Find and Fix Docker Doomsday with BMC


That quote is true today just like it was in the 1700’s, and while he was actually talking about fire safety (some believe he was referring to staying healthy – not true), Mr. Franklin could just as easily have been talking about protecting against security vulnerabilities, including a new and very dangerous one, Docker Doomsday.
What is Docker Doomsday?
The Docker Doomsday vulnerability affects almost any organization using Docker and containers. Here’s a quick look at what it does. First, an attacker infects a container with a malicious program. The malicious code exploits a flaw in runc, which is the container runtime utility for Docker and Kubernetes.
Next, the malicious code breaks out and infects the entire container host, and spreads to potentially thousands of other containers running on that host. This is a Doomsday scenario because the attack can ultimately affect many interconnected, production systems.
How bad is Docker Doomsday?
Well, it’s CVE 2019-5736 and has an overall Common Vulnerability Scoring System (CVSS) value of 8.6, that’s on a scale of 1-10 where 10 is as bad as it gets. Another perspective comes from RedHat. They classified it as “Important Impact”, a category reserved for vulnerabilities that can lead to unauthorized access to sensitive data, or a denial of service.
How to Solve for Docker Doomsday
Now the good news. Since the leading security vulnerability scanners (such as Qualys and Nessus) can find Docker Doomsday, you can run a scan and automatically import the vulnerability data into TrueSight Vulnerability Management. There you can analyze it and leverage its integration with TrueSight Server Automation to fix it, either on-premises or in the cloud. If you want to go one step further, use BMC Helix Discovery to find “blind spots” (cloud-based Docker instances that the scanners missed) to obtain a complete picture of where Docker Doomsday exists.
If you are in Cloud Operations and use TrueSight Cloud Security, you can scan your Docker instances and containers, find Docker Doomsday, and fix it with a security patch using TrueSight Server Automation.
Thinking back to Benjamin Franklin, your ounce of prevention is patching with BMC TrueSight Server Automation. But do it soon, time favors the attacker, not the defender.[Source]-https://www.bmc.com/blogs/find-and-fix-docker-doomsday-with-bmc/
Beginners & Advanced level Docker Training in Mumbai. Asterix Solution's 25 Hour Docker Training gives broad hands-on practicals.

Comments

Post a Comment

Popular posts from this blog

Why, when and how to return Stream from your Java API instead of a collection

Introduction Collections are basic and commonly used data structures. Programmers from the beginning of their career learn how to use them to receive, process and return data. Getting more advanced in Java programming, they find stream() method to convert a collection into a stream and learn how to process data using some of the stream’s useful methods like map, flatMap or reduce. They could also notice that other APIs in Java return a stream too e.g. String.lines(), Matcher.results(), Files.find(), Random.ints(). If you have experience with consuming streams but haven’t produced them yet, this article is for you. I’m going to show you some scenarios where streams can be very convenient and examples on how to use them. Additionally, I shortly mention error handling and resource management. The article is based on standard Java library java.util.stream. It’s related neither to reactive streams nor to other implementation of streams like e.g. Vavr. Also, I’m not going to cover a...
Read more

What is Kubernetes?

Kubernetes (also known as k8s or “kube”) is an open source container orchestration platform that automates many of the manual processes involved in deploying, managing, and scaling containerized applications. In other words, you can cluster together groups of hosts running Linux containers, and Kubernetes helps you easily and efficiently manage those clusters. Kubernetes clusters can span hosts across on-premise, public, private, or hybrid clouds. For this reason, Kubernetes is an ideal platform for hosting cloud-native applications that require rapid scaling, like real-time data streaming through Apache Kafka. Kubernetes was originally developed and designed by engineers at Google. Google was one of the early contributors to Linux container technology and has talked publicly about how everything at Google runs in containers. (This is the technology behind Google’s cloud services.) Google generates more than 2 billion container deployments a week, all powered by its ...
Read more

Best way to learn Java programming

Having said that I am writing this post dedicated to all my young (or I should say beginner) fellows who want to attain a certain level of proficiency in java technology and somewhere would like to take my advice on this. Keep in mind that if you do not like the way to learn java, I am proposing in this post, then just ignore me. Period. OR better, suggest me what you think is the better way to learn java fast or easily. Here I am assuming the people reading this post will be, who are very new to language, so I will start by listing first thing first. Make sure you have prepared your Java development environment ready i.e. You have installed JDK/JRE and you have an IDE like Eclipse. 1) Learn the language basics This is the first step for very obvious reason. If you don’t know the basics then you will never know either what to do next or what you are doing wrong. Initially, I do not expect from you to become the master of all java basic stuffs like keywords, core concepts o...
Read more