Docker is the new hot thing in the IT industry right now, and while most people are still adjusting to it, it is, without a doubt, a disruptive piece of technology. To say that Docker is “like a virtual machine, but better” is an understatement that borders on becoming an oversimplification. Docker is so much more than just a better virtual machine.
But we aren’t here to talk about what makes Docker such an obvious choice and why you should be adopting it for your business. We’re already past that point (because you should adopt it). We’re here to talk about the risks involved when using a new piece of tech. And this rings true for all types of new technology. Like any tools, there are always new ways to use them. Some are good, while some are bad.
This article is meant to give you an insight into the security risks that you need to watch out for when you dabble with Docker. And these security threats are:
Compromised Container Images
A compromised container image can be likened to a mouse trap. An attacker can potentially insert malware into the image which will then be automatically triggered as soon as you run the image.
A recent incident illustrated this security flaw aptly as 17 container images were found to contain Monero Miners. The images were uploaded unto the Docker Hub and these tampered images were downloaded (collectively) 5 million times. While one could argue that miners aren’t exactly destructive, the mere thought that a Docker image could be tampered with should be disturbing enough on its own.
With containers, the kernel is shared between all images. This means that all images are inter-connected. This means that if one container causes the kernel to panic, and to fail, all other containers will be affected in the same manner, along with the host.
Container images each come with an API key as well as login details. Should one of these images be compromised, either by hacking or through social engineering, the attacker is then able to gain access to the server that the compromised container is found in.
Think of it as using the same password for all of your social media accounts, as well as your personal and work email. This is especially dangerous for businesses that dabble with confidential information.
These are attacks that are designed to disable the target system. However, the ransom comes in the form of when the attacker demands ransom for the compromised system. These types of attacks have been quite common recently and they seem to target bigger businesses and organizations. The fact that container images share the same kernel makes the system more vulnerable as a whole.
While all these security risks sound extremely worrisome, there are many ways to counteract them. As with all problems, the first step to prevention will always be awareness.
To be fair, the benefits of using Docker far outweigh the risks. The trick is to simply educate yourself and to know how to properly make use of this new technology. After all, it’s like using fire. You need to know how to use it properly to avoid getting burnt.