I’m currently investigating Docker as a means to provide an extra layer of protection/security for existing applications. I have viewed some of the webinars Docker has given on Docker and security and it initially had me believing that out of the box Docker could provide an additional layer of security with simply containerizing parts of your existing application. But I’m not so sure know as I dig a little deeper/play around with docker a little more.
I work in a cyber security team so my interest in Docker is strictly security related. Obviously Docker has and is targeted to solve other issues but was approaching this that it could also be a security enabler at the same time. But after a little exchange with Nathan Le Claire on the Docker forum I’m not so sure any more. SSH from a container to the host OS?
Sure you can design and architect security into the design of the system using docker (can do that without docker) but was really looking at it if it could do a fair amount default wise without a lot of effort, particularly on existing system (yes I know it will always depend on existing system architecture).
What I was really looking to highlight and or show is here is an existing application that does not use docker and here are your risks and or show an attack/compromise. Then here by simply containerizing I have eliminated at least some of the attack surface/compromise. Things that run web services/tomcat seem to be the natural fit. This is what I was looking to do http://blog.opensecurityresearch.com/2012/09/manually-exploiting-tomcat-manager.html the cmd.war
So if folks have some examples I’m very open to some thoughts in this space.