Containing an Attack with Linux Containers and AppArmor/SELinux

Presented at ShmooCon XII (2016), Jan. 17, 2016, 10 a.m. (60 minutes)

In the system hardening space, we've been using chroot jails to contain compromised programs. These jails were better than nothing, but were easily escaped by many attackers. As Linux containers become more mature, we can use them to replace these jails. This talk will teach you how to use Linux Containers, through both Docker and Ubuntu's new LXD, to create far better jails for programs, containing their compromise. You will leave this demo-heavy talk immediately able to use both technologies to create containers for both attack containment and to rapidly develop and host software.

Presenters:

• Jay Beale
  Jay Beale (@jaybeale) has created several defensive security tools, including Bastille Linux and the CIS Linux Scoring Tool, both of which have been used throughout industry and government. He has served as an invited speaker at many industry and government conferences, a columnist for Information Security Magazine, SecurityPortal and SecurityFocus, and a contributor to nine books, including those in his Open Source Security Series and the "Stealing the Network" series. Jay is a founder and serves as both the Chief Technology Officer and Chief Operating Officer of the information security consulting company, InGuardians.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Containing An Attack With Linux Containers.mp4
• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Containing An Attack With Linux Containers.srt (subtitles)

Similar Presentations:

• 44CON 2017 / Linux Containers Made of Steel Canceled
• DEF CON 23 (2015) / Linux Containers: Future or Fantasy?
• DEF CON 14 (2006) / Hacking UNIX with FreeBSD Jail(8), Secure Virtual Servers