How to Secure Docker Networking for Access to External Networks and Applications
Getting container visibility and security for docker networking can be a challenge even for a pure container based application stack, or cluster. For most enterprises this challenge can be even tougher when trying to secure a hybrid environment with both container and non-container applications.
Many enterprises are in the midst of migration projects to a microservices based architecture with containers. These projects often refactor applications which gain the greatest benefit from containers or can be deployed quickly. Migrating other services such as databases or legacy systems can take a few more years, or are often not planned due to the difficulty or lack of benefit. It is very rare for large enterprises to deploy a completely containerized application without access to non-container resources.
This means that securing the environment means not only securing container to container connections but also traffic between container networks and other networks – internal, external, legacy – however they are classified. These other systems are typically VM based and can often be in a different public or private cloud infrastructure. Securing this east-west type of traffic can be a challenge itself just for containers.
Securing the L2/L3 network layers between container and non-container networks is the first security layer needed, whether its provided by IPSec tunnels, SSL VPNs, routing tables or internal firewalls. But assuming that this has been taken care of, it’s not enough for complete container network security.
A cloud-native container security system should provide docker networking visibility and security within a container cluster and between containers and all external services. In this article the term ‘external’ is used to describe any network and application service which is outside the container cluster (ie any non-container resources). These non-containerized external services can include:
Read the entire article here, How to Secure Docker Networking for Access to External Networks and Applications