After attending a Black Hat 2020 training on container security, it’s clear that a lot of work has to go into properly setting up Docker and Kubernetes in order to keep an enterprise secure.
I have been in IT for over 20 years, but have never had any hands on experience with containers. Conceptually, I understand what they are and how they work, but since I’ve never had to implement them, I wasn’t sure how it worked. In addition, I had no idea how to actually secure them. Again, the concept sounds great, but the old adage of “as security increases, usability decreases” sat in my head, and with how easy everything container-related sounded, it also seemed like security was going to be an afterthought. Turns out I was right. To get up to speed, I signed up for the Black Hat 2020 session entitled, “From Zero to Hero: Pentesting and Securing Docker Swarm and Kubernetes Environments.” The course, taught by Sheila A. Berta and Sol Ozzan, literally started with a description of how Docker containers worked and went all the way through a Kubernetes deployment. It was entirely hands on – students were required to install Docker and microk8s on their own machine before the class – and was a great way to see how the tools communicate, where the weak points are, and most importantly, how to try locking it down. Unfortunately, while the course says you’ll be a “hero” at the end of two days, I feel like I am just starting down the road and have a lot more to learn. That said, I wasn’t going into it expecting to be an expert after only 16 hours of training. Before getting into my high level observations, it’s important to explain what a container is. In the development world, it’s common to write code on your own machine, have it work perfectly, but then when you try running it on a server somewhere, it just doesn’t work.
