By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    UK political opinion poll tracker
    UK political opinion poll tracker
    May 16, 2025
    Asian markets stagger into weekend as trade rally runs out of legs
    Asian markets stagger into weekend as trade rally runs out of legs
    May 16, 2025
    Baby KJ was born with a rare, deadly disease. Doctors designed a fix – just for him
    Baby KJ was born with a rare, deadly disease. Doctors designed a fix – just for him
    May 16, 2025
    FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
    FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
    May 16, 2025
    Arctic Worries: Melting Ice, and a Russia-China Partnership
    Arctic Worries: Melting Ice, and a Russia-China Partnership
    May 16, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
    May 16, 2025
    Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters 0K support
    Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters $100K support
    May 16, 2025
    Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
    Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
    May 16, 2025
    Tornado Cash dev Roman Storm trial goes ahead with slight trim
    Tornado Cash dev Roman Storm trial goes ahead with slight trim
    May 16, 2025
    Bitcoin to outperform gold in second half of 2025: JP Morgan
    Bitcoin to outperform gold in second half of 2025: JP Morgan
    May 16, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: Best practices to beat container misconfiguration
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > Best practices to beat container misconfiguration
Best practices to beat container misconfiguration
Technology

Best practices to beat container misconfiguration

Published June 14, 2024
Share
9 Min Read
SHARE

Contents
Good strategy means less is missedKeep it simpler when you can Reduce public attack surfaces 

He urges IT decision-makers to strategise better and only shift what is optimum for the new environment – transforming assets to reduce complexity, probability of human error, and cost. According to Firment, container misconfiguration is a symptom of larger problems with migrations that haven’t incorporated architecture and practice modernisation.

Good strategy means less is missed

Obviously, managing network configuration and containers can be tricky – from figuring out resource allocations for container scaling, or how to maintain state and persistence while avoiding drift, on top of paying attention to securing images, private and public registries, permissions and the like. 

Beltramini recommends IT leaders cascade choices down from the choice of operating model – developer self-service in infrastructure as code modules or service catalogues, or via a central platform team – and structure the organisation accordingly. Security and development teams should also collaborate closely to reduce delays to the system. In addition, acceptance criteria should be defined early and regulatory non-compliance blocks to go-live of systems avoided.

Beltramini recommends IT leaders harness automation, encryption and native integrations, with all departments involved in authoring or changing shared code where possible. That means granular per process, container and pod policies, and detailed runtime configurations and resource accounting. Security profiles should be customised around system calls, file system access, binaries, libraries, capability restriction and so on. 

A systematic approach is needed to cover all the bases with this degree of complexity in the stack. For instance, just in each pod alone, considerations span images, applications, operating systems, users, any baked-in secrets and more, Beltramini says. 

Chris Jenkins, principal solution architect at Red Hat, also highlights thorough consideration of containers and their orchestration as well as what’s inside containers. Don’t forget that many security failures can come back to neglect of basics such as updating and patching, not to mention ill-considered use of private versus public keys.

Keep it simpler when you can 

Jenkins urges IT leaders to start clean, keeping it simple where possible. “You want to start by doing something right. Give them a [clean] base image on which they can start, and minimise pain,” he says. 

Jenkins urges software develpers only to use packages needed to run the application. For instance, if 50,000 packages are installed that are never used, they are likely to expose a vast number of potential vulnerabilities. Instead, Jenkins’ approach is to start with a blank page on which to base the application development work, where it is possible to understand the security status or health index of a specific image.  

“We produce base images every every six weeks,” he says. “Then we run code analysis to check all the code. Developers will also have dependencies of code which will call in other libraries.”

The final immutable bill of materials or recipe should equal and be verified against this specific image. If anything changes, if a clarification goes wrong or the key doesn’t match, then don’t deploy it, he says. 

Smaller organisations may obviously find this level of risk management challenging. It may be possibvle to look at splitting up all the tasks, for instance, by cycling through the different tasks on different days of the week, to get everything covered cyber security-wise. 

Plenty of different tools exist to help with this, particularly in the open-source arena.

Dinesh Majrekar, chief technology officer (CTO) at services provider Civo, says some tools can help organisations ‘shift-left’ on container security. They offer functionality such as scanning containers during the build and reporting into the continuous integration and continuous delivery (CI/CD) pipelines on known issues. Examples include on whether network ports are open, how libraries are defined, or whether a version of Java or Node.js is out of date. 

Giving developers continuous feedback is “really important”, Majrekar says. He recommends opting for least privilege and permissions, minimal installations and dependencies – although IT decision-makers need to balance this against debugging requirements.  

“You can make mistakes everywhere,” Majrekar adds. “Using Kubernetes, there are 100 different things you can change. You might not spot something you should have said ‘yes’ to which is currently set at ‘no’, and that isn’t necessarily the containers either, but the managed Kubernetes environment you’re running within. 

“You’ve got to now orchestrate changing the password and deploying your code into production at the same time, for example,” he says. “You need to use your experience as well in terms of secrets, storage and things like that instead. This comes back to a little bit of education, and I think specific security-focused training [such as certified Kubernetes security specialist (CKS)] and/or reading up.” 

Regular penetration and configuration testing can be key to reveal role-based access vulnerabilities and missing best practice, such as around network segmentation or secrets management – not least because the potential issues are constantly changing as well, he says. 

“Smaller companies might need to roll the dice more because of cost,” adds Civo chief executive Mark Boost. “You might sometimes just get things working, push them out, and before you know, it is out in production even though you didn’t get around to hardening it. So, the recommendation there as well is to just make sure you come back to it.” 

Organisations shoud double-check things for themselves. Do not simply leave it all to a managed services provider, assuming they’ve taken on that responsibility and all the security is handled.

“Containerisation can be massively powerful, but with great power comes great responsibility,” adds Majrekar.

Reduce public attack surfaces 

Crystal Morin, cyber security strategist at Sysdig, notes that “something like 66% of registries” are still public – not internal, not private, not vendor-managed. She says that these are often “just pulling something off the internet, throwing it into your infrastructure”. 

Scans are happening while updates are being pushed into the public-facing image, and the IT security team may be unaware it is happening. This is an issue Morin belives IT security and developer teams need to addresss

Shift left, shield right remains best practice: ensure enhanced security to begin with and continue protection on the back-end. Secure containers in production with real-time threat detection and policies for timely alerting and response, including automation of incident response. 

She notes that without automation, time, capacity or capability can be in short supply. 

“Cloud-native security focused organisations are realising now that security is an organisation’s problem. Everyone needs to be aware of what they do and how they can help,” Morin says. 

Integrating security across the entire organisation also delivers value to all users and ultimately to every customer. 

“If I go in and talk to others about security, they might understand maybe 40%,” Morin says. “We need to collaborate better across the business, coordinating together, not just as the technical nerdy guys behind the scenes. Shift left, make development more secure. And that’s obviously a much bigger picture than just containers.”

#practices #beat #container #misconfiguration

TAGGED:beatcontainermisconfigurationPractices
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Taylor Swift Reveals the Future of the Eras Tour Taylor Swift Reveals the Future of the Eras Tour
Next Article Wild Przewalski’s horses return to Kazakhstan after 200 years | Wildlife News Wild Przewalski’s horses return to Kazakhstan after 200 years | Wildlife News
- Advertisement -

Latest Post

BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
Cryptocurrency
UK political opinion poll tracker
UK political opinion poll tracker
World News
Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters 0K support
Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters $100K support
Cryptocurrency
Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
Cryptocurrency
Asian markets stagger into weekend as trade rally runs out of legs
Asian markets stagger into weekend as trade rally runs out of legs
World News
Tornado Cash dev Roman Storm trial goes ahead with slight trim
Tornado Cash dev Roman Storm trial goes ahead with slight trim
Cryptocurrency
- Advertisement -

You Might Also Like

Martian Tremors Provide Strongest Evidence Yet of Liquid Water
Technology

Martian Tremors Provide Strongest Evidence Yet of Liquid Water

August 13, 2024
UK’s Riverlane scores M to correct quantum errors
Technology

UK’s Riverlane scores $75M to correct quantum errors

August 6, 2024
Megaconstellations of satellites are burning up in our atmosphere. That could have consequences
Technology

Megaconstellations of satellites are burning up in our atmosphere. That could have consequences

June 25, 2024
Netflix Is Looking to Pay an AI Manager 0,000
Technology

Netflix Is Looking to Pay an AI Manager $900,000

July 26, 2023

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?