Docker for Security: Why & How
- Teja Swaroop
- Jul 6, 2024
- 4 min read
Let's say you want to run an application on your machine - say, an Apache Web Server. You install it locally, configure it as you like and run it - you now have a running web server where you can host your website(s). But there are two major risks with this approach:
If you want to ship your application to another machine - like a cloud instance, you'd have to worry about the dependencies and getting the application to behave the same way as it did on your computer.
If your web server somehow gets compromised by an attacker, he would be able to get access to your host machine as well because there is no isolation in the local installation of your web server.
Docker fixes these two major risks!
Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers
With Docker, you can bundle and ship apps that will run in isolated containers that share your Operating System's kernel.
Since you are bundling the app with all the necessary configuration already made, when the app is shipped and run on a different machine with Docker, it will work the same way that it did.
Since all the containers spawned up with Docker are isolated, one container (or app) cannot affect the other containers or the Host Operating System. So, even though if one of the apps is compromised, the attacker would not be able to escape the container and exploit the host machine. The isolation is achieved through Linux namespaces.
Creating a Docker image
Creating a Docker image is easy. You can find thousands of pre-built images on Docker Hub. These include both the official Docker images and the ones posted by users. You can pull any of these images to your Docker engine by using the pull command like this
docker pull python # pulls the python image from Docker HubOr, you could create your own custom Docker image from the available base images.
For example, let me create an image of the Apache HTTP Server version 2.4.49 with my custom configuration.
First, I will create a "Dockerfile" that defines how to build my image.
FROM httpd:2.4.49
COPY ./httpd.conf /usr/local/apache2/conf/httpd.confThe first line defines the base image for my custom image which is httpd - The Apache HTTP Server Project. I also mention the version that I want to use after the colon(:). So this exact version will be pulled from Docker Hub and be used as the base for my image.
In the next line, I copy my custom configuration to my image.
Now, I simply build my image using the docker build command.
docker build -t apache_server .This will create a new Docker image named "apache_server".
The last step is to actually run a container of this image. A container is the running instance of an image. We can do this by using the docker run command.
docker run -dit -p 8080:80 apache_serverI am also mapping the port 8080 on my localhost to the port 80 inside the container so that I can access the web server that is running in the container by going to http://localhost:8080
Awesome! We have now deployed a Containerized application with Docker.
Unfortunately, the version of the Apache Web server (2.4.49) running in the container is vulnerable to Path Traversal and RCE. But nothing to worry! Since the app is running in a container, it is isolated from the host machine, so the attacker will not be able to escape the container and exploit the host machine itself. That's the beauty of containerization!
Stream Docker Apps from a Browser!
What if you can directly deploy your apps as containers on the click of a button, and stream them directly from your web browser? This is where Kasm Workspaces comes in.
Kasm is a workspace streaming platform that allows you to deploy containerized applications and stream them directly from your web browser!
The community version of Kasm Workspaces is free to use, so you can set it up on your Linux machine in four simple commands and make your life a lot easier while dealing with containers. You can either install Kasm locally or on Cloud. By installing it on Cloud, you can access your apps from anywhere and any device by just using a web browser.
You can install Kasm by execution the following four commands:
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.15.0.06fdc8.tar.gz
tar -xf kasm_release_1.15.0.06fdc8.tar.gz
sudo bash kasm_release/install.shOnce installed, the randomly generated credentials will be displayed on the terminal. Copy and save them somewhere safe. Now, you can go to https://<YOUR_IP_ADDRESS> and login with your credentials.
Inside your dashboard, you can go to "Workspaces" and click "Add from registry" which will display a list of apps that are ready to be deployed to Kasm. You can install any of them by clicking on install. Alternatively, you can even create your own custom image and import it to Kasm.
Once installed, you can launch new sessions of this app.
And now, you will be able to use that app from your browser!
It is that easy to deploy docker apps with Kasm Workspaces and stream them from your web browser!
O KMSpico Ativador garante sua ativação 100% funcional. Com o KMSpico Ativador, você não precisa mais se preocupar. Tudo fica ativo com o KMSpico Ativador. O KMSpico Ativador é compatível com várias edições. Simplesmente execute o KMSpico Ativador e aproveite. O KMSpico Ativador resolve todos os avisos de ativação. Com o KMSpico Ativador, o sistema fica completo. Sua ativação não expira com o KMSpico Ativador. Economize com inteligência usando o KMSpico Ativador. A melhor escolha é sempre o KMSpico Ativador.
Hokis real estate agents in zirakpur , providing expert guidance for buying, selling, and renting properties. With deep market knowledge, we ensure the best deals on residential and commercial properties. Trust our experienced professionals to find your dream home or investment opportunity in Zirakpur’s thriving real estate market.
CroxyProxy is a web proxy service, which means it acts as a middleman between your browser and the website you want to visit. Instead of connecting directly to the website, your browser connects to CroxyProxy croxyproxy.com.co, which then fetches the site for you. Whether you’re trying to watch a video, check the news, or scroll social media, internet restrictions shouldn’t stop you. With CroxyProxy, you don’t need to install software, sign up for accounts, or pay upfront. Just open the site, enter a URL, and browse.
Visit our Most Popular Related website:
Blockawayproxy.com
croxyproxycom.com
icroxyproxy.com
blockaway.com.co
iblockaway.com
Block-away.com
Lately, I’ve been reading a lot about the SBI Small Cap Fund, and it seems like a smart pick for long-term investors. The SBI Small Cap Fund Calculator really helped me visualize how my SIP investments could grow over the years. I’m particularly considering the SBI Small Cap Fund Regular Growth option because of its consistent past performance. For anyone searching for the Best SIP to start with, this fund definitely deserves a closer look.
Application security provider in Chicago is what an enterprise does to protect its critical data from external threats by ensuring the security of all of the software used to run the business, whether built internally, bought or downloaded. Application security helps identify, fix and prevent security vulnerabilities in any kind of software application and almost every application has vulnerabilities. Using Ascent InfoSec Application Security Services, you’ll design and build a program that integrates application security across your entire software development life cycle.
Ascent InfoSec AppSec focus on assessing software and applications for clients — from simple websites to complex, cloud-based application platforms. We also help you ensure that when you build new apps, you build them securely from the ground…