Presented By: Rory McCune
Containers and container orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they really work and how can you attack or secure them?
This course breaks down the fundamental components of Docker and Linux containers, showing how they work together to create isolated environments for applications.
We’ll also be covering fundamental Linux security concepts such as namespaces, cgroups, capabilities and seccomp, along with showing how to secure (or break into) container-based applications.
The course will then move on to the world of container orchestration and clustering, looking at how Kubernetes works and the security pitfalls that can leave the clusters and cloud-based environments which use containers exposed to attack.
The 2 day course will take place on the 10th & 11th September 2019 in London.
The price is £1,300 (inc VAT). Book your place in our shop now.
Learning Objectives
- Guidance on how to effectively use Docker to build secure and performant container images.
- Details on how Linux containers are constructed and secured, including cgroups, namespaces, capability and seccomp filtering.
- Hardening guidance for Docker Engine instances.
- Introduction to container clustering and orchestration with Docker Swarm.
- Secure configuration and attacks of Kubernetes clusters.
- Techniques for effectively assessing the security of container images.
Course Outline
Day 1:
- Docker Basics
- Using Docker – This starts with basic Docker commands to familiarise students with how they work.
- Docker networking – A look at how Docker networking operates and the options available that can be used to help isolate potentially dangerous containers.
- Creating Docker Images – Covering how to create Docker images with examples around security tool creation.
- Container Fundamentals – This delves into Linux container primitives, such as namespaces, cgroups, capabilities and seccomp filtering, essentially showing how container security is applied.
- Docker Security – This looks at primary security concerns around the use of Docker Engine, including common pitfalls and how to attack or mitigate them.
- Extras – Depending on how fast the students have been working through the day’s content, some extras can be covered, such as looking at the wider Docker ecosystem and some tooling to help manage containers more easily.
Day 2:
- Docker Swarm – this looks at the in-built Docker container orchestration platform, Docker Swarm, how its security is implemented and common weaknesses that might be exploited by attackers to compromise it.
- Introduction to Kubernetes – Here we’ll cover the Kubernetes container orchestration platform and look at how it’s architected and composed. The goal is to familiarise students with how the platform operates so they can understand key areas of security concern/points of attack.
- Kubernetes Security – This module looks at three major threat models for Kubernetes clusters (external attackers, compromised containers, and malicious users) and walks through the likely attack paths that each would take, showing practical approaches to exploiting Kubernetes security weaknesses.
- Amazon ECS – A quick look at some of the other commonly encountered options for containerization and possible security concerns in each of these.
- CTF – Test your newly learned skills in a Capture The (containerized) Flag competition!
Target Audience
Security employees, from both blue teams (internal defence) and red teams (external testers) who are looking to get a better understanding of containerisation and its security concerns.
Student Requirements
The course assumes a reasonable level of familiarity with Linux basics, but no familiarity with containerisation.
What to Bring
- Working laptop where you have administrator rights
Software Requirements
- Linux / Windows / Mac OS X desktop operating systems
- SSH client capable of using key based logins
Students will be provided with
Copies of the course including all exercises and Virtual Machine images used during the course.
About the Trainer
LEAD INSTRUCTOR – Rory McCune @raesene
Rory has worked in the Information and IT Security arena for the last 18 years in a variety of roles, from financial services, to running a small testing company, to working for large companies as a consultant. These days he spends most of his work time on application, cloud and container security.
He’s an active member of the UK InfoSec community and has been presenting at security and general IT conferences for the last 8 years, including having the accolade of, currently, being the only person to have spoken at all the UK BSides conferences. When he’s not working he can generally be found out and about enjoying the scenery in the Highlands of Scotland, if the midgies aren’t biting!