Docker Security

[Stefan Wahe <stefan.wahe () WISC EDU>]

Is your campus using Docker as an Dev/Ops deployment and maintenance tool?  Our development teams have already begun 
leveraging Docker which in-turns induces IT security risk into our network (just like most changes in technologies and 
process).  We are trying to catch-up to the development teams by:

 

(1)         Identifying a security testing methodology.  Currently vulnerability scanning tools like Qualys and Nessus 
do not deliver functionality to scan the Docker containers. Docker is offering solutions such as: 
https://blog.docker.com/2016/05/docker-security-scanning/ 

(2)         Developing an approach to scan network segments for instances of Docker.

(3)         Developing configuration templates for Docker containers (CIS Benchmarks).

(4)         Assisting with the change management and business continuity planning/disaster recovery operations for 
Docker solutions.

 

I am curious if you are ahead of us in your assessments of Docker as a container solution for Dev/Ops?

 

I appreciate your thoughts and advice.

 

Thanks – Stefan

 

 

--

Attachment: smime.p7s
Description: