Yesterday, Docker announced that Docker for AWS is graduating to public beta. Docker for AWS is a great way for ops to setup and maintain secure and scalable Docker deployments on AWS. With Docker for AWS, IT ops teams can deploy a standard Docker platform, integrate deeply with underlying infrastructure to ensure Docker takes advantage of the host environment’s native capabilities and exposes a familiar interface to administrators, deploy the platform to all the places where you want to run Dockerized vApp and make sure the latest and greatest Docker versions are available for the hardware, OSs, and infrastructure you love.
If you’ve used tools like Docker, you already know that these tools are capable of isolating processes in small “containers”. Running processes in Docker containers is like running them in virtual machines, only these containers are significantly lighter than virtual machines.
With the introduction of Linux namespaces, it became possible to have multiple “nested” process trees. Each process tree can have an entirely isolated set of processes. This can ensure that processes belonging to one process tree cannot inspect or kill – in fact cannot even know of the existence of – processes in other sibling or parent process trees. Every time a computer with Linux boots up, it starts with just one process, with process identifier (PID) 1. This process is the root of the process tree, and it initiates the rest of the system by performing the appropriate maintenance work and starting the correct daemons/services.
Software developers use Linux containers to save time and money, providing a mechanism to build much more manageable applications through development, testing and environments of implementation with a better security in the software life cycle as in their actions and scenarios.
According to Forrester, more than half of operations and IT development responsible see security as the biggest concern when adopting containers.
Corero Network Security identified a zero-day vulnerability in LDAP protocol that enables to amplify Distributed Denial of Service attacks (DDoS) 50 times, making them much more effective and much more difficult to mitigate.
This protocol, mainly used in Windows Server Active Directory administration tool has become an ally for cybercriminals, that leverage vulnerable servers supporting LDAP to bounce junk traffic to a server with a single IP address, so the service is overcrowded and stops working.
Linux security expert Phil Oester discovered a privilege-escalation critical vulnerability affecting the Linux Kernel. This bug is called Dirty COW and identified as CVE-2016-5195 and although it has recently been discovered, it existed since 2007.
This flaw affects the component Kernel Memory Subsystem, allows to manipulate an unknown input and explote the vulnerability that may affect the system’s confidenciality, integrity and availability.
The different uses of UDS Enterprise connection broker, an interesting Open Source software for containers management in Unix OS and UDS Enterprise authentication system have been the most read topics in our blog for the last weeks.
Below you can find the links to the articles about these topics so you can keep up to date with the most outstanding news on Open Source and virtualization according to our community:
To offer the best experiences, we use technologies such as cookies to store and/or access device information. Consent to these technologies will allow us to process data such as browsing behavior or unique identifications on this site. Not consenting or withdrawing consent may negatively affect certain features and functions.
Functional
Always active
The storage or technical access is strictly necessary for the legitimate purpose of allowing the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication through an electronic communications network.
Preferencias
El almacenamiento o acceso técnico es necesario para la finalidad legítima de almacenar preferencias no solicitadas por el abonado o usuario.
Statistics
Storage or technical access that is used exclusively for anonymous statistical purposes.El almacenamiento o acceso técnico que se utiliza exclusivamente con fines estadísticos anónimos. Sin un requerimiento, el cumplimiento voluntario por parte de tu Proveedor de servicios de Internet, o los registros adicionales de un tercero, la información almacenada o recuperada sólo para este propósito no se puede utilizar para identificarte.
Marketing
Storage or technical access is necessary to create user profiles to deliver advertising, or to track the user across one or multiple websites for similar marketing purposes.
