tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Container Security Service
    Documentation
    Download PDF

    Compromised Container Isolation

    Last updated: 2024-01-23 15:44:44
    Download PDF
      In case of container attacks in the business environment, such as container escape, viruses, trojans, infectious worms, horizontal detection or attacks by compromised containers, or malicious container pull by attackers due to cluster/node vulnerabilities or improper configuration, you need to quickly isolate the container network.
      Note:
      As isolating the container network may affect normal business operations, we recommend you first confirm that the container is risky and isolation is necessary to avoid intrusions.

      Isolating the Container Network

      You can use the container network isolation feature on the Runtime Security, Advanced Prevention, or Asset Management page. The effect may differ by module as shown below:
      Module Name
      Feature Details
      Container escape
      If the container is isolated successfully in case of a security event, the system will disconnect the container from the network and mark the security event as processed.
      Reverse shell
      Abnormal process
      File tampering
      High-risk syscall
      Virus scanning
      Isolating the container alone cannot eliminate virus or trojan risks. Therefore, after the container is isolated successfully in case of a security event, the system will disconnect the container from the network but will not mark the security event as processed. To change the event status, you need to have the viruses or trojans in the container automatically isolated or isolate them manually.
      

      Runtime security or advanced prevention

      1. Log in to the TCSS console and click Runtime Security > Container Escape on the left sidebar.
      2. On the Container Escape page, select the target container and click Process in the Operation column.
      
      
      3. Select Isolate the container, enter the remarks, and click OK.
      
      

      Asset management

      1. On the Asset Management page, click Container.
      2. On the Container page, select the target container and click Isolate the container.
      
      
      3. In the pop-up window, click OK.
      Note:
      If the container is isolated, it will be disconnected from the network.

      Canceling Isolation of the Container Network

      To recover the container network after processing the risks in the container, click More > Cancel isolation in the security event list on the Runtime Security or Advanced Prevention page, or click Asset Management > Container, select the target container, and click Cancel isolation.
      
      

      Viewing the Container Isolation Status

      The container isolation status is refreshed as one of the container asset attributes on the Runtime Security, Advanced Prevention, or Asset Management page. For example, if you successfully isolate the container network in the security event list on the Runtime Security > Container Escape page, you can see that the container is in the Isolated status in the list on the Asset Management > Container page. Similarly, if you isolate the container network in the list on the Asset Management > Container page, the status will be refreshed in the list on the Runtime Security or Advanced Prevention page.
      You can click the container isolation status drop-down list above the list to filter container events.
      
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy