Which of the following will best reduce the application’s privilege escalation attack surface?

A security engineer wants to reduce the attack surface of a public-facing containerized application.

Which of the following will best reduce the application’s privilege escalation attack surface?

A. Implementing the following commands in the Dockerfile: RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd

B. Installing an EDR on the container’s host with reporting configured to log to a centralized SIFM and Implementing the following alerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical

C. Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts

D. Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer: PZRKZI HTTES from 0-0.0.0.0/0 pert 443

View Answer

Answer: A

Explanation:

Implementing the given commands in the Dockerfile ensures that the container runs with non-root user privileges. Running applications as a non-root user reduces the risk of privilege escalation attacks because even if an attacker compromises the application, they would have limited privileges and would not be able to perform actions that require root access.

A. Implementing the following commands in the Dockerfile: This directly addresses the privilege escalation attack surface by ensuring the application does not run with elevated privileges.

B. Installing an EDR on the container’s host: While useful for detecting threats, this does not reduce the privilege escalation attack surface within the containerized application.

C. Designing a multi-container solution: While beneficial for modularity and remediation, it does not specifically address privilege escalation.

D. Running the container in an isolated network: This improves network security but does not directly reduce the privilege escalation attack surface.

References:

CompTIA Security+ Study Guide

Docker documentation on security best practices

NIST SP 800-190, "Application Container Security Guide"