Security

Adrian Goins
Adrian Goins
January 22, 2019
Read time: 8 min

This article analyzes the recent CNCF article, '9 Kubernetes Security Best Practices Everyone Must Follow' and discusses how Rancher, RKE, and RancherOS satisfy these by default. I also discuss the Rancher Hardening Guide, which covers 101 more security changes that will secure your Kubernetes clusters.

July 28, 2016
Read time: 9 min

[Rancher is a complete container management solution, and to be a complete platform, we’ve placed careful consideration into how we handle networking between containers on our platform. So today, we’re posting a quick example to illustrate how networking in Rancher works. While Rancher can be deployed on a single node, or scaled to thousands of nodes, in this walkthrough, we’ll use just a handful of hosts and containers.] Setting up and Launching a Containerized Application [Our first task is to set up our infrastructure, and for this exercise, we’ll use AWS.

Will Chan
Will Chan
January 4, 2019
Read time: 5 min

This blog describes how Rancher and its managed kubernetes clusters can be affected by the recent announcement detailing the vulnerabilities of the proxying external IPs and dashboard.

April 7, 2017
Read time: 5 min

As a relatively new technology, Docker containers may seem like a risk when it comes to security -- and it’s true that, in some ways, Docker creates new security challenges. But if implemented in a secure way, containers can actually help to make your entire environment more secure overall than it would be if you stuck with legacy infrastructure technologies. This article builds on existing container security resources, like Security for your Container, to explain how a secured containerized environment can harden your entire infrastructure against attack.

May 2, 2017
Read time: 5 min

Since Docker launched in 2013, it has brought a level of excitement and innovation to software development that’s contagious. It has rallied support from every corner—enterprises to startups, developers to IT folk, plus the open source community, ISVs, the biggest public cloud vendors, and every tool across the software stack. Since the launch of Docker, many major milestones have served to advance the container revolution. Let’s look at some of them.

August 1, 2017
Read time: 6 min

Container security was initially a big obstacle to many organizations in adopting Docker. However, that has changed over the past year, as many open source projects, startups, cloud vendors, and even Docker itself have stepped up to the challenge by creating new solutions for hardening Docker environments. Today, there is a wide range of security tools that cater to every aspect of the container lifecycle. Docker security tools fall into these categories:

June 29, 2017
Read time: 5 min

Cyber security is no longer a luxury. If you need a reminder of that, just take a look at the seemingly endless number of stories appearing in the news lately about things like malware and security breaches. If you manage a Docker environment, and you want to help make sure your organization or users are not mentioned in the news stories that accompany the next big breach, you should know the tools available to you for helping to secure the Docker stack, and put them to work.

Tom Callway
Tom Callway
March 6, 2019
Read time: 3 min

The release of k3s has been met with enthusiasm by the Kubernetes community. Find out why k3s has become so popular so quickly and what teams are already doing with k3s one week after its launch.

May 2, 2017
Read time: 6 min

Fei Huang is Co-Founder and CEO of NeuVector. Managing containers requires a broad scope from application development, test, and system OS preparation, and as a result, securing containers can be a broad topic with many separate areas. Taking a layered security approach works just as well for containers as it does for any IT infrastructure. There are many precautions that should be taken before running containers in production.* These include:

Jeffrey Poore
Jeffrey Poore
October 1, 2018
Read time: 8 min

In our introduction to container security, we discuss the issues surrounding this new technology and what you can do to address them. Read more at Rancher.

Rutrell Yasin
Rutrell Yasin
February 21, 2019
Read time: 5 min

This is the first of a series of three articles focusing on Kubernetes security: the outside attack, the inside attack, and dealing with resource consumption or noisy neighbors.

Rutrell Yasin
Rutrell Yasin
June 18, 2019
Read time: 6 min

This is the third of a series of three articles focusing on Kubernetes security: the outside attack, the inside attack, and dealing with resource consumption or noisy neighbors.

Will Chan
Will Chan
October 9, 2017
Read time: 1 min

We would like to quickly explain and address the recent metasploit module, which was created to exploit Rancher servers and Docker hosts. This is not a security issue because it only works in the following two scenarios: 1. Your Rancher server does not have authentication enabled While Rancher does not require you to enable authentication, you should always enable it if you are deploying Rancher in an untrusted environment (e.

March 21, 2017
Read time: 2 min

DevOps can now efficiently and securely deploy containers for enterprise applications As more enterprises move to a container-based application deployment model, DevOps teams are discovering the need for management and orchestration tools to automate container deployments. At the same time, production deployments of containers for business critical applications require specialized container-intelligent security tools. To address this, Rancher Labs and NeuVector today announced that they have partnered to make container security as easy to deploy as application containers.

March 9, 2017
Read time: 4 min

MongoDB, the popular open source NoSQL database, has been in the news a lot recently—and not for reasons that are good for MongoDB admins. Early this year, reports began appearing of MongoDB databases being “taken hostage” by attackers who delete all of the data stored inside the databases, then demand ransoms to restore it. Security is always important, no matter which type of database you’re using. But the recent spate of MongoDB attacks makes it especially crucial to secure any MongoDB databases that you may use as part of your container stack.

January 26, 2017
Read time: 6 min

As one of the most disruptive technologies in recent years, container-based applications are rapidly gaining traction as a platform on which to launch applications. But as with any new technology, the security of containers in all stages of the software lifecycle must be our highest priority. This post seeks to identify some of the inherent security challenges you’ll encounter with a container environment, and suggests base elements for a docker security plan to mitigate those vulnerabilities.

December 4, 2018
Read time: 7 min

Darren Shepherd, Rancher co-founder and Chief Architect, describes the Kubernetes critical CVE issue he discovered, how it came to a resolution, and what it says about the Kubernetes open-source community.

Rutrell Yasin
Rutrell Yasin
February 27, 2019
Read time: 6 min

This article covers Kubernetes security solutions that have an eye toward keeping clusters safe from unauthorized inside access. Second in a series of articles on Kubernetes security. Read more here.

July 17, 2017
Read time: 4 min

In the world of containers, Kubernetes has become the community standard for container orchestration and management. But there are some basic elements surrounding networking that need to be considered as applications are built to ensure that full multi-cloud capabilities can be leveraged. The Basics of Kubernetes Networking: Pods The basic unit of management inside Kubernetes is not a container—It is called a pod. A pod is simply one or more containers that are deployed as a unit.

June 12, 2017
Read time: 4 min

Each time a new software technology arrives on the scene, InfoSec teams can get a little anxious. And why shouldn’t they? Their job is to assess and mitigate risk – and new software introduces unknown variables that equate to additional risk for the enterprise. It’s a tough job to make judgments about new, evolving, and complex technologies; that these teams approach unknown, new technologies with skepticism should be appreciated. This article is an appeal to the InfoSec people of the world to be optimistic when it comes to containers, as containers come with some inherent security advantages: Immutability In a typical production environment, you have a number of things managing state on your servers.

March 29, 2017
Read time: 6 min

Your storage system should be locked down with all security and access control tools available to you as well. That is true whether the storage serves containers or any other type of application environment. How do you secure containers? That may sound like a simple question, but it actually has a six- or seven-part answer. That’s because securing containers doesn’t involve just deploying one tool or paying careful attention to one area where vulnerabilities can exist.

Get started with Rancher