Welcome to the Securing Docker book! We are glad you decided to pick up the book and we want to make sure that the resources you are using are being secured in proper ways to ensure system integrity and data loss prevention. It is also important to understand why you should care about the security. If data loss prevention doesn't scare you already, thinking about the worst possible scenario—a full system compromise and the possibility of your secret designs being leaked or stolen by others—might help to reinforce security. Throughout this book, we will be covering a lot of topics to help get your environment set up securely so that you can begin to start deploying containers with peace of mind knowing that you took the right steps in the beginning to fortify your environment. In this chapter, we will be taking a look at securing Docker hosts and will be covering the following topics:
- Docker host overview
- Discussing Docker host
- Virtualization and isolation
- Attack surface of Docker daemon
- Securing Docker hosts
- Docker Machine
- SELinux and AppArmor
- Auto-patching hosts
Before we get in depth and dive in, let's first take a step back and review exactly what the Docker host is. In this section, we will look at the Docker host itself to get an understanding of what we are referring to when we are talking about the Docker host. We will also be looking at the virtualization and isolation techniques that Docker uses to ensure security.