Securing Docker Container Workloads

Securing Docker Container Workloads

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 3h 13m | 420 MB

Docker containers are a mainstream mechanism for application delivery, and securing the container workload is vital. This course will give you the knowledge and techniques you need for securing containerized software applications.

Packaging, distributing, and running software applications in containers is no longer a pastime just for early adopters. Containers are mainstream, and with that comes a concern about the security and integrity of containers as an application delivery mechanism. In this course, Securing Docker Container Workloads, you’ll learn how to secure your application workloads from the perspective of the container itself. First, you’ll learn about the Linux security mechanisms that go together to create the abstract concept of the container, and how they work together to ensure that containers are good neighbors. Next, you’ll explore the privileges that are available to container workloads, and how you can adopt and apply the principle of least privilege to reduce the risk of privilege escalation. Finally, you’ll see how to minimize the attack surface available from within a container by limiting the access it has to the kernel and other system objects. By the end of this course, you’ll be equipped with the knowledge and techniques necessary for securing your Docker container workloads.

Table of Contents

01 – Course Overview
02 – Course Introduction
03 – Introducing Namespaces
04 – Creating a Container with Namespaces
05 – Demonstrating Process Isolation with Namespaces
06 – Understanding Docker’s Use of Namespaces
07 – Modifying Namespace Use for a Docker Container
08 – Module Summary
09 – Module Overview
10 – Introducing Control Groups
11 – Applying CPU Shares Limits to Processes
12 – Understanding Docker’s Use of Control Groups
13 – Defining the Resources Available to Control
14 – Using the Docker CLI to Control Container Resource Usage
15 – Module Summary
16 – Module Overview
17 – Managing Privileges with a Non-privileged User
18 – Advanced Management of a Container User
19 – Running a Container Workload as a Non-privileged User
20 – Introducing Linux Capabilities
21 – Docker and Linux Capabilities
22 – Using Capabilities with a Container Workload
23 – Module Summary
24 – Module Overview
25 – Introducing Secure Computing Mode
26 – Demonstrating the Use of a Basic Seccomp BPF Filter
27 – Understanding Docker’s Use of Seccomp
28 – Creating a Custom Seccomp Profile for a Container Workload
29 – Implementing a Custom Seccomp Profile for a Container Workload
30 – Module Summary
31 – Module Overview
32 – Access Control with Linux Security Modules
33 – Using SELinux to Implement Access Control
34 – Applying SELinux to Container Workloads
35 – Demonstrating SELinux Applied to Container Workloads
36 – AppArmor and Applying Profiles to Container Workloads
37 – Generating a Custom AppArmor Profile for a Container Workload
38 – Course Summary