Presentation Material
Abstract
This hands on workshop provides an overview of Docker fundamentals followed by a deep dive into various security features and best practices to protect docker infrastructure. Attendees will also gain exposure to exploiting vulnerable docker infrastructure based on real world scenarios, investigating ways to improve the overall security of the docker infrastructure, including scanning images for vulnerabilities, deploying container security monitoring to detect attacks covered earlier in the workshop and developing alerting capability using the the ELK stack.
AI Generated Summarymay contain errors
Here is a summarized version of the content:
Main Topic: Monitoring Docker Infrastructure using ELK Stack (Elasticsearch, Logstash,<|begin_of_text|> in Kibana)
Speaker’s Goal: To demonstrate how to monitor Docker containers using the ELK stack and share best security practices for Docker infrastructure.
Key Points:
- The speaker highlights the importance of monitoring in any infrastructure, especially with Docker due to its lightweight nature.
- They introduce the ELK stack as a solution, comprising Elasticsearch (a NoSQL database), Logstash (log aggregator), and Kibana (graphical user interface).
- Filebeat is used to collect logs from containers and push them to Logstash, which then sends them to Elasticsearch for visualization in Kibana.
- The speaker shares a demo of the ELK stack in action, showing how it can be used to monitor Docker containers.
- They emphasize that setting up monitoring tools like this takes significant time and effort.
Docker Security Best Practices:
- Ensure host security (patch Docker, use a partner or SELinux, update software regularly).
- Monitor containers and avoid running processes as root.
- Do not store secrets in containers.
- Specify package versions for base images and scan them regularly for vulnerabilities.
- Limit container resources using control groups and runtime security.
Conclusion:
The speaker notes the rapid growth of containerization technology, citing Docker’s statistics (3.5 million+ containerized applications, 37 billion+ downloads). They emphasize the inherent security benefits of containerization when used appropriately, such as transparency, modularity, reduced attack surfaces, environment parity, and easy updates.
Call to Action: The speaker invites attendees to connect with them on LinkedIn for more information on setting up the ELK stack in their infrastructure and offers to share vulnerable machines for practice.