Găsiți următoarea book favorită

Deveniți un membru astăzi și citiți gratuit pentru 30 zileÎncepeți perioada gratuită de 30 zile

Informații despre carte

Securing Docker

Name: Securing Docker
Brand: Packt Publishing
Price: 9.99 USD
Availability: InStock
ISBN: 9781785881961

Până la Gallagher Scott

Acțiuni carte

Începeți să citiți

Lungime: 229 pagini2 ore

Editor:: Packt Publishing
Lansat:: Mar 30, 2016
ISBN:: 9781785881961
Format:: Carte

Descriere

Learn how to secure your Docker environment and keep your environments secure irrespective of the threats out there

About This Book

- Gain confidence in using Docker for containerization without compromising on security
- This book covers different techniques to help you develop your container security skills
- It is loaded with practical examples and real-world scenarios to secure your container-based applications

Who This Book Is For

This book is for developers who wish to use Docker as their testing platform as well as security professionals who are interested in securing Docker containers. You must be familiar with the basics of Docker.

What You Will Learn

- Find out how to secure your Docker hosts and nodes
- Secure your Docker components
- Explore different security measures/methods for Linux kernels
- Install and run the Docker Bench security application
- Monitor and report security issues
- Familiarize yourself with third-party tools such as Traffic Authorization, Summon, sVirt, and SELinux to secure your Docker environment

In Detail

With the rising integration and adoption of Docker containers, there is a growing need to ensure their security.
The purpose of this book is to provide techniques and enhance your skills to secure Docker containers easily and efficiently. The book starts by sharing the techniques to configure Docker components securely and explore the different security measures/methods one can use to secure the kernel.
Furthermore, we will cover the best practices to report Docker security findings and will show you how you can safely report any security findings you come across. Toward the end, we list the internal and third-party tools that can help you immunize your Docker environment.
By the end of this book, you will have a complete understanding of Docker security so you are able to protect your container-based applications.

Style and approach

This book is your one-stop solution to resolve all your Docker security concerns. It will familiarize you with techniques to safeguard your applications that run on Docker containers.

Citiți mai multe

Acțiuni carte

Începeți să citiți

Informații despre carte

Securing Docker

Până la Gallagher Scott

Lungime: 229 pagini2 ore

Descriere

Citiți mai multe

Editor:: Packt Publishing
Lansat:: Mar 30, 2016
ISBN:: 9781785881961
Format:: Carte

Despre autor

Gallagher Scott

Autori asociați

Skip carousel

carousel previous carousel next

Legat de Securing Docker

Categorii asociate

Săriți peste schemele de tip carusel

Mostră carte

Securing Docker - Gallagher Scott

Securing Docker

Credits

About the Author

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Securing Docker Hosts

Docker host overview

Discussing Docker host

Virtualization and isolation

Attack surface of Docker daemon

Protecting the Docker daemon

Securing Docker hosts

Docker Machine

SELinux and AppArmor

Auto-patching hosts

Summary

2. Securing Docker Components

Docker Content Trust

Docker Content Trust components

Signing images

Hardware signing

Docker Subscription

Docker Trusted Registry

Installation

Securing Docker Trusted Registry

Administering

Workflow

Docker Registry

Installation

Configuration and security

Summary

3. Securing and Hardening Linux Kernels

Linux kernel hardening guides

SANS hardening guide deep dive

Access controls

Distribution focused

Linux kernel hardening tools

Grsecurity

Lynis

Summary

4. Docker Bench for Security

Docker security – best practices

Docker – best practices

CIS guide

Host configuration

Docker daemon configuration

Docker daemon configuration files

Container images/runtime

Docker security operations

The Docker Bench Security application

Running the tool

Running the tool – host configuration

Running the tool – Docker daemon configuration

Running the tool – Docker daemon configuration files

Running the tool – container images and build files

Running the tool – container runtime

Running the tool – Docker security operations

Understanding the output

Understanding the output – host configuration

Understanding the output – the Docker daemon configuration

Understanding the output – the Docker daemon configuration files

Understanding the output – container images and build files

Understanding the output – container runtime

Understanding the output – Docker security operations

Summary

5. Monitoring and Reporting Docker Security Incidents

Docker security monitoring

Docker CVE

Mailing lists

Docker security reporting

Responsible disclosure

Security reporting

Additional Docker security resources

Docker Notary

Hardware signing

Reading materials

Awesome Docker

Summary

6. Using Docker's Built-in Security Features

Docker tools

Using TLS

Read-only containers

Docker security fundamentals

Kernel namespaces

Control groups

Linux kernel capabilities

Containers versus virtual machines

Summary

7. Securing Docker with Third-party Tools

Third-party tools

Traffic Authorization

Summon

sVirt and SELinux

Other third-party tools

dockersh

DockerUI

Shipyard

Logspout

Summary

8. Keeping up Security

Keeping up with security

E-mail list options

The two e-mail lists are as follows:

GitHub issues

IRC rooms

CVE websites

Other areas of interest

Summary

Index

Securing Docker

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: March 2016

Production reference: 1230316

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78588-885-4

www.packtpub.com

Credits

Author

Scott Gallagher

Reviewer

Harald Albers

Commissioning Editor

Priya Singh

Acquisition Editor

Prachi Bisht

Content Development Editor

Arshiya Ayaz Umer

Technical Editor

Suwarna Patil

Copy Editor

Vibha Shukla

Project Coordinator

Shweta H Birwatkar

Proofreader

Safis Editing

Indexer

Monica Ajmera Mehta

Graphics

Disha Haria

Production Coordinator

Nilesh Mohite

Cover Work

Nilesh Mohite

About the Author

Scott Gallagher has been fascinated with technology since he was in elementary school, when he used to play Oregon Trail. His love continued through middle school, working on more Apple IIe computers. In high school, he learned how build computers and program in BASIC! His college years were all about server technologies such as Novell, Microsoft, and Red Hat. After college, he continued to work on Novell, all while keeping an interest in all the technologies. He then moved into managing Microsoft environments and eventually into what he is the most passionate about, Linux environments, and now his focus is on Docker and cloud environments.

I would like to thank my family for the support they have given me, not only throughout the work on this book, but throughout my life and career. I would like to thank my wife, who is my soulmate, the love of my life, and the most important person in my life and the reason I push myself to be the best I can be each day. I would also like to thank my kids, who are the most amazing kids in this world, for being able to watch them grow each day; I truly am blessed. Finally, I would like to thank my parents, who have helped me become the person I am today.

About the Reviewer

Harald Albers works as a Java developer and security engineer in Hamburg, Germany.

In addition to developing distributed web applications, he also sets up and maintains the build infrastructure, staging, and production environments for these applications.

Most of his work is only possible because of Docker's simple and elegant solutions for the challenges of provisioning, deployment, and orchestration.

He started using Docker and contributing to the Docker project in mid-2014. He is a member of the Docker Governance Advisory Board, 2015-2016.

www.PacktPub.com

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Preface

Docker is the hottest buzzword in technology these days! This book helps you to ensure that you are securing all the pieces in the Docker ecosystems of tools. Keeping your data and systems safe is of utmost importance these days, and with Docker, it's the same exception. Learn how Docker is inherently secure and how to secure the pieces around it even more and be on the lookout for potential vulnerabilities as they take place.

What this book covers

Chapter 1, Securing Docker Hosts, starts off the book by discussing how to secure the first part of getting your Docker environment up and running, and that is by focusing on your Docker hosts. The Docker hosts are the platform that your containers will run on. Without securing these first, it's like leaving the front door to your house wide open.

Chapter 2, Securing Docker Components, focuses on securing the components of Docker, such as the registry you can use, the containers that run on your hosts, and how to sign your images.

Chapter 3, Securing and Hardening Linux Kernels, explains hardening guides that are out there as well as different security measures/methods you can use to help secure the kernel that is being used to run your containers as it's important to secure it.

Chapter 4, Docker Bench for Security, informs how well you have set up your Docker environment with the Docker Bench Security application, get recommendations for where you should focus your efforts to fix right away, and what you don't really have to fix right now, but should keep yourself aware of.

Chapter 5, Monitoring and Reporting Docker Security Incidents, covers how to stay on top of the items that Docker has released regarding the security findings to help keep you aware of your environments. Also, we will take a look at how to safely report any security findings you come across to ensure that Docker has a chance to alleviate the concern before it becomes public and widespread.

Chapter 6, Using Docker's Built-in Security Features, introduces the use of Docker tools to help secure your environment. We will go over all of them to give you a baseline of what you can use that is provided by Docker itself. You can learn what command-line and GUI tools you can use for your security needs.

Chapter 7, Securing Docker with Third-party Tools, covers the third-party tools that are out there to help you keep your Docker environment

Ați ajuns la finalul acestei mostre. Înregistrați-vă pentru a citi mai mult!

Începeți perioada gratuită de probă

Pagina 1 din 1

Recenzii

Ce cred oamenii despre Securing Docker

Evaluare: 0 din 5 stele

0 evaluări / 0 recenzii

Ce părere aveți?

Evaluare: din 5 stele

Scrieți o recenzie (opțional)

Limbă

Bine ați venit la Scribd!

Găsiți următoarea book favorită

Informații despre carte

Securing Docker

Acțiuni carte

Descriere

Acțiuni carte

Informații despre carte

Securing Docker

Descriere

Despre autor

Autori asociați

Legat de Securing Docker

Docker Cookbook

Docker Networking Cookbook

Docker Complete Self-Assessment Guide

Docker Orchestration

Kubernetes Cookbook

Learning Docker - Second Edition

Orchestrating Docker

Learning Docker Networking

Mastering Docker

Native Docker Clustering with Swarm

Docker: Creating Structured Containers

Monitoring Docker

Build Your Own PaaS with Docker

Docker High Performance

Troubleshooting Docker

Learning Docker

Developing with Docker

Git Best Practices Guide

DevOps Automation Cookbook

Getting Started with Kubernetes - Second Edition

Learn Docker - .NET Core, Java, Node.JS, PHP or Python: Learn Collection

Ansible Playbook Essentials

Mastering Nginx

Docker: A Quick-Start Beginner's Guide

Ansible Configuration Management

Getting Started with Kubernetes

Learning Ansible

Mastering Kubernetes

DevOps for Networking

Docker Bootcamp

A Decade of Development: Welcome to the MS Dev Show, episode #236. This week we talk about some of the changes in software development over the last decade, and it's sure to trigger some nostalgia. The year of Linux on the business card. Is Microsoft Edge worth using? And...

Linux Action News 105: RHEL 8 is released, we report from the ground of the big announcement, Microsoft announces WSL 2 with a real Linux kernel at the core, and details on their new open source terminal.

Going Linux #313 · Getting Support for Linux Computers: Going Linux #313 · Getting Support for Linux Computers

Going Linux #332 · Listener Feedback: Going Linux #332 · Listener Feedback

The Cloudcast #225 - VMware and Containers: Aaron talks with Kit Colbert (@kitcolbert, VP &amp; CTO Cloud Native Apps, VMware) at DockerCon EU about growing up in the VMware ecosystem and transferring skills to a cloud native apps world. Topics include VMware Integrated Containers, how the Docke...

Going Linux #279 · Getting Started With Linux: Going Linux #279 · Getting Started With Linux

2018-014- Container Security with Jay Beale: Container security Jay Beale @inguardians , @jaybeale Containers What the heck is a container? Linux distribution with a kernel Containers run on top of that, sharing the kernel, but not the filesystem ...

Going Linux #304 · Listener Feedback: Going Linux #304 · Listener Feedback

89: Docker All The Web Things: This week on The Web Platform Podcast, Erik Isaksen, Danny Blue, and Leon Revill talk with Mano Marks (@ManoMarks) all about Docker and how containerized deployments can help you from the time you start your web project all the way to the time you...

Going Linux #262 · Computer America #79: Going Linux #262 · Computer America #79

Going Linux #253 · Computer America #76: Going Linux #252 · Sonar Gnu/Linux

Actions on Google with Mandy Chan: This week is all about Voices! ??? Mandy Chan joins Melanie and Mark to discuss building user Voice user interfaces with Actions on Google, SSML and more!

Linux Action News 98: Is Linux gaming really being saved by Google's Stadia platform? We discuss the details and possibilities.

Episode 78: Straight Outta FOSDEM | LUP 78: FOSDEM just wrapped up, where thousands of developers & enthusiasts of free & open source software gather to talk all things Linux. Plus we drool over the new Raspberry Pi 2 & ask if B+ buyers got a little screwed.

Linux Action News 109: Mozilla's master strategy becomes clear, CockroachDB surrenders to the software as a service reality, while Microsoft and Oracle link up.

Mesonbuild with Jussi Pakkanen: Rob and Jason are joined by Jussi Pakkanen to discuss the Mesonbuild multiplatform build system for C++ Jussi Pakkanen got his doctoral degree in computer science from the Helsinki University of Technology in 2006. Since then he has worked on various...

Going Linux #285 · Security: The Linux Advantage: Going Linux #285 · Security: The Linux Advantage

Linux Action News 96: Free Software does what commercial can't this week, getting a Debian desktop on more Android devices gets closer and PureOS promises Convergence, but is there more beneath the surface?

Going Linux #358 · Listener Feedback: Going Linux #358 · Listener Feedback

Linux Action News 32: Mozilla violates users' trust, Amazon has a new Linux, OpenSSH is coming to Windows, and Intel blocks disabling of the Management Engine. Plus an update on the Conservancy's fight with the Software Freedom Law Center and more.

Going Linux 294 · Listener Feedback: Going Linux 294 · Listener Feedback

Kubernetes Usability with Joe Beda: Docker was released in 2013, and popularized the use of containers. A container is an abstraction for isolating a well-defined portion of an operating system. Developers quickly latched onto containers as a way to cut down on the cost of virtual machin...

347: Arm is Here: We discover a few simple Raspberry Pi tricks that unlock incredible performance and make us re-think the capabilities of Arm systems.

Nextcloud And Docker Containers Made Easy

The Best Next-gen Distros

Robot Challenges

Super Linux!

Other Installation Methods

Build A Better Media Server

Linux User Groups

Mobile Mania

Distribute An Image, Sans Cloud

Build It Yourself

Are Docker Containers A Good Idea For Laptops?

Letter Of The Month

Welcome to Linux

The Cloudcast #225 - VMware and Containers: Aaron talks with Kit Colbert (@kitcolbert, VP & CTO Cloud Native Apps, VMware) at DockerCon EU about growing up in the VMware ecosystem and transferring skills to a cloud native apps world. Topics include VMware Integrated Containers, how the Docke...