Preface

Many organizations are running applications in cloud native environments, using containers and orchestration to facilitate scalability and resilience. If you’re a member of the Operations, DevOps or even DevSecOps team setting up these environments for your company, how do you know whether your deployments are secure? If you’re a security professional with experience of traditional host- or virtual machine-based systems, how can you adapt your existing knowledge ready for container-based deployments? And as a developer in the cloud native world, what do you need to think about to improve the security of your containerized applications? This book dives into some of the key underlying technologies that containers and cloud native rely on, to leave you better equipped to assess the security risks and potential solutions applicable to your environment, and to help you avoid falling into bad practices that will leave your technology deployments exposed.

In this book you will learn about many of the building block technologies and mechanisms that are commonly used in container-based systems, and how they are constructed in the Linux operating system. My goal in writing it is to help you to better understand what’s happening when you deploy containers. I want to encourage you to build mental models that allow you to make your own assessment of potential security risks that could affect your deployments.

We’ll start in [Link to Come] by considering threat model and attack vectors that affect container deployments, and the aspects that differentiate container security from traditional deployment security.

Then we’ll start getting into the details of the underlying Linux mechanisms that containers use. In Chapter 1 and Chapter 2 we’ll dive into the Linux constructs that containers are made from. This will give you an understanding of what containers really are, and the extent to which they are isolated from each other. We’ll compare this with virtual machine isolation in Chapter 3. In [Link to Come] we will look at some optional Linux security measures that can be applied to harden containers beyond the basic implementation we saw in Chapter 2.

We will look into ways that container isolation can be compromised through dangerous, but commonplace, misconfigurations in [Link to Come]. Configuration is an important part of the contents of a container image, and in [Link to Come] you’ll learn more about images, and consider some best practices for building them. [Link to Come] addresses the need to identify container images with known software vulnerabilities.

Then we will turn to the communications between containers. [Link to Come] looks at how containers communicate, and explores ways to leverage the connections between them to improve security. [Link to Come] explains the basics of keys and certificates, which containerized components can use to identify each other and set up secure network connections between themselves. In [Link to Come] we will see how certificates and other credentials can be safely (or not so safely) passed to containers at runtime.

In [Link to Come] we will consider ways that an attacker might attempt to compromise your deployment, and consider ways in which security tooling can prevent these attacks.

This book primarily considers the kind of “application containers” that many businesses are using these days to run their business applications in systems like Kubernetes and Docker. This is in contrast to “system containers” such as LXC and LXD from the Linux Containers Project. In an application container, you are encouraged to run immutable containers with as little code as is necessary to run the application, where in a system container environment the idea is to run an entire Linux distribution and treat it more like a virtual machine. It’s considered perfectly normaly to SSH into a system container, but application container security experts will look at you askance if you want to SSH into an application container (for reasons covered primarily in [Link to Come]). However, the basic mechanisms used to create application and system containers alike are control groups, namespaces and chroot, so this book will give you a solid foundation from which you may wish to explore the differences in approach taken by the different container projects.

The book assumes that you are comfortable with basic Linux command line tools like ps and grep, and with the basic day-to-day activities of running container applications through the use of tools like kubectl or docker. This book will use the former set of tools to explain a lot more about what’s happening when you use the latter!