[erlang-questions] Programming Erlang: Chap 18, Websockets

Marco Molteni marco.molteni@REDACTED
Tue Jun 27 22:20:31 CEST 2017 

Hello Rick,

re-reading what I wrote I have to admit I was not very clear. Let me try again:

I start from the assumption that the main problem today is resisting to attacks (or to be more realistic: to resist as much as possible to attacks).

In order to resist to attacks, besides clearly doing a proper threat modeling, mitigation and defence in depth, the accepted best practice is to keep updating the operating system you are using, also if updating might break your own application due to a dependency that breaks backward compatibility.

Now comes Docker. Docker has been mentioned as a way to "freeze" the dependencies (OS and libraries) needed to deploy an application, in order to be assured that said application will run today (the date it has been released) and, say, in one year time frame.

My point was that yes, if you use Docker in that way the application will keep working, and each day that passes it will become more vulnerable (either the app or any of the dependencies or OS onboard the container).

Does this mean that Docker is bad from a security point of view? No, but it means that Docker by itself is not enough and is even worse than a VM or an OS on bare metal, because it will not receive OS security updates, while at least a VM or a bare metal OS _can_ be configured to receive automatic security updates.

Using Docker securely requires an infrastructure that automatically builds an new Docker image each time a security update is available, automatically tests it and automatically deploys this new image in place of the old one.

Clearly if a VM or bare metal is, for fear of breaking the application, configured _not_ to receive automatic security updates, then the situation is the same (as today's Petya ransomware shows, for example).

Hope this explains better what I meant :-)

marco


> On 27 Jun 2017, at 20:48, Rick Pettit <rpettit@REDACTED> wrote:
> 
> Marco, I’m not sure I follow.
> 
> Aren’t you forced to expose your Erlang application to a network, thus "opening it up to attack", regardless of whether or not docker or some VM is in the picture?
> 
> In what ways does adding Docker make that problem “worse”, in your opinion?
> 
> -Rick
> 
>> On Jun 27, 2017, at 1:25 PM, Marco Molteni <marco.molteni@REDACTED> wrote:
>> 
>> On 27 Jun 2017, at 09:00, <ok@REDACTED> <ok@REDACTED> wrote:
>> 
>>> As I understand it, this is one of the driving forces behind
>>> the application = VM approach using Docker and the like:
>>> make a VM containing the things your application needs and
>>> as little else as you can manage, and then never change it.
>>> If you want a new version of the application, make a new VM.
>> 
>> This sounds good on the surface (the charm of Docker).
>> 
>> Then one realises that the container is exposed to a network, and so open to attack.
>> 
>> Then one understand that the less worse approach is to keep updating everything and fixing what breaks.
>> 
>> marco
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>

More information about the erlang-questions mailing list