Back To Schedule
Wednesday, November 8 • 11:00am - 11:50am
What you should know about container security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The purpose of this presentation is to introduce the different options in securing a container and the host that the container is running on so that the audience will have an understand of container security and some of the tools available to secure their container environment Presentation is going to be divided into 3 parts. The first part of the presentation will give an overview on what a container is and how Docker make it so popular as well as to introduce the container ecosystem especially all the Linux distributions that are tuned for running container with small footprint to minimize attack surface. Will explain the use of namespace, cgroup, root capabilities with seccomp and the use of Mandatory Access Control of SELinux and AppArmor for container security, tenent isolation in a host and the practice of the Least Privilage principle. The second part of the presenation will explain the various external tools such as The Update Framwork (TUF) which is the basis for Docker Content Trust, the use of digital digest for container image integrity and the various container scanning offerings from Red Hat, IBM, CoreOS, Intel and others. Automation is an important aspect for security and in the 3rd part of this presnetation, there is a hand-on demo on how to use ansible-container to harden a container

avatar for Anthony	Chow

Anthony Chow

Network Engineer, Cephas Security Solutions
Software developer for networking and security equipment. Inventor of 2 U.S. Patents. Presented at Developer Week Austin, Developer Week SF, Southern California Linux Expo (SCALE) and vBrownBag on different topics multiple times. I am a VMware vExpert, Intel Innovator and Auth0 Ambassador... Read More →

Wednesday November 8, 2017 11:00am - 11:50am CST
Workshop Room 1