Security. Docker or VM?

Q

qwqeqwe20172017-08-11 01:12:21

linux

qwqeqwe2017, 2017-08-11 01:12:21

I'm going to deploy lamp + ngnix.
For the site, maximum protection against penetration is planned.
I plan to spread each service and files into a separate container or virtual machine.
That is, the distribution will be as follows:
apache/ngnix/mysql/php/storage
Question 1: Does this make sense as such security lines.
Question 2: What should I use to isolate docker or VM?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nazar Mokrinsky, 2017-08-11
@nazarpc

In theory, virtualization provides better isolation, that is, from the point of view of the consequences of hacking a virtual machine, the host and other virtual machines will be more protected, but virtual machines start up slowly and have high overhead.
On the other hand, if you organize the connections between containers in Docker correctly, then by hacking the Nginx container, accessing the database just won’t work, so it’s also quite a good option.
In general, everything depends on the level of paranoia, but as for me, the prompt update of vulnerable software is much more important.
Personally, I prefer the convenience of containers.

P

Puma Thailand, 2018-01-06
@opium

if each service is separate, then of course the docker, on virtual streets you are tormented to support it.