detect and mitigate an attack in case it happens.
Unlike the previous scenario, a “noisy neighbour” happens in such a way that a container’s behaviour causes an attack, usually denial-of-service, on other containers. Repeated opening of sockets, for instance, might make the host slow down or freeze.
It’s advisable to create a whitelist of files that a specific container accesses or runs. This will give you the knowledge of which files are required for the application in the container. As you sort out the files, you can then create limitations and establish an anomaly baseline to prevent “noisy neighbour” as well as container breakout scenarios.
How to address Docker vulnerabilities now
These are just some of the common issues companies and users face with Docker and surely, there will be more to come. The world of technology constantly advances and a blog post from Telogis mentioned that the costs of software development continue to go down, bringing more opportunities for platforms like Docker to grow but along with it, new vulnerabilities and threats will emerge as well. Therefore, it’s also wise to be connected with security specialists or consultants that dedicate their time towards making networks, data and platforms such as Docker safer for end users. You want to improve your company’s cyber-security? You can set up a strong security policy thanks to our Docker continuous monitoring solution. Organizations need to make sure that best practice monitoring, and detection processes are in place.
Try for free our Elastic Workload Protector solution and find all your Docker vulnerabilities, and misconfiguration
Exclusively written for SecludIT & Outpost24