
An Introduction to Linux Container and Threats
The idea of container technology first appeared around the 2000s, as a technology that allows partitioning of FreeBSD system into multiple subsystems. Then, the concept of Jails was developed as safe environments that a system admin could share with various users within an organization. In a jail, the actual intent was to get processes created in a tailored environment where all access including networking is virtualized, restricting an escape, or compromising of the system. Moreover, with limited resources and techniques, Jails were facing limited implementations and as time passed, jail escaping techniques were also discovered eventually.
With time, the Linux container technology concepts evolved into the arena, making a rapid change. Today, the Linux containers are technologies that allow to package and isolate applications with their entire runtime environment—all of the files necessary to run. This makes it easy to move the contained application between environments while retaining the application’s full functionality. Moreover, the Linux containers help reduce conflicts between organizations development and operations teams by separating areas of responsibility and allowing developers focus on their apps while the operations team focus on the infrastructure. Also, as Linux containers are based on open source technology, the user gets the latest and greatest advancement as soon as they’re available.
Security
Following the evolution path of cyber technology solutions, Cyber threats also evolved. Even the modern containers can suffer from most of the threats common to both single-OS server environments and virtualized server environments. General threats to container security include:
1. Containers forced to use up system resources can lead to slow down or even crash the whole system
2. Various types of Distributed Denial of Service attacks basically on the application level
3. In public containers, there are chances of cross-scripting as well as general scripting attacks
4. Containers already compromised can download additional support malware, worms, and ransomware
5. Allowing unauthorized access and guest users without policies can harm the container security
6. Live patching of applications to introduce malicious processes
7. Use of insecure applications to flood the network and affect other containers
Security can be improved not only with the knowledge about general threats but also by studying about prominent attack types. Take a look at some of the major attack types that containers face:
1. Buffer overflow, as well as heap corruption in various libraries including the Ruby and Python, allows execution of malicious program codes in the system
2. The Dirty Cow exploit that basically targets the Linux kernels allows escalation of root privileges on the container
3. OpenSSL heap corruption caused by malformed key header
4. Crash can be caused by the presence of a specific extension
5. For stealing sensitive information, SQL injection attacks are widely adopted by attackers allowing them to gain control of the complete database
6. Vulnerabilities like stack-based buffer overflow and the man-in-the-middle attacks causes serious effects
7. As in the other software systems, any zero-day attack on the containers also represents an on-going threat
With numerous threats around containers for a better understanding of why run-time security is so critical, consider the applications complete lifecycle. The product developed, tested, packed and then deployed in just a few months may be shared across numerous instances worldwide. This makes run-time by far the greater window of attack. So maintaining and managing the security of these systems need a good base of security threats, knowledge of security layers and more over a better experience in dealing with cyber attacks in containers.
See Also:
prnewswire|CIO Review
Facebook|CIO Review
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Major Trends Shaping Fintech Revolution
BANKEX: Secured Blockchain-based Tokenization
Importance of Artificial Intelligence Drones
