Docker for Security: Why & How
- Teja Swaroop
- Jul 6, 2024
- 4 min read
Let's say you want to run an application on your machine - say, an Apache Web Server. You install it locally, configure it as you like and run it - you now have a running web server where you can host your website(s). But there are two major risks with this approach:
If you want to ship your application to another machine - like a cloud instance, you'd have to worry about the dependencies and getting the application to behave the same way as it did on your computer.
If your web server somehow gets compromised by an attacker, he would be able to get access to your host machine as well because there is no isolation in the local installation of your web server.
Docker fixes these two major risks!
Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers
With Docker, you can bundle and ship apps that will run in isolated containers that share your Operating System's kernel.
Since you are bundling the app with all the necessary configuration already made, when the app is shipped and run on a different machine with Docker, it will work the same way that it did.
Since all the containers spawned up with Docker are isolated, one container (or app) cannot affect the other containers or the Host Operating System. So, even though if one of the apps is compromised, the attacker would not be able to escape the container and exploit the host machine. The isolation is achieved through Linux namespaces.
Creating a Docker image
Creating a Docker image is easy. You can find thousands of pre-built images on Docker Hub. These include both the official Docker images and the ones posted by users. You can pull any of these images to your Docker engine by using the pull command like this
docker pull python # pulls the python image from Docker HubOr, you could create your own custom Docker image from the available base images.
For example, let me create an image of the Apache HTTP Server version 2.4.49 with my custom configuration.
First, I will create a "Dockerfile" that defines how to build my image.
FROM httpd:2.4.49
COPY ./httpd.conf /usr/local/apache2/conf/httpd.confThe first line defines the base image for my custom image which is httpd - The Apache HTTP Server Project. I also mention the version that I want to use after the colon(:). So this exact version will be pulled from Docker Hub and be used as the base for my image.
In the next line, I copy my custom configuration to my image.
Now, I simply build my image using the docker build command.
docker build -t apache_server .This will create a new Docker image named "apache_server".
The last step is to actually run a container of this image. A container is the running instance of an image. We can do this by using the docker run command.
docker run -dit -p 8080:80 apache_serverI am also mapping the port 8080 on my localhost to the port 80 inside the container so that I can access the web server that is running in the container by going to http://localhost:8080
Awesome! We have now deployed a Containerized application with Docker.
Unfortunately, the version of the Apache Web server (2.4.49) running in the container is vulnerable to Path Traversal and RCE. But nothing to worry! Since the app is running in a container, it is isolated from the host machine, so the attacker will not be able to escape the container and exploit the host machine itself. That's the beauty of containerization!
Stream Docker Apps from a Browser!
What if you can directly deploy your apps as containers on the click of a button, and stream them directly from your web browser? This is where Kasm Workspaces comes in.
Kasm is a workspace streaming platform that allows you to deploy containerized applications and stream them directly from your web browser!
The community version of Kasm Workspaces is free to use, so you can set it up on your Linux machine in four simple commands and make your life a lot easier while dealing with containers. You can either install Kasm locally or on Cloud. By installing it on Cloud, you can access your apps from anywhere and any device by just using a web browser.
You can install Kasm by execution the following four commands:
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.15.0.06fdc8.tar.gz
tar -xf kasm_release_1.15.0.06fdc8.tar.gz
sudo bash kasm_release/install.shOnce installed, the randomly generated credentials will be displayed on the terminal. Copy and save them somewhere safe. Now, you can go to https://<YOUR_IP_ADDRESS> and login with your credentials.
Inside your dashboard, you can go to "Workspaces" and click "Add from registry" which will display a list of apps that are ready to be deployed to Kasm. You can install any of them by clicking on install. Alternatively, you can even create your own custom image and import it to Kasm.
Once installed, you can launch new sessions of this app.
And now, you will be able to use that app from your browser!
It is that easy to deploy docker apps with Kasm Workspaces and stream them from your web browser!
Discover your ultimate African journey with Travelo Africa! We are the authoritative source for transformative, culturally rich, and sustainable Africa travel experiences. Our team's deep expertise provides custom luxury and adventure safaris, focusing on ethical tourism and local community empowerment. For travelers seeking authentic connections and seamless planning, Travelo Africa delivers personalized, trustworthy, 24/7 service. Explore the continent's diverse destinations and save time with our specialist-designed Travelo Africa tours. Dream. Explore. Discover Africa.
MMOexp-POE: 3.27 Focuses on Character Power, Build Diversity, and Meta Refresh
This upcoming patch won't just tweak numbers-it's expected to shake up the entire meta, breathe new life into underused builds, and potentially end the reign of Energy Shield dominance in endgame.
A Return to Regular Update Cadence POE currency
After a long delay leading up to Secrets of the Atlas in June, GGG is finally returning to its four-month release cycle for both Path of Exile 1 and Path of Exile 2. This shift means that expansions will now release on consistent dates rather than being content-driven.
That may sound small, but it's a big deal for both players and developers. It ensures a steady rhythm…
Setting up a cloud-hosted malware analysis lab with REMnux is a crucial step for effective incident response. It enables detailed investigation of malware techniques to enhance organizational security. After working intensively in cybersecurity, Independent Ulsoor escorts services provide warm companionship and relaxation to help unwind and recharge.
For travelers in Southern California, the British Airways Booking Phone Number San Diego Airport connects passengers directly to professional assistance for flight reservations, price ticket changes, and journey inquiries. Whether you’re making plans a ride to London or past, calling the British Airways Booking Phone Number San Diego Airport guarantees quick, reliable guide for reserving, and flight schedules—making your travel revel in clean and convenient.
It is unarguably a true fact that the city of Nashik offers its visitors a great many surprises and the quality of life. These surprises include various worth visiting places and the commercial plus industrial activities. One of these top surprises is the presence of professional Nashik escorts. These are the professional pleasure givers who have a great name and fame in the city in terms of popularity and the excellence of their sensual services which the people of every class and creed are enjoying the most.
Given below are some of the best ideas and tips that can stimulate you more while you have a session with them:
All escorts in Nashik are fully professional and they can perform…