top of page

Docker for Security: Why & How

Writer: Teja SwaroopTeja Swaroop

Let's say you want to run an application on your machine - say, an Apache Web Server. You install it locally, configure it as you like and run it - you now have a running web server where you can host your website(s). But there are two major risks with this approach:

  1. If you want to ship your application to another machine - like a cloud instance, you'd have to worry about the dependencies and getting the application to behave the same way as it did on your computer.

  2. If your web server somehow gets compromised by an attacker, he would be able to get access to your host machine as well because there is no isolation in the local installation of your web server.

Docker fixes these two major risks!


Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers

With Docker, you can bundle and ship apps that will run in isolated containers that share your Operating System's kernel.

  • Since you are bundling the app with all the necessary configuration already made, when the app is shipped and run on a different machine with Docker, it will work the same way that it did.

  • Since all the containers spawned up with Docker are isolated, one container (or app) cannot affect the other containers or the Host Operating System. So, even though if one of the apps is compromised, the attacker would not be able to escape the container and exploit the host machine. The isolation is achieved through Linux namespaces.



Creating a Docker image

Creating a Docker image is easy. You can find thousands of pre-built images on Docker Hub. These include both the official Docker images and the ones posted by users. You can pull any of these images to your Docker engine by using the pull command like this

docker pull python # pulls the python image from Docker Hub

Or, you could create your own custom Docker image from the available base images.

For example, let me create an image of the Apache HTTP Server version 2.4.49 with my custom configuration.


First, I will create a "Dockerfile" that defines how to build my image.

FROM httpd:2.4.49
COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf

The first line defines the base image for my custom image which is httpd - The Apache HTTP Server Project. I also mention the version that I want to use after the colon(:). So this exact version will be pulled from Docker Hub and be used as the base for my image.

In the next line, I copy my custom configuration to my image.


Now, I simply build my image using the docker build command.

docker build -t apache_server .

This will create a new Docker image named "apache_server".


The last step is to actually run a container of this image. A container is the running instance of an image. We can do this by using the docker run command.

docker run -dit -p 8080:80 apache_server

I am also mapping the port 8080 on my localhost to the port 80 inside the container so that I can access the web server that is running in the container by going to http://localhost:8080

Awesome! We have now deployed a Containerized application with Docker.

Unfortunately, the version of the Apache Web server (2.4.49) running in the container is vulnerable to Path Traversal and RCE. But nothing to worry! Since the app is running in a container, it is isolated from the host machine, so the attacker will not be able to escape the container and exploit the host machine itself. That's the beauty of containerization!



Stream Docker Apps from a Browser!

What if you can directly deploy your apps as containers on the click of a button, and stream them directly from your web browser? This is where Kasm Workspaces comes in.


Kasm is a workspace streaming platform that allows you to deploy containerized applications and stream them directly from your web browser!

The community version of Kasm Workspaces is free to use, so you can set it up on your Linux machine in four simple commands and make your life a lot easier while dealing with containers. You can either install Kasm locally or on Cloud. By installing it on Cloud, you can access your apps from anywhere and any device by just using a web browser.


You can install Kasm by execution the following four commands:

cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.15.0.06fdc8.tar.gz
tar -xf kasm_release_1.15.0.06fdc8.tar.gz
sudo bash kasm_release/install.sh

Once installed, the randomly generated credentials will be displayed on the terminal. Copy and save them somewhere safe. Now, you can go to https://<YOUR_IP_ADDRESS> and login with your credentials.


Inside your dashboard, you can go to "Workspaces" and click "Add from registry" which will display a list of apps that are ready to be deployed to Kasm. You can install any of them by clicking on install. Alternatively, you can even create your own custom image and import it to Kasm.



Once installed, you can launch new sessions of this app.


And now, you will be able to use that app from your browser!


It is that easy to deploy docker apps with Kasm Workspaces and stream them from your web browser!

7 Comments


Nevas Technologies
Nevas Technologies
12 minutes ago

QuickBooks Migration

The initial choice towards QuickBooks is pretty obvious and more likely to be the fast and easy decision for a small businesses or say, micro businesses at the beginning. As the small business takes shape towards the growth in market, its complexity also gets increased alongside which is when QuickBooks can no longer suffice the needs of the business.

Hence, it is important and much needed to migrate to Dynamics 365 Business Central for its ease of use and fulfilment for the complex needs of the growing small businesses and mid-size businesses.

Like

Such a beautiful way to describe two different things at a time. I never considered that this topic could be so deep until reading yours! I want to draw attention that we are also seeking your guidance on ring size chart for women as we work on it. If you have any information or suggestions about the topic, please send us your feedback. We are eagerly waiting for your further blog.

Like

I enjoyed reading your post! One thing I'd love to say is that this information has changed my views. It would be great if you could expand on that in a future post! I would like to have your lookout on my and my team's work on capricorn and cancer as we are seekers of your suggestion. Please provide some information you have on this topic, and we will be waiting for your feedback and new blogs for us.

Like

I enjoyed reading your post! One thing I'd love to say is that this information has changed my views. It would be great if you could expand on that in a future post! I would like to have your lookout on my and my team's work on leo and pisces as we are seekers of your suggestion. Please provide some information you have on this topic, and we will be waiting for your feedback and new blogs for us.

Like

Next, I need to add the keyword Content Creation Agency. The user probably wants this added in a way that's relevant. Since Docker is about software delivery, maybe relate it to how a Content Creation Agency manages digital content. Perhaps something like mentioning consistency and efficiency in deploying applications, similar to how a Content Creation Agency handles content across platforms.

Like

© 2019 Tech Raj. Designed by Teja Swaroop

  • YouTube
  • Facebook Page
  • Twitter
bottom of page