If you have not read the first part, we recommend that you read it first. It covers the topics sandboxing and isolation using Linux kernel features. In this part we go one step further and show more tools — based on part one — that are used and find their way into a modern operating system.
In recent years, since the Internet has become available to almost anyone, application and runtime security is important more than ever. Be it an (unknown) application you download and run from the Internet or some server application you expose to the Internet, it’s almost certainly a bad idea to run apps without any security restrictions applied:
Lifestreaming is the real deal of video today, however there aren’t that many content creation tools to choose from. YouTube, Facebook and Twitter are pushing hard to enable their users to stream vlogging-style content live from their phones with proprietary Apps, and OBS is used for Let’s Plays and Twitch streams. But when you want to stream events or lectures you are pretty much on your own.
In this series of posts I want to share the experiences I gained over the past couple of weeks while writing an application that captures video and audio and creates a simple livestream. This application is designed to be the basis of a simple streaming desktop application. Continue reading
Now that we’ve understood the basics, this second part will cover the most relevant container threats, their possible impact as well as existent countermeasures. Beyond that, a short overview of the most important sources for container threats will be provided. I’m pretty sure you’re not counting on most of them. Want to know more?
When it comes to Docker, most of us immediately start thinking of current trends like Microservices, DevOps, fast deployment, or scalability. Without a doubt, Docker seems to hit the road towards establishing itself as the de-facto standard for lightweight application containers, shipping not only with lots of features and tools, but also great usability. However, another important topic is neglected very often: Security. Considering the rapid growth of potential threats for IT systems, security belongs to the crucial aspects that might decide about Docker (and generally containers) being widely and long-term adopted by software industry.
Therefore, this series of blog posts is about giving you an overview of the state of the art as far as container security (especially Docker) is concerned. But talking about that does not make so much sense without having a basic understanding of container technology in general. This is what I want to cover in this first part.
You may guessed right: Altogether, this will be some kind of longer read. So grab a coffee, sit down and let me take you on a whale ride through the universe of (Docker) containers.
Whenever we talk about multi-layered security, we always get to the see the image of an ancient medieval castle with high walls, moats and towers. In this post, we want to take a more present-time view on the concept of defense in depth. Therefore we are going to examine Chrome OS, the niche operation system for web users, and its techniques to keep its users save.
This is Part 2 of a series of posts. You can find Part 1 here: https://blog.mi.hdm-stuttgart.de/index.php/2016/01/03/more-docker-more-power-part-1-setting-up-virtualbox/
In the first part of this series we have set up two VirtualBox machines. One functions as the load balancer and the other will house our services. As the next step we want to install docker on the service VM. To do that enter the following commands in the bash:
$ wget -qO- https://get.docker.com/ | sh $ sudo gpasswd -a <username> docker $ newgrp docker
This downloads and installs Docker, adds your user to the docker user group and logs you into this new group to allow you to create and run containers.
This series of blogposts will focus on the effects on response times when performing different tasks running on a variable number of docker containers in a virtual machine.
What will be the performance differences running a small or large number of containers on the same machine? These posts will function as a step-by-step tutorial, enabling everyone to reproduce our studies.
In production one of the most scaled services are webservers. Therefore, we want to focus on stress testing a self hosted website that is being load balanced and running in a varying number of Docker containers.
Docker has gained a lot of attention over the past several years. But not only because of its cool logo or it being the top buzzword of managers, but also because of its useful features. We talked about Docker quite a bit without really understanding why it’s so great to use. So we decided to take a closer look on how Docker actually works.
In this article, we want to shed some light on a few technologies used by Docker enabling it to be so lightweight and fast in startup compared to “traditional” virtual machines (VMs). Docker itself serves us as an example, you could replace it with any other container technology, for example LXC.
Reading this article requires some profound knowledge of virtualization. Terms like “guest system” or “hypervisor” should ring a bell. Also you should have heard of an operating system called Linux (it is probably running on your smartphone and you are waiting for an update).
So let’s go!