Hey everyone,
Hope everyone is safe and secure, Let’s learn a new thing today.
We all heard about Docker, What is it? What is the use of it? How Hackers and Penetration Testers Gain something from it? Let’s See in Detail what are all the basic things a Penetration tester should know about it.
What is a Docker?
Docker is a technology that uses a technique of Containerization of Applications operating systems, process and Developing Stuffs. It is also like Virtualization we use such as VMWare, Virtual Box and other Hypervisors. But Docker holds lots of Advantages than the Normal hypervisors.
How it Works?
Unlike in Virtual Machines, in dockers the Operating Systems need not to be started and running as whole processes. Everything will be contained like a sandboxing in Dockers.
Simply We can say, we don’t need any Hypervisors. Your operating system itself will act as an Hypervisors. The Docker Images and containers use the Host Operating systems resources with ease.
Concepts:
Docker is Designed and made with only few concepts such as
1) Daemons —> Service to start your Docker. Start, Restart and Managing
2) Images —> Images are Directory Structure, Set of Layers
3) Containers —> Running Instance of a Image. We will run a image and we make a container
4) Docker files —> Docker files forms the whole Image with set of steps. what layers a image consists of is all in docker files.
We can build a Container and we can run a application in that container hassle free.
Example:
docker build -t New-Application
docker run –rm –name=New-Application-container.
The above mentioned commands will create a basic container with a docker file, the run that appliaction.
NETWORK:
The same as Virtualization, we have network sandbox for the container to connect with the outside world. It also needs the network resources an IPv4 Address, routes and DNS. Every traffic will go through an interface through host machine which should be connected in Bridged Mode to the host.
The Specific Traffic to the Containers will be redirected with a port from host machine towards a port in Docker.
We already created an application, we want to redirect the traffic from host machine to docker, we can do that with the below mentioned commands
docker build -t New-Application
docker run –rm -p 8000:1337 –name=New-Application
What about Security of Dockers?
If we are using a vulnerable application inside the container, that doesn’t mean it’s not vulnerable. It is still exploitable but not outside the container.
For Example:- If a vulnerable Web Application has REMOTE CODE EXECUTION in it. Attacker can exploit it, since it is isolated from the host; attacker can not be able to leverage his attack vectors to the host machine.
There are many security protection mechanisms were added into Docker like secure computing mode, Application Armor, Security Enhanced Linux, and Low Privileged users in Containers(user != root).
We will learn about what are the attacking Vectors and models in our Series of Blogs on Docker.
Stay Tuned with our blogs and learn more
Thank you.
Author: SAM NIVETHAN V J
Security Analyst & Trainer
