Part 1: Introduction to Containers & Container Security Basics

Objective: Understand the fundamentals of containers and the security concerns around them, as well as learn best practices for securing container images, registries, and runtime environments.

Session 1: Introduction to Containers

• Overview of Containers and Virtualization
  • Difference between Containers and VMs
  • How containers work (Docker as a case study)
• Container Lifecycle
  • Image creation, building, running, and stopping containers
  • Introduction to Docker and Kubernetes

Hands-on:

• Set up Docker on a local machine
• Build and run a basic container image using Docker

Session 2: Security Concerns in Containers

• Attack Surface of Containers
  • Container Image vulnerabilities
  • Container runtime vulnerabilities
  • Host system vulnerabilities and container isolation
  • Privileged containers and root access
• Common Security Risks
  • Malicious containers
  • Container breakout
  • Resource contention

Hands-on:

• Scan a container image for vulnerabilities using Trivy or Clair
• Check Docker security best practices (using docker scan)

Session 3: Container Image Security Best Practices

• Best Practices for Building Secure Container Images
  • Minimal base images
  • Regular updates and patching
  • Use trusted registries (Docker Hub, private registries)
• Container Image Hardening
  • Remove unnecessary binaries, dependencies
  • Avoid running containers as root
  • Signing and verifying container images with Notary

Hands-on:

• Build a secure container image using a minimal base image (e.g., Alpine)
• Push/pull images from a private registry
• Implement image signing and verification with Notary (or use Docker Content Trust)

Session 4: Container Runtime Security

• Securing Docker Daemon
  • Use Docker user namespaces for isolation
  • Protect the Docker socket and permissions
  • Restricting container privileges (use –no-new-privileges, –cap-drop flags)
• Container Isolation Techniques
  • Linux namespaces and cgroups
  • Seccomp profiles, AppArmor, and SELinux
  • Container resource limits and security
  • Monitoring Containers with Prometheus and Grafana

Hands-on:

• Set up Docker security features: Use namespaces and cgroups
• Implement Seccomp and AppArmor profiles for containers
• Monitor container performance and security with Prometheus and Grafana

Part 2: Advanced Container Security and Orchestration Security

Objective: Focus on securing container orchestration platforms (like Kubernetes) and implementing runtime security monitoring with open-source tools.

Session 5: Securing Kubernetes Clusters

• Kubernetes Architecture and Components
  • Pod, Node, and Cluster level security
• Securing Kubernetes API Server and etcd
  • Role-Based Access Control (RBAC)
  • Network Policies and Pod Security Policies
• Network Security in Kubernetes
  • Secure ingress/egress with Network Policies
  • Service Mesh and its role in security (e.g., Istio)

Hands-on:

• Set up a Kubernetes cluster using Minikube or K3s
• Implement RBAC and Pod Security Policies in Kubernetes
• Configure Network Policies for pod communication security

Session 6: Continuous Container Security and Monitoring

• Continuous Container Security Workflow
  • CI/CD pipeline integration for container security
  • Scanning images at build time with Trivy, Clair, or Anchore
  • Runtime monitoring with Falco and Sysdig
• Vulnerability Management
  • Patch management strategies
  • Automated security scans

Hands-on:

• Integrate image scanning with a CI/CD pipeline (e.g., GitLab CI)
• Set up runtime security monitoring using Falco
• Monitor security events using Sysdig or Falco

Session 7: Incident Response and Best Practices

• Container Intrusion Detection and Incident Response
  • Analyzing logs from Docker and Kubernetes
  • Forensics and collecting data from container environments
  • Responding to container security incidents
• Security Best Practices for Containers
  • Immutable infrastructure
  • Secrets management (e.g., using HashiCorp Vault or Kubernetes Secrets)
  • Using trusted registries and content signing

Hands-on:

• Analyze Docker and Kubernetes logs for security incidents
• Set up and use HashiCorp Vault to manage container secrets
• Implement an incident response playbook using Kubernetes and Docker logs

This training is ideal for:

• DevOps Engineers
• Cloud Engineers
• Security Engineers & Analysts
• System Administrators
• Developers working in containerized environments
• IT professionals preparing for container security certification

• Familiarity with Linux command line
• Basic understanding of virtualization or cloud environments
• Intro-level experience with Docker/Kubernetes (Optional but helpful)

Upon successful completion of the training, participants will be able to:

• Understand the security risks inherent to containers and orchestration platforms
• Harden container images and implement secure CI/CD pipelines
• Secure the Docker and Kubernetes runtime environments
• Monitor and respond to container threats in real-time
• Use tools like Trivy, Falco, Notary, and Vault for layered security
• Apply best practices for access control, secrets management, and system hardening
• Integrate container security throughout the SDLC (Software Development Lifecycle)
• Build a security-first mindset for modern cloud-native environments

• Docker: Image creation, Docker Hub, Docker scan

• Trivy and Clair: Container image vulnerability scanning

• Notary: Image signing and verification

• Prometheus & Grafana: Monitoring container performance and security metrics

• Minikube/K3s: Setting up local Kubernetes clusters

• Falco and Sysdig: Runtime security monitoring and event detection

• Kubernetes Network Policies, RBAC, Pod Security Policies: Securing Kubernetes clusters

• HashiCorp Vault: Secrets management for containerized environments