Exploring Docker Security – Part 2: Container flaws


Now that we’ve understood the basics, this second part will cover the most relevant container threats, their possible impact as well as existent countermeasures. Beyond that, a short overview of the most important sources for container threats will be provided. I’m pretty sure you’re not counting on most of them. Want to know more?

Continue reading

Exploring Docker Security – Part 1: The whale’s anatomy


When it comes to Docker, most of us immediately start thinking of current trends like Microservices, DevOps, fast deployment, or scalability. Without a doubt, Docker seems to hit the road towards establishing itself as the de-facto standard for lightweight application containers, shipping not only with lots of features and tools, but also great usability. However, another important topic is neglected very often: Security. Considering the rapid growth of potential threats for IT systems, security belongs to the crucial aspects that might decide about Docker (and generally containers) being widely and long-term adopted by software industry.
Therefore, this series of blog posts is about giving you an overview of the state of the art as far as container security (especially Docker) is concerned. But talking about that does not make so much sense without having a basic understanding of container technology in general. This is what I want to cover in this first part.
You may guessed right: Altogether, this will be some kind of longer read. So grab a coffee, sit down and let me take you on a whale ride through the universe of (Docker) containers.

Continue reading

More docker = more power? – Part 2: Setting up Nginx and Docker

This is Part 2 of a series of posts. You can find Part 1 here: https://blog.mi.hdm-stuttgart.de/index.php/2016/01/03/more-docker-more-power-part-1-setting-up-virtualbox/

In the first part of this series we have set up two VirtualBox machines. One functions as the load balancer and the other will house our services. As the next step we want to install docker on the service VM. To do that enter the following commands in the bash:

$ wget -qO- https://get.docker.com/ | sh
$ sudo gpasswd -a <username> docker
$ newgrp docker

This downloads and installs Docker, adds your user to the docker user group and logs you into this new group to allow you to create and run containers.

Continue reading

More docker = more power? – Part 1: Setting up VirtualBox

This series of blogposts will focus on the effects on response times when performing different tasks running on a variable number of docker containers in a virtual machine.
What will be the performance differences running a small or large number of containers on the same machine? These posts will function as a step-by-step tutorial, enabling everyone to reproduce our studies.
In production one of the most scaled services are webservers. Therefore, we want to focus on stress testing a self hosted website that is being load balanced and running in a varying number of Docker containers.

Continue reading

Docker- dive into its foundations

Docker has gained a lot of attention over the past several years. But not only because of its cool logo or it being the top buzzword of managers, but also because of its useful features. We talked about Docker quite a bit without really understanding why it’s so great to use. So we decided to take a closer look on how Docker actually works.

In this article, we want to shed some light on a few technologies used by Docker enabling it to be so lightweight and fast in startup compared to “traditional” virtual machines (VMs). Docker itself serves us as an example, you could replace it with any other container technology, for example LXC.

Reading this article requires some profound knowledge of virtualization. Terms like “guest system” or “hypervisor” should ring a bell. Also you should have heard of an operating system called Linux (it is probably running on your smartphone and you are waiting for an update).

So let’s go!

Continue reading