DeveloperWeek Austin 2017

The purpose of this presentation is to introduce the different options in securing a container and the host that the container is running on so that the audience will have an understand of container security and some of the tools available to secure their container environment Presentation is going to be divided into 3 parts. The first part of the presentation will give an overview on what a container is and how Docker make it so popular as well as to introduce the container ecosystem especially all the Linux distributions that are tuned for running container with small footprint to minimize attack surface. Will explain the use of namespace, cgroup, root capabilities with seccomp and the use of Mandatory Access Control of SELinux and AppArmor for container security, tenent isolation in a host and the practice of the Least Privilage principle. The second part of the presenation will explain the various external tools such as The Update Framwork (TUF) which is the basis for Docker Content Trust, the use of digital digest for container image integrity and the various container scanning offerings from Red Hat, IBM, CoreOS, Intel and others. Automation is an important aspect for security and in the 3rd part of this presnetation, there is a hand-on demo on how to use ansible-container to harden a container