MongoDB, the popular open source NoSQL database, has been in the news a lot recently—and not for reasons that are good for MongoDB admins. Early this year, reports began appearing of MongoDB databases being “taken hostage” by attackers who delete all of the data stored inside the databases, then demand ransoms to restore it.
Security is always important, no matter which type of database you’re using. But the recent spate of MongoDB attacks makes it especially crucial to secure any MongoDB databases that you may use as part of your container stack.
This article explains what you need to know to keep MongoDB secure when it is running as a container. We’ll go over how to close the vulnerability behind the recent ransomware attacks using a MongoDB container while the container is running—as well as how to modify a MongoDB Dockerfile to change the default behavior permanently. Read more
As one of the most disruptive technologies in recent years, container-based applications are rapidly gaining traction as a platform on which to launch applications. But as with any new technology, the security of containers in all stages of the software lifecycle must be our highest priority. This post seeks to identify some of the inherent security challenges you’ll encounter with a container environment, and suggests base elements for a security plan to mitigate those vulnerabilities.
Benefits of a Container Environment and the Vulnerabilities They Expose
Before we investigate what aspects of your container infrastructure will need to be covered by your security plan, it would be wise to identify what potential security problems running applications in such an environment will present. The easiest way to do this is to contrast a typical virtual machine (VM) environment with that in use for a typical container-based architecture. Read more
If you’re anything like me, you’ve been watching the increasing growth of container-based solutions with considerable interest, and you’ve probably been experimenting with a couple of ideas. At some point in the future, perhaps you’d like to take those experiments and actually put them out there for people to use. Why wait? It’s a new year, and there is no time like the present to take some action on that goal.
Experimenting is great, and you learn a great deal, but often in the midst of trying out new things, hacking different technologies together and making it all work, things get introduced into our code which probably shouldn’t be put into a production environment. Sometimes, having a checklist to follow when we’re excited and nervous about deploying new applications out into the wild can help ensure that we don’t do things we shouldn’t. Consider this article as the start of a checklist to ready your Docker applications for prime time. Read more