Tag: security

Securing a Containerized Instance of MongoDB

March 9, 2017

Securing MongoDBMongoDB, the popular open source NoSQL database, has been in the news a lot recently—and not for reasons that are good for MongoDB admins. Early this year, reports began appearing of MongoDB databases being “taken hostage” by attackers who delete all of the data stored inside the databases, then demand ransoms to restore it.

Security is always important, no matter which type of database you’re using. But the recent spate of MongoDB attacks makes it especially crucial to secure any MongoDB databases that you may use as part of your container stack.

This article explains what you need to know to keep MongoDB secure when it is running as a container. We’ll go over how to close the vulnerability behind the recent ransomware attacks using a MongoDB container while the container is running—as well as how to modify a MongoDB Dockerfile to change the default behavior permanently. Read more

Security for your Container Environment

January 26, 2017

As one of the most disruptive technologies in recent years, container-based applications are rapidly gaining traction as a platform on which to launch applications. But as with any new technology, the security of containers in all stages of the software lifecycle must be our highest priority. This post seeks to identify some of the inherent security challenges you’ll encounter with a container environment, and suggests base elements for a security plan to mitigate those vulnerabilities.

Benefits of a Container Environment and the Vulnerabilities They Expose

Before we investigate what aspects of your container infrastructure will need to be covered by your security plan, it would be wise to identify what potential security problems running applications in such an environment will present. The easiest way to do this is to contrast a typical virtual machine (VM) environment with that in use for a typical container-based architecture. Read more

A Day in the Life of a Packet Inside Rancher

and July 28, 2016

Rancher is a complete container management solution, and to be a complete platform, we’ve placed careful consideration into how we handle networking between containers on our platform. So today, we’re posting a quick example to illustrate how networking in Rancher works. While Rancher can be deployed on a single node, or scaled to thousands of nodes, in this walkthrough, we’ll use just a handful of hosts and containers.

Setting up and Launching a Containerized Application

Our first task is to set up our infrastructure, and for this exercise, we’ll use AWS. Let’s deploy a master node in EC2, install Docker, and start Rancher with the following command:

curl -sSL https://get.docker.com | sh - && sudo docker run -d --restart=always -p 8080:8080 rancher/server

The Rancher server is now available at (note: these IP addresses are released to the public once these AWS instances are destroyed. Here, these IP addresses are for reference only). Through the EC2 console, we’ll also add two hosts, H1 and H2, on which application containers will run. Here’s a logical setup of the topology so far: one of the nodes is running the Rancher server software, and the rest are running the Rancher agent:

Read more