cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CJM
Newcomer I

Docker: Security Solutions - what the safest way to secure Docker?

Hi All,

 

I work for a tech start up where VM and Docker are used for development purposes.

 

In a security review we were discussing how Docker could pose a serious threat if developers are using uncertified images as part of trials and testing.

 

Trying to balance the risk against innovation is always a risk balanced decision; however, 1 scenario which has been discussed is:

 

An image is download containing malicious code to enable network sniffing, i.e. setting a network card outside the container, which is part of the native Windows/Linux build, to monitor/promiscuous mode, which then sends traffic to a malicious actor.


Acknowledging native end point monitoring software will detect some suspicious activity, what are the collective thoughts around securing Docker as much as reasonably practicable without stifling innovation?

 

Grateful as always for your contributions.

1 Reply