Docker for Information Security Professionals

Introduction:

Software OS containers and microservice architecture patterns are quickly changing the way we build, package and deploy applications. And quite naturally – this presents new challenges for information security professionals. In this training we’ll review what Docker containers are and how they differ from VMs.  We’ll see how they are built, stored and deployed. We’ll review the most prominent container orchestrator systems. Then we’ll discuss the container security workflow. This will include best practices for building secure images, known container security vulnerabilities and the ways to mitigate them and existing systems for container security scanning and auditing.

Duration:

1 day (8 academic hours)

Target Audience

This course is for security engineers and penetration testers wishing to learn the security implications of working with container technologies.

Prerequisites

Basic understanding of linux OS and computer networking is required.

Course Topics:

Module 1: Introduction to Docker:

  • Introduction to Containers
  • Introduction to Docker
  • Installing Docker – the options
  • The Docker Architecture
  • The Docker Engine
  • Introducing the Docker CLI
    • Creating a Docker container
    • Docker create vs. docker run
  • Building Docker images
    • The Basics
    • Best Practices
  • Storing and retrieving Docker images from Registries
    • Docker Hub
    • Private Registry
  • Creating containers from images
  • Deploying applications with Docker
    • Docker Networking Basics
    • Data persistence with Volumes
    • Introduction to Docker compose
  • Continuous Integration and Deployment processes using Docker
  • Container Schedulers/Orchestrators Overview
    • Docker Swarm
    • Kubernetes
    • Mesos
    • Nomad

 

Module 2: Docker Security Overview

  • Limiting the Attack Surface Area
  • Restraint
  • Immutability
  • Image Provenance&Content
    • Image Signing (Docker Notary & Content Trust)
    • Security Scanning
  • Isolation and Least Privilege
    • defined in containers
    • defined in orchestrators
    • Capabilities
    • Access Controls (selinux, AppArmor)
  • Runtime Threat Detection and Response
  • Secret storage & access
  • Known Vulnerabilities
  • Firewalls
  • Network Segmentation
  • Network Policies
  • Orchestrator-specific Security Features

© 2017 Otomato Software Ltd.  All Rights Reserved http://otomato.link