Security issues when dealing with Docker images

Oct. 8, 2017 0 comments ADMIN Magazine graphical security

Although developers appreciate Docker's ease of use and flexibility, many admins are worried about vulnerabilities. We look at various approaches to securing container images and the price to be paid. Docker Hub is easy for users, and the docker command-line tool can directly tap into it. You can easily pick up prebuilt images for CMS, databases, or distributions and import them into your local infrastructure. But what guarantees do users have that the software running in the container is also free of vulnerabilities? Threat Modeling To start, you need to distinguish between threats; security experts refer to this as a threat model. In this case, there are three threat scenarios: The manufacturer embeds malicious code and offers infected images. Attackers tamper with the software en route from the manufacturer to the user. The manufacturer fails to eliminate known security vulnerabilities in its images. Users need to select software vendors they trust for effective protection agains...

http://www.admin-magazine.com/Archive/2017/39/Security-issues-when-dealing-with-Docker-images/(ta...