Hi,
this week I gave a presentation together with Florian Barth from Stocard on Docker, DevOps/Microservices, and Security — a topic and collaboration that I will definitely cover in even more detail in the future!
The slides can be found here.
so long,
Matthias
Hi Matthias,
thx for the awesome presentation @MHP.
Enjoyed your presentation.
Hamed Montazeri
Hello — thanks for putting this up, it’s a very useful presentation, and nicely summarizes a lot of good Docker information.
As a non-German speaker, I did a quick translation using Google translate of the block, perhaps you could check Google’s work so other non-German speakers can get the information:
Column titles: Physical host, Virtual Machine, Container
First Row: Shared Resources: Share the net; Share the host hardware; Share the Kernel
Second Row: Attack Scenario: Attack the network for open ports, etc.; Attack on the Hypervisor; Attack by syscall on Kernel-isolation (Namespaces, Cgroups, …)
Third Row: Precautions: Port filters, firewalls, segmentation of networks; Good (better?) Hypervisor; Hedge in container Manager, SE-Linux, Capabilities
Fourth Row: Cost of (security?) Measures: Easy, Best Practices; Complex, but to manage centrally; Multilayered by relatively large attack surface
Hi Chris,
thanks for the effort, the translation makes sense — and we will include a translated version in future publications.
Thanks,
Matthias
Matthias, is there video of your presentation anywhere? Jim
Hi Jim,
unfortunately not, but given the impressive feedback/interest, we will continue to work on the topic and publish more. The slides above were only mean to compile a “state of the art” overview, so we will provide some more details on the thoughts behind it later.
Thanks,
Matthias