A conta Red Hat dá acesso ao seu perfil de membro, preferências, e os serviços seguintes, com base em seu status de cliente:

Portal do cliente
Central de Parceiros

Gerenciamento de usuários
Central de Certificação

Registre-se

Ainda não se registrou? Aqui estão algumas razões pelas quais você deve:

Procurar artigos da base de conhecimento, gerenciar casos de suporte e subscrições, baixar atualizações, e mais de um lugar.
Exibir usuários de sua empresa e editar informações, preferências e permissões de contas.
Gerenciar as suas certificações Red Hat, ver histórico de exames e baixar logotipos e documentos relacionados à certificação.

Editar o seu perfil e as suas preferências

A conta Red Hat dá acesso ao seus perfil de membro, preferências, e outros serviços, dependendo de seu status de cliente.

Para sua segurança, se você estiver em um computador público e terminar de utilizar os serviços Red Hat, não se esqueça de sair.

Sair

Security

Container security

What is container security?

Container security is the protection of the integrity of containers. This includes everything from the applications they hold to the infrastructure they rely on. Container security needs to be integrated and continuous. In general, continuous container security for the enterprise is about:

Securing the container pipeline and the application
Securing the container deployment environment(s) and infrastructure
Integrating with enterprise security tools and meeting or enhancing existing security policies

Containers are popular because they make it easy to build, package, and promote an application or service, and all its dependencies, throughout its entire lifecycle and across different environments and deployment targets. But there are still some challenges to container security. Static security policies and checklists don’t scale for containers in the enterprise. The supply chain needs more security policy services. Teams need to balance the networking and governance needs of containers. Build and runtime tools and services need decoupling.

graphical image of a container along a pipeline secured with locks

By building security into the container pipeline and defending your infrastructure, you can make sure your containers are reliable, scalable, and trusted.

Build security into the container pipeline

Gather images

Containers are created out of layers of files. The container community often calls these files “container images.” The base image is the most important for security purposes, because it is used as the starting point from which you create derivative images. Container security starts with finding trusted sources for base images. Even when using trusted images, though, adding applications and making configuration changes will introduce new variables. When bringing in external content to build your apps, you need to have proactive content management in mind.

When gathering container images, ask:

Are the container images signed and from trusted sources?
Are the runtime and operating system layers up to date?
How quickly and how often will the container be updated?
Are known problems identified, and how will they be tracked?

Manage access

Once you’ve obtained your images, the next step is to manage both access to, and promotion of, all container images your team uses. That means protecting the images you download as well as the ones you build. Using a private registry will allow you to control access through role-based assignments while also helping you manage content by assigning metadata to the container. Metadata will provide information like identifying and tracking known vulnerabilities. A private registry also gives you the power to automate and assign policies for the container images you have stored, minimizing human errors that may introduce vulnerabilities into your container.

When deciding how to manage access, ask:

What role-based access controls can you use to manage container images?
Are there tagging abilities, to help sort images? Can you tag images as approved only for development, and then testing, and then production?
Does the registry offer visible metadata that allows you to track known vulnerabilities?
Can you use the registry to assign and automate policy (e.g. checking signatures, code scans, etc.)?

Integrate security testing and automate deployment

The last step of the pipeline is deployment. Once you’ve completed your builds, you need to manage them according to industry standards. The trick here is to understand how to automate policies to flag builds with security issues, especially as new security vulnerabilities are found. Because patching containers is never as good of a solution as rebuilding them, integrating security testing should take into account policies that trigger automated rebuilds. Running on component analysis tools that can track and flag issues is the first part of this step. The second part is establishing tooling for automated, policy-based deployment.

When integrating security testing and automated deployment, ask:

How can you prevent patching running containers, and instead use triggers to rebuild and replace containers with automated updates?

Defend your infrastructure

Another layer of container security is the isolation provided by the host operating system (OS). You need a host OS that provides maximum container isolation. This is a big part of what it means to defend your container deployments environment. The host OS is enabled using a container runtime, ideally managed through an orchestration system. To make your container platform resilient, use network namespaces to sequester applications and environments, and attach storage via secure mounts. An API management solution should include authentication and authorization, LDAP integration, end-point access controls, and rate limiting.

When deciding how to defend your container infrastructure, ask:

Which containers need to access one another? How will they discover each other?
How will you control access and management of shared resources (e.g. network and storage)?
How will you manage host updates? Will all of your containers require updates at the same time?
How will you monitor container health?
How will you automatically scale application capacity to meet demand?

We can help

Red Hat^® OpenShift Container Platform comes with Red Hat Enterprise Linux^®. It automates the container application life cycle, integrate security into the container pipeline, and is designed with DevOps teams in mind. Our container catalog provides you with access to a large number of certified images, language runtimes, databases, and middleware that can run anywhere you run Red Hat Enterprise Linux. Images from Red Hat are always signed and verified to ensure provenance and integrity.

Red Hat monitors our container images for newly discovered vulnerabilities (which includes a continually updated and publicly visible health index), as well as releases security updates and container rebuilds that are pushed to our public registry.

Plus, all this other stuff is pretty good too:

Web-scale container orchestration and management
Rich web console with multi-user collaboration features
CLI & IDE interfaces
Build automation & source-to-image
Integration with CI
Deployment automation
Support for remote storage volumes
Simplified installation & administration
Large collection of supported programming languages, frameworks, & services

Get started

Cloud computing

OpenShift lets you easily and quickly build, develop, and deploy in nearly any infrastructure, public or private.

Learn more

Linux platforms

Red Hat Enterprise Linux is a stable, proven foundation that’s versatile enough for rolling out new applications, virtualizing environments, and creating a secure hybrid cloud—all backed by our award-winning support.

Learn more

There’s a lot more to do with container security

Read the blog

Talk to a Red Hatter