Docker Security • Adrian Mouat • GOTO 2016

This presentation was recorded at GOTO Stockholm 2016 http://gotosthlm.com Adrian Mouat - Chief Scientist at Container Solutions ABSTRACT The security of containers has been a hotly discussed topic in recent months. This talk will explain the main concerns around container security, and offer some best practices [...] TIMECODES 0:00 Introduction 1:03 OVERVIEW 2:55 KERNEL ATTACKS 3:29 CONTAINER BREAKOUTS 4:01 SNIFFING SECRETS 5:04 LEAST PRIVILEGE 8:45 HOW TO MITIGATE 9:44 NOT A SOLUTION! 10:15 IMAGE SCANNING 11:57 USE CONTAINERS AND VMS 12:51 DOCKER PRIVILEGES 15:52 DROP CAPABILITIES 17:24 SET CPUSHARES 18:36 SET MEMORY LIMITS 19:02 DEFANG SETUID/SETGID BINARIES 20:41 USE MINIMAL IMAGES 21:29 USE LINUX SECURITY MODULES 21:40 SELINUX 24:10 SECURITY HARDENED KERNEL 24:53 VERIFY IMAGES 26:48 AUDITING 28:41 ENVIRONMENT VARIABLES 29:51 SECURE KEY-VALUE STORE 31:28 CONCLUSION Download slides and read the full abstract here: https://gotosthlm.com/2016/sessions/6 https://twitter.com/gotosthlm https://www.facebook.com/GOTOConference http://gotocon.com Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1