Today, even the supposedly best vulnerability scan alone is no longer sufficient to reliably protect your ICT infrastructure. Your scanner is only really effective when it can work together with other security processes. It also needs to work in the cloud and with the use of containers. In the absence of any one of these requirements, you will have a security gap – and sooner or later such gaps are guaranteed to result in security breaches. We show you the security requirements for containers and how you can use this technology securely.
Containers for long trips – the same applies in IT
The hype about containers and the operation of workloads as a microservice has now come to the world of Windows as well. This is because Windows Server 2016 supports containers just like Linux and VMware with vSphere. The benefits are obvious: microservices in particular, but also other workloads such as web servers, web apps or other applications can be deployed faster and operated on a more scalable basis. The problem when delivering conventional server workloads should be minimised with the use of containers and applications can be deployed quicker. The solution is also cheaper or even free. Security must be kept in mind at all times however. Why is this so important? Let us explain...
Self-contained (– but not fully!)
Containers share the operating system kernel and other functions with the container host and thus, in general, with other containers as well. There is therefore a risk of this being mutually compromised in the event of a successful attack, and even of access to unauthorised areas of the host operating system. Microsoft tried to get around this in Windows Server 2016, for example with the Hyper-V containers in which each container is provided with its own operating system kernel. Again, it is not certain here that an acquired Hyper-V container does not pose a risk to other containers.
If there are security gaps in one container, for example due to an outdated operating system, security vulnerabilities in integrated software or existing libraries, then these will impact upon the entire container. And, according to the latest Forrester Vulnerability Management Vendor Report 2017, vulnerabilities in software applications are the leading method in external attacks. If the container is defined as an image and other containers are created based on that image, the effect of the security gaps becomes even more serious. This should be taken into consideration during deployment.
Seal your containers tightly!
During deployment, the data to be processed in the container also plays a significant role however. Where in the network the containers will be positioned must also be planned. The internal and external firewall are particularly important here. Especially in the case of containers that are accessible via the internet, security plays a crucial role as these are particularly easy to access and thus vulnerable to attacks. Attacks such as SQL injection or denial-of-service attacks are also a problem for containers, not just conventional server systems. Security gaps – in public but also internally accessible systems – must therefore be reliably detected and rectified as quickly as possible.
There are also now attacks on virtualisation hosts or on virtual servers which make it possible to access the host, and thus other VMs, from one VM. If a container host is virtualised, there is definitely a risk that both the containers and the container host and physical virtualisation host could be taken over by attackers. You should therefore incorporate these vulnerabilities into the planning of your cyber security strategy from the outset.
Containers also get (rust) holes
Security gaps and the associated problems do not just occur because of containers and their images however, they also arise from the applications being run inside them. Once again here, attention should be paid to closing security gaps as quickly as possible and making sure that the various computers are up to date. Since containers can easily be scaled and deployed very quickly, security gaps in applications can also be distributed throughout the network at lightning speed. This process then results in not just one security gap but several.
Vulnerability Management – to ensure that the container does not become a security risk
The use of containers is therefore not a cure-all solution. Because they are deployed using images, any vulnerabilities can quickly be transferred to all containers using the same image and the same code. If the code is not optimised and vulnerabilities are not removed, then additional security tools will also not help. This is why security, and its monitoring, is particularly important when it comes to containers. When running a heterogeneous environment in which containers from various manufacturers and in various versions are used, it is even more crucial.
Container security from our partner Tenable
Security plays a key role in container technology. In addition to sound planning for increased security, as a responsible party within the company you should think about a solution that can provide greater security for containers and is cloud-based. After all, unsecure containers or container images with unsecure applications can constitute a huge risk for a company.
Checking container images regularly is a vital task in this respect. Monitoring and improving security does not just involve updating and protecting the images and containers for the duration of the deployment, it covers the entire life cycle. Our experts recommend “Tenable.io” as the ideal solution here. It reliably helps you to discover and close any vulnerabilities.