Containerization, which allows organizations to better their IT network effectiveness, is without a doubt a hot topic nowadays. But many of those embracing containers are unaware that misconfiguration of the container hosts can lead to an attacker having domain administrator privileges and potentially harming the entire IT network infrastructure.
Securing your container hosts’ configurations is essential. The Center for Internet Security benchmarks which serve as guidelines for both Docker and Kubernetes hosts’ configurations settings.
The following table presents the configuration value, it’s importance level, the rationale behind it and links with useful information.
[table id=2 responsive=stack /]
One of the most critical but challenging tasks in this guide is the hardening container host. Whether your container host is based on Linux or Windows OS, hardening it is a completely separate challenge, often a hard, costly and time consuming one.
In order to achieve host hardening, you need to follow best practices benchmarks, such as CIS benchmarks or DISA STIG. These benchmarks often delivered by several hundred pages files with dozens of rules to follow. Each rule can affect differently on production environment; therefore, lab testing needs to be done before applying each rule or changing the production environment.
With CHS by CalCom hardening is no longer an issue. CHS will ‘learn’ your production environment dependencies and automatically inform you if any hardening action can cause outages to it. Based on best practices benchmarks CHS will ensure everlasting compliance with no need for lab testing and no risk for configuration drifts.
