Containers give an easy approach to build, deploy and run applications by packaging individual dependencies like libraries, data files, and more into one package. Containers are very often deployed with the default security configurations, which do not provide adequate protection for enterprise security, according to experts.

While containers have various benefits of portability, less system dependence and increased innovation, it can be very costly for companies if not done properly. So if a bad actor were to have control of a container, it could damage your entire container stack. 

At the same time, many companies don’t utilise identity and access management policies which can effectively secure containerised applications from hackers. Similarly, it’s important to sign the container images. An improperly configured container can be a source of a major security event.

In fact, security researchers have discovered thousands of misconfigured containers belonging to companies located in various geographies like the US and China, which could become hacking targets and provide malicious players access to sensitive data. 

Misconfigured Containers Can Give Hackers Access To Corporate Networks

A large number of organisations have been found with wrongly configured containers, thus leading to security vulnerabilities, which enabled hackers to breach the network via component like API servers. The container orchestrator comprises various components like API server which interacts with other applications. As a result, such components become the preferred target for hackers. 

Misconfiguration practices can be caused due to human errors while deploying containers. A very few common container misconfigurations, according to experts, are utilising default container names and leaving default service ports exposed to the public. 

Misconfigured containers can pose a significant security risk to companies using the cloud, and container security is such a critical issue that 94 % of security pros are worried about its security, and vulnerabilities in production, according to a report.

One example of attack as a result of a misconfigured container took place when hackers exploited a misconfigured Docker API port to execute an Ubuntu container with the kinsing malware, which then runs a crypto miner and spreads the malware to other containers and hosts. 

The attack was discovered by security firm Aqua Security, the attack stood out as the example of the expanding threat to cloud-native environments. “Our analysis of this attack vector exposes the techniques used, starting with exploiting the open port, through evasion tactics and lateral movement, all the way up to the end-goal of deploying the crypto miner.”

According to Aqua Security, the firm had been witnessing a growth in the volume of attacks which target container environments. The firm has been tracking an organised attack campaign which targets misconfigured open Docker Daemon API ports.

Since attackers have been launching on newer strategies for penetrating into containers and gaining control of the entire cluster, it is very critical that container security is prioritised and made sure that containers are not released with any misconfiguration. Contrary to traditional applications, containerised applications need security to be built into the entire development and delivery process. 

Experts also say that using network policies and firewalls are important here so that resources are not exposed to the web, and therefore needs stringent cloud infrastructure policies including container management. But, the variability and complexity of containers make putting firewall policy based on network addresses challenging.  

Here’s What Can Be Done To Avoid Misconfiguration

To avoid misconfiguration, there is a need for proper container management policies, including the implementation of effective security techniques at each step of the CI/CD workflows. This would eliminate the room for errors. Similarly, automation can be embedded into the container orchestration to minimise misconfiguration as a result of manual processes.

Container security is about safeguarding the container pipeline and the application, securing the container deployment environment(s) and infrastructure, and integrating with business security tools to improve existing security policies.

It’s also critical to scan your containers and images, including base images. You need to deploy a private or trusted registry and sign the container images. For continuous vulnerability management, teams need to ensure that the solution you are leveraging can use both signatures and behaviour based technologies. You can review authorisation and authentication policies, basic security policies, and adjust them according to the principle of least privilege.

Determining the movement of data across the environment is key for drastically minimising the risk of malicious access. The organisation needs to know the operating state of applications to lock down the access and ensure the security of containers.

The post How Misconfigured Containers May Create Cybersecurity Issues For Companies appeared first on Analytics India Magazine.