topic Re: Docker: Security Solutions - what the safest way to secure Docker? in Threats https://community.isc2.org/t5/Threats/Docker-Security-Solutions-what-the-safest-way-to-secure-Docker/m-p/50931#M533 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1676923323">@CJM</a>Here are a few suggestions:</P><P>&nbsp;</P><P><A href="https://developer.ibm.com/articles/ibm-best-practices-for-the-kubernetes-cicd-secure-container-image-pipeline/" target="_blank">https://developer.ibm.com/articles/ibm-best-practices-for-the-kubernetes-cicd-secure-container-image-pipeline/</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/cloud/blog/kubernetes-vs-docker" target="_blank">https://www.ibm.com/cloud/blog/kubernetes-vs-docker</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/cloud/architecture/content/course/containers-and-docker/docker-containers/" target="_blank">https://www.ibm.com/cloud/architecture/content/course/containers-and-docker/docker-containers/</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/docs/en/cloud-private/3.2.0?topic=images-enforcing-container-image-security" target="_blank">https://www.ibm.com/docs/en/cloud-private/3.2.0?topic=images-enforcing-container-image-security</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/docs/en/sscfcp/1.1.0?topic=overview-security-secure-service-container-cloud-private" target="_blank">https://www.ibm.com/docs/en/sscfcp/1.1.0?topic=overview-security-secure-service-container-cloud-private</A></P><P>&nbsp;</P><P><A href="https://info.aquasec.com/ebook-container-security-ten-things-devops-need-to-do-sem?utm_source=adwords&amp;utm_medium=ppc&amp;utm_campaign=Secure_Docker&amp;utm_term=secure%20docker&amp;utm_device=c&amp;utm_content=345683197164&amp;gclid=Cj0KCQjwmuiTBhDoARIsAPiv6L_nJRC32dLJPocNqhb_Q4aFFr74sYY6cju13GOMNNEUm9Yy-D3KD3saAqylEALw_wcB" target="_blank">https://info.aquasec.com/ebook-container-security-ten-things-devops-need-to-do-sem?utm_source=adwords&amp;utm_medium=ppc&amp;utm_campaign=Secure_Docker&amp;utm_term=secure%20docker&amp;utm_device=c&amp;utm_content=345683197164&amp;gclid=Cj0KCQjwmuiTBhDoARIsAPiv6L_nJRC32dLJPocNqhb_Q4aFFr74sYY6cju13GOMNNEUm9Yy-D3KD3saAqylEALw_wcB</A></P><P>&nbsp;</P><P><A href="https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html" target="_blank">https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html</A></P><P>&nbsp;</P><P><A href="https://www.stackrox.io/blog/docker-security-101/" target="_blank">https://www.stackrox.io/blog/docker-security-101/</A></P><P>&nbsp;</P><P>Try these and see if they help you set you on the right path with the appropriate policies.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Tue, 10 May 2022 21:38:55 GMT Caute_cautim 2022-05-10T21:38:55Z Docker: Security Solutions - what the safest way to secure Docker? https://community.isc2.org/t5/Threats/Docker-Security-Solutions-what-the-safest-way-to-secure-Docker/m-p/50922#M532 <P>Hi All,</P><P>&nbsp;</P><P>I work for a tech start up where VM and Docker are used for development purposes.</P><P>&nbsp;</P><P>In a security review we were discussing how Docker could pose a serious threat if developers are using uncertified images as part of trials and testing.</P><P>&nbsp;</P><P>Trying to balance the risk against innovation is always a risk balanced decision; however, 1 scenario which has been discussed is:</P><P>&nbsp;</P><P>An image is download containing malicious code to enable network sniffing, i.e. setting a network card outside the container, which is part of the native Windows/Linux build, to monitor/promiscuous mode, which then sends traffic to a malicious actor.</P><P><BR />Acknowledging native end point monitoring software will detect some suspicious activity, what are the collective thoughts around securing Docker as much as reasonably practicable without stifling innovation?</P><P>&nbsp;</P><P>Grateful as always for your contributions.</P> Tue, 10 May 2022 11:32:24 GMT https://community.isc2.org/t5/Threats/Docker-Security-Solutions-what-the-safest-way-to-secure-Docker/m-p/50922#M532 CJM 2022-05-10T11:32:24Z Re: Docker: Security Solutions - what the safest way to secure Docker? https://community.isc2.org/t5/Threats/Docker-Security-Solutions-what-the-safest-way-to-secure-Docker/m-p/50931#M533 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1676923323">@CJM</a>Here are a few suggestions:</P><P>&nbsp;</P><P><A href="https://developer.ibm.com/articles/ibm-best-practices-for-the-kubernetes-cicd-secure-container-image-pipeline/" target="_blank">https://developer.ibm.com/articles/ibm-best-practices-for-the-kubernetes-cicd-secure-container-image-pipeline/</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/cloud/blog/kubernetes-vs-docker" target="_blank">https://www.ibm.com/cloud/blog/kubernetes-vs-docker</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/cloud/architecture/content/course/containers-and-docker/docker-containers/" target="_blank">https://www.ibm.com/cloud/architecture/content/course/containers-and-docker/docker-containers/</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/docs/en/cloud-private/3.2.0?topic=images-enforcing-container-image-security" target="_blank">https://www.ibm.com/docs/en/cloud-private/3.2.0?topic=images-enforcing-container-image-security</A></P><P>&nbsp;</P><P><A href="https://www.ibm.com/docs/en/sscfcp/1.1.0?topic=overview-security-secure-service-container-cloud-private" target="_blank">https://www.ibm.com/docs/en/sscfcp/1.1.0?topic=overview-security-secure-service-container-cloud-private</A></P><P>&nbsp;</P><P><A href="https://info.aquasec.com/ebook-container-security-ten-things-devops-need-to-do-sem?utm_source=adwords&amp;utm_medium=ppc&amp;utm_campaign=Secure_Docker&amp;utm_term=secure%20docker&amp;utm_device=c&amp;utm_content=345683197164&amp;gclid=Cj0KCQjwmuiTBhDoARIsAPiv6L_nJRC32dLJPocNqhb_Q4aFFr74sYY6cju13GOMNNEUm9Yy-D3KD3saAqylEALw_wcB" target="_blank">https://info.aquasec.com/ebook-container-security-ten-things-devops-need-to-do-sem?utm_source=adwords&amp;utm_medium=ppc&amp;utm_campaign=Secure_Docker&amp;utm_term=secure%20docker&amp;utm_device=c&amp;utm_content=345683197164&amp;gclid=Cj0KCQjwmuiTBhDoARIsAPiv6L_nJRC32dLJPocNqhb_Q4aFFr74sYY6cju13GOMNNEUm9Yy-D3KD3saAqylEALw_wcB</A></P><P>&nbsp;</P><P><A href="https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html" target="_blank">https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html</A></P><P>&nbsp;</P><P><A href="https://www.stackrox.io/blog/docker-security-101/" target="_blank">https://www.stackrox.io/blog/docker-security-101/</A></P><P>&nbsp;</P><P>Try these and see if they help you set you on the right path with the appropriate policies.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Tue, 10 May 2022 21:38:55 GMT https://community.isc2.org/t5/Threats/Docker-Security-Solutions-what-the-safest-way-to-secure-Docker/m-p/50931#M533 Caute_cautim 2022-05-10T21:38:55Z