aguascalientes local chapter - owasp · • vagrant is a script for vms. docker vs virtualization...

19

Aguascalientes Local Chapter 2 nd Meeting

Upload: others

Post on 26-Jun-2020

7 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

AguascalientesLocalChapter

2nd Meeting

Page 2: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

About– ChapterLeader

• JuanGama– ApplicationSecurityEngineer@AspectSecurity– 9+yearsinAppsec,Testing,Development– MaintainerofOWASPBenchmark– IlikeGIFs!

Page 3: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker

Page 4: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

WhatisDocker?

• "Docker istheworld'sleadingsoftwarecontainerizationplatform"

Page 5: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Whatisacontainer?

• Consistsofanentireruntimeenvironment:anapplication,plusallitsdependencies,librariesandotherbinaries,andconfigurationfilesneededtorunit,bundledintoonepackage.

Page 6: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker inventedcontainers?

Page 7: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker vs LXC,Jails,Vagrant

• LXCrunsinthehostbuthasit'sownsectionofRAM,CPU,disk,etc.ClosertoaVM.Dockercanbejustoneprocess,needsavolume.

• VagrantisascriptforVMs.

Page 8: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker vs Virtualization

• Virtualizationincludesanentireoperatingsystemaswellastheapplication.Docker sitsontopoftheOS

Page 9: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker vs Virtualization

Page 10: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker vs Virtualization

Page 11: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

WhyDocker?

• Solvesdependencyproblemsandtheproblemofancienttimes:

• "Itworksonmymachine!"

Page 12: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker Components

• Docker Engine

• Docker Hub

Page 13: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker Engine

• Docker daemon– Runsonthehostmachine

• Docker Client– CLIusedtointeractwiththedaemon

• WindowsandOSX– docker-machine(smalllinux runningtheDockerdaemon)- NeedsVirtualbox

Page 14: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker WorkflowComponents

• Docker image– Hastheenv,yourapplication,OS,dependencies,

• Docker Container– Createdfromimages,start,stop,move,delete

• Docker Registry– Publicandprivaterepotostoreimages

• Dockerfile– Automatesimageconstruction

Page 15: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker

• Docker Container

• Docker Composer

• Docker Swarm

Page 16: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Demo

Page 17: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker Security

• Quitesecure.• Namespacesforisolation:processesrunningwithina

containercannotsee,andevenlessaffect,processesrunninginanothercontainer,orinthehostsystem

• Eachcontaineralsogetsitsownnetworkstack.• ControlGroupsforresourceaccountingandlimiting,

ensurethateachcontainergetsitsfairshareofmemory,CPU,diskI/O;and,moreimportantly,thatasinglecontainercannotbringthesystemdownbyexhaustingoneofthoseresources.

Page 18: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker Security• OnlytrustedusersshouldbeallowedtocontrolyourDocker daemon

• “root”withinacontainerhasmuchlessprivilegesthanthereal“root”.Forinstance,itispossibleto:– denyall“mount”operations;– denyaccesstorawsockets(topreventpacketspoofing);– denyaccesstosomefilesystem operations,likecreatingnewdevicenodes,changingtheowneroffiles,oralteringattributes(includingtheimmutableflag);

– denymoduleloading;– andmanyothers.

Page 19: Aguascalientes Local Chapter - OWASP · • Vagrant is a script for VMs. Docker vs Virtualization • Virtualization includes an entire operating system as well as the application

Docker Security

• Additional:AppArmor,SELinux,GRSEC• RuninsideaVM• Compromisedimages• DOS• https://www.docker.com/docker-security

Boosting virtualization performance with flexible memory ...docs.media.bitpipe.com/io_25x/io_25131/item_437766/20110244... · Guest operating systems for VMs Version Windows Server

Web ScaleData Management 4. Virtualization · What does Virtualization enable III • Migration of VMs (both storage and CPU/memory) – Enables live load balancing – Facilitatesmaintenance

AMD’s Virtualization August 25, 2016 Memory Encryption · HW MEMORY ENCRYPTION –AMD SECURE ENCRYPTED VIRTUALIZATION Protects VMs/Containers from each other, administrator tampering,

VM-Cloud management software - PhenoMeNal...Vagrant vs packer Vagrant Normally a single target Few targets available Aim: run the VMs locally Best for development phase of provisioning

Vagrant - Concept

CHAPTER 3: Virtual Machines and Virtualization of Clusters ......• Virtualization is a computer architecture technology by which multiple virtual machines (VMs) are multiplexed in

SIMATIC Virtualization as a Servicebf178cb37f74… · A virtualization layer that distributes the resources of the physical hardware to the virtual machines (VMs) is installed on

techbeacon.com · Codap Dev Git GitHub SVN Eclipse Jenkins Bamboo Maven ANT TeamCity Nexus ALM Octane Service Virtualization Verigreen Senvice Virtualization JuJu Vagrant SSH Ansible

SPDK Vagrant Box Install Instructions · vagrant@localhost:/vagrant# cd fio && git checkout fio-3.3 vagrant@localhost:/vagrant# ./configure vagrant@localhost:/vagrant# make vagrant@localhost:/vagrant#

Gajda - pepa.holla.cz · Note Vagrant is a tool that provides a simple and unified command-line interface to work with VMs managed by well-known virtualization solutions such as VirtualBox,

VM-Cloud management software - PhenoMeNalphenomenal-h2020.eu/home/wp-content/uploads/2015/10/Cloud... · Vagrant packer cloud-init ansible docker Orchestrate VMs kubernetes Orchestrate

Vagrant + Docker

SUSE Linux Enterprise Server: Supported Virtualization ... · .Microsoft Windows Server 2008 or newer VMs, ... SUSE KVM virtualization host server architecture: adds “Guest mode”

Effects of virtualization and cloud computing on …cs237/reading/Download.pdfEnterprise businesses are moving beyond server virtualization and VMs to embrace cloud-computing environments

Red Hat Virtualization 4 · Now, Red Hat Virtualization 4.3 provides the ability for live migration of HP VMs (and all other VMs with a pinned configuration like NUMA pinning, CPU

Recitation 5 15-441: Computer Networks P2 Lead … › fa19 › slides › ...Using Vagrant Important Vagrant commands to know: 1. vagrant up - will initialize/boot up the VMs 2. vagrant

Kata-Containers on openSUSE - FOSDEM6 Lightweight Virtualization Low CPU and Memory Overhead Small and Fast VMs == More VMs == More Kata Containers Small & Fast kernel Little, tailored,

WordPress & Vagrant

Vagrant - PugMI

Multicore Processing, Virtualization, and Containerization · • Multicore Processing (MCP) – via multicore processors • Virtualization (V) – via virtual machines (VMs) •

L105089 - Advanced Ansible Tower - Red Hat › files › summit › session-assets › 2017 › ...using vagrant VMs •Integrate an external LDAP server to authenticate to Tower •Create

SUSE Linux Enterprise Server as a Virtualization Host · ® Linux Enterprise Server as a Virtualization Host ... ‒ Citrix XenServer ... Max VMs per CPU core 8 Max virtual network

Business Ready Configurations for Virtualization · 2009-06-23 · virtualization capabilities, new VMs can be created or exis ting VMs can be cloned or deployed from templates with

Vagrant vs docker? Melhor vagrant + docker

PCS 7 Virtualization - Siemens · PCS 7 Virtualization ... • The “Ressource Allocation” of the VMs can be kept on the default settings

Services in the Virtualization Plane · 2011. 2. 28. · Parallax: Storage Virtualization for VMs • VMs are fantastic, but turn out to be a bit clunky to work with. • VM images

Vagrant workshop

Virtualization with Vagrant (ua.pycon 2011)

Vagrant + Puppet