The ONE Apus as it arrived into view in Kobe, Japan, December 8, 2020. Photo: Twitter @mrnkA4srnrA

Containers on Linux have been marketed as the cure-all for your infrastructure: easy to build, manage and distribute. They also have been touted as light-weight virtual machines, with some security isolation to boot. However the walls of your containers are more like many thin layers of paper rather than a single steel enclosure. My goal is to remove the shroud of hype and talk about the underlying Linux Kernel technologies that form the walls of your containers to understand where attacks can occur. This provides the raw material for containers and helps explain how container isolation really works.

What is a Container?

In Linux…

Turning Linux Syscalls and Audit Events into Security Context

Protecting mission-critical Linux machines is essential for any business. Sophisticated cyberattacks can start from a low-value target machine and pivot into a high-value database server filled with sensitive information. So where do you start? You can harden your systems, audit millions of lines of code downloaded from the internet and hope there are no vulnerabilities, or even wrap all your programs in tin foil. But, this isn’t enough. You still need an audit trail to detect if there have been any breaches or things you’ve missed. This creates a deluge of so much data that monitoring becomes unmanageable.

In order…

Chris Arges

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store