4.2 Containerization Flashcards
What is containerization?
Containerization shares the host OS kernel across multiple containers while isolating each container’s user space.
Common tools include Docker and Kubernetes.
What are the main benefits of containerization?
Efficient resource usage, enhanced security through logical isolation, and reduced overhead compared to traditional virtual machines.
How do containers differ from virtual machines?
Containers share the host OS kernel, while VMs include a full OS and run on a hypervisor, making VMs more resource-intensive.
What are common containerization tools?
Docker, Kubernetes, Parallels Virtuozzo, and OpenVZ.
What is the main security risk of containerization?
Compromise of the host OS can expose all containers running on it.
How does container isolation enhance security?
Containers are logically isolated and require virtual network connections for inter-container communication.
What is the risk of shared physical servers in containerized environments?
Co-hosting with other organizations can introduce vulnerabilities from crashes or insecure neighbors.
What is the significance of hypervisor exploits?
A single hypervisor vulnerability can compromise all VMs managed by it.
What are key host OS security practices for containerization?
Regularly patching the OS, limiting access to critical systems, and using secure management interfaces.
How can container workloads be secured?
Use orchestration tools like Kubernetes for monitoring and segmentation, and isolate sensitive workloads.
What is the role of failover and redundancy in virtualization security?
They minimize downtime risks and ensure load balancing across physical servers.
Why consider hypervisor diversity in virtualization?
It reduces the impact of a single hypervisor exploit but may increase costs for support and training.
What is the trade-off between containerization and traditional virtualization?
Containerization is more resource-efficient but depends heavily on the host OS, while virtualization offers stronger isolation through hypervisors.
How does load balancing improve security in virtualized environments?
It prevents server overloads by distributing workloads, reducing the risk of crashes.
What should organizations evaluate when choosing between containerization and virtualization?
Efficiency, security, specific business needs, and the complexity of implementation.
How do orchestration tools enhance container management?
They automate deployment, monitoring, scaling, and security for containerized workloads.
What is Kubernetes?
A container orchestration tool that manages the deployment, scaling, and monitoring of containerized applications.
Why is patching the host OS critical in containerized environments?
A compromised host OS can expose all running containers to attacks.
What is logical isolation in containers?
A security feature where each container operates independently, with no direct access to other containers or the host OS.
What is the primary advantage of containerization over traditional VMs?
It uses fewer resources by sharing the OS kernel and eliminates the need for a full OS in each instance.
