Securing the Docker Platform
By Nigel Brown
Course info
Course info
Description
Docker containers are in widespread use as the distribution vehicle for cloud native application services. An important enabler in the process of building, packaging, and running those containers is the Docker platform, which is comprised of several parts. In this course, Securing the Docker Platform, you'll learn about the fundamental aspects of security that relate to the platform components. First, you'll gain a better understanding of the platform components involved and the means of measuring compliance against an industry benchmark standard. Next, you'll discover how to configure the Docker daemon for best practice security, as well as for more flexible access control and authentication. Finally, you'll explore how to apply security controls to other aspects of the platform including a self-hosted Docker registry and a Swarm cluster. By the end of this course, you'll have the necessary knowledge to configure, measure, and optimize effective Docker platform security.
About the author
Nigel is an IT professional with over 25 years of experience, gained in technical and management roles, including as CEO of a technical consulting organization. He has recently returned to his technical roots, and provide tuition in the domain of microservices and container technologies.
More from the author
Section Introduction Transcripts
Course Overview
(music) Hi everyone, my name is Nigel Brown and welcome to my course, Securing the Docker Platform. As the leading components of the cloud native paradigm Docker has transformed the way that many organizations, large and small, go about building, packaging, and delivering software applications. The Docker platform is the vehicle for doing this and as sensitive corporate assets are exposed within the platform it's pretty crucial that it's configured to be secure. This course is all about the security controls and mechanisms that can be applied in order to protect those valuable assets. During the course the main topics that we'll cover include using an industry benchmark to baseline the security configuration, enhancing access control using an authorization plugin, deploying a secure registry for application images, and managing the security of a swarm cluster. By the end of the course not only will you have a good understanding of the Docker platforms default security mechanisms, but also the knowledge needed to create more flexible security solutions for your own situation. Ideally before you get going with this course you should already have some practical experience of Linux and some familiarity with the Docker platform and its command line interface. If you want to know how to measure the effectiveness of your existing Docker platform security and how to provide more flexible access patterns to the platform then join me to discover how to secure your Docker platform.
Enhancing Access Control to the Docker Platform
Hi and welcome back to the next module in this course, Securing the Docker Platform. I'm Nigel Brown and in this module, we're going to try and improve our options for controlling access to the docker daemon. An access control policy of all or nothing maybe to course for some docker platform environments. So we're going to explore how to create a more flexible environment. The module is called Enhancing Access Control to the Docker Daemon. Before we get stuck in, let's see what we'll discuss during the course of the module. Authentication and authorization are two very different aspects of security. So to start with, we'll differentiate between the two and make a case for employing authorization when users attempt to access the docker daemon. We'll move on to see how we can extend the capabilities of the docker engine by unraveling the docker engine's plugin API and more specifically its authorization plugin mechanism. Then having painted a fictitious authorization scenario, we'll take a look at their open policy agent and its implementation as a docker authorization plugin. We'll create some policy to represent our scenario before implementing authorization based access control to our example docker platform. When we're finished, you'll have the requisite knowledge you need in order to enhance the access control capabilities for your own docker platform environments.
Wrapping Up
Well done, you've reached the end of the course. It's been a journey so before I recommend some additional material that you can use to help you in your ongoing quest to keep your container based applications and platforms secure, let's take stock of where we are. Security is a ubiquitous topic, it doesn't matter which level of the software stack or infrastructure component you're dealing with, it's first ought to consider how best to deploy IT assets in order to keep our data and systems safe and secure. The problem often is knowing where to start and that's why industry led initiatives such as the CIS benchmarks a great way to get it started. The Docker CE benchmark may not take all of your requirements, but it's a great foundation to work with, especially if you're new to Docker. And whilst we're talking about benchmarks automation has become a key ingredient in the evolving cloud native landscape we find ourselves in. So making sure of open source tools for testing makes perfect sense. Tools like the Docker Bench for Security and the Inspect Testing Framework are ideal for this purpose, I'd encourage you to use them. We've learned that establishing a meaningful benchmark for the security of a Docker platform is the basis for the ongoing measurements of compliance. Don't forget though, time doesn't stand still, especially in the open source world. So be sure to keep up to date with changes to the Docker platform. Changes will inevitably affect the security controls you impose on your own platform.