Virtual Machines vs. Containers

What technology is more secure? Many people think that virtual machines are more secure. In theory, yes, but in practice … there are doubts.

We often hear statements such as, “HTTPS is well protected,” or “HTTP is not secure.” However, what do we mean by these phrases? “It is difficult to track down and launch a MITM attack on HTTPS” or “My grandmother has no problem tracking HTTP.”

Those phrases might very well prove wrong because HTTPS can be hacked. There have been many such cases. It is also true that HTTP can be quite safe under some circumstances. Also, if you find an exploitable vulnerability in a common implementation that supports HTTPS (meaning OpenSSL and Heartbleed), then this HTTPS can become a hacker gateway until the entire system is fixed.

HTTP and HTTPS are protocols defined by the Internet Engineering Task Force (IETF) in RFC documents, No. 7230 to 7237 and 2828. HTTP appeared first, and as early as 2000, HTTPS was created as a more secure variant of HTTP. However, claiming HTTPS is secure, and HTTP is not would not be correct since exceptions do exist.

Divide and Conquer is a winning principle not only for military strategy but also for software. When an architecture allows dividing one big, complex, intractable security problem into smaller tasks, the result of solving each component will in most cases be a safer option than in a situation where there is one solution that will be used to address all problems.

Containers make a striking example of that principle. Because each application is isolated in its own “cell,” flaws in one application do not weaken applications in other containers. Virtual machines are also based on this principle, but in this case, each action takes place in isolation.


Working with a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by David Balaban. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/_ZcsLzbE0-M/