How to Deploy a Docker Container Firewall

Protecting Application Containers

A Docker container firewall should be a ‘must-have’ requirement before deploying any container-based applications. In this post we’ll compare a couple ways to deploy a Docker container firewall –  manually vs. with a commercial solution such as NeuVector. However you choose to do this, you’ll want to protect containers with at least some network firewalling rules so attackers don’t have an open door to your critical assets. There’s a new breed of container security technology called a cloud-native container firewall which makes deploying a Docker container firewall simple, and even adds cloud and host security protections.

Why Is Container Security Even Needed?

The recent security breaches such as Equifax and ransomware prove that hackers will eventually find a way to get a foothold in your infrastructure. New vulnerabilities are constantly be discovered and exploits created such as apache struts, linux stack clash, and dirty cow.

It’s not enough just to scan code for vulnerabilities and patch production systems. That’s like closing the barn door after the horse has run away. Exploits usually involve a ‘kill chain’ — a series of events where the attacker gains entry, escalates a privilege, scans other systems, and performs other steps before being able to steal data or damage systems. A Docker container firewall can detect multiple steps in this kill chain, even for zero-day exploits where a vulnerability has yet to be published and patched.

Why Is It So Difficult to Deploy a Docker Container Firewall?

Read the entire article here, How to Deploy a Docker Container Firewall

Via the fine folks at NeuVectdor.