In-depth Network Security for Docker Containers

Thumbnail Image
Majed, Asem
Tuffaha, Wajeh
Abdulhaq, Mohammad
Qadry, Moath
Journal Title
Journal ISSN
Volume Title
Abstract— The continuous growth of microservices deploy- ment as containers, exposed a wide attack surface, enabling attackers to execute several types of attacks, including network based attacks such as Man In The Middle attack (MITM) and Address Resolution Protocol (ARP) spoofing. The lack of isolation at network level enabled such attacks to be executed, especially in container environments where many containers are running on the same host without proper restrictions. This is because the existing configuration of the containers network is poorly secured, in which one container is able to access any service running on neighboring containers or on the host. In this paper, we propose a design that is able to attain the required level of network isolation by employing Firewall Container (FWC), which acts as a gateway for a set of related containers that are connected to a virtual bridge to protect against unauthorized access and MITM attacks. FWC is configured to filter traffic and perform port forwarding (NAT), also it has an optional DHCP server. FWC comes with Webmin control panel which provides a web-based interface to manage FWC container effectively. Additionally, a bash script can be used by users to configure the setup easily.