LinuxCon: Running Containers in a Hostile Environment
TORONTO — Containers offer many different security benefitA and can even be used to run hacking competitions, without being hacked itself. In a session at the LinuxCon ContainerCon conference in Toronto Stéphane Graber LXD Technical Lead at Canonical Ltd detailed how the NorthSec capture the flag contest makes use of containers (specifically LXC) to enable the contest.
The whole setup involved no less than 11,387 Linux containers and an all IPv6 network that was setup to mimic the real Internet, but could only run locally. Graber said that the network setup really makes it feel like hackers on the real internet.
To secure all the containers, Graber and the NorthSec team use the LXD daemon to further isolate the containers and provide security.
Over the course of a very detailed technical overview, Graber explained that full configuration setup that enabled the competition to work. Overall a really interesting use-case of containers that couldn't easily be done with regular bare metal, and with more difficulty (and hardware) using traditional virtual machines.
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist