docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/content/manuals/security/for-admins/hardened-desktop/_index.md

3.7 KiB
Raw Permalink Blame History

title linkTitle description keywords tags aliases grid weight
Overview of Hardened Docker Desktop Hardened Docker Desktop Overview of what Hardened Docker Desktop is and its key features security, hardened desktop, enhanced container isolation, registry access management, settings management root access, admins, docker desktop, image access management
admin
/desktop/hardened-desktop/
title description icon link
Settings Management Learn how Settings Management can secure your developers' workflows. shield_locked /security/for-admins/hardened-desktop/settings-management/
title description icon link
Enhanced Container Isolation Understand how Enhanced Container Isolation can prevent container attacks. security /security/for-admins/hardened-desktop/enhanced-container-isolation/
title description icon link
Registry Access Management Control the registries developers can access while using Docker Desktop. home_storage /security/for-admins/hardened-desktop/registry-access-management/
title description icon link
Image Access Management Control the images developers can pull from Docker Hub. photo_library /security/for-admins/hardened-desktop/image-access-management/
title description icon link
Air-Gapped Containers Restrict containers from accessing unwanted network resources. vpn_lock /security/for-admins/hardened-desktop/air-gapped-containers/
60

{{< summary-bar feature_name="Hardened Docker Desktop" >}}

Hardened Docker Desktop is a group of security features, designed to improve the security of developer environments with minimal impact on developer experience or productivity.

It lets you enforce strict security settings, preventing developers and their containers from bypassing these controls, either intentionally or unintentionally. Additionally, you can enhance container isolation, to mitigate potential security threats such as malicious payloads breaching the Docker Desktop Linux VM and the underlying host.

Hardened Docker Desktop moves the ownership boundary for Docker Desktop configuration to the organization, meaning that any security controls you set cannot be altered by the user of Docker Desktop.

It is for security conscious organizations who:

  • Dont give their users root or administrator access on their machines
  • Would like Docker Desktop to be within their organizations centralized control
  • Have certain compliance obligations

How does it help my organization?

Hardened Desktop features work independently but collectively to create a defense-in-depth strategy, safeguarding developer workstations against potential attacks across various functional layers, such as configuring Docker Desktop, pulling container images, and running container images. This multi-layered defense approach ensures comprehensive security. It helps mitigate against threats such as:

  • Malware and supply chain attacks: Registry Access Management and Image Access Management prevent developers from accessing certain container registries and image types, significantly lowering the risk of malicious payloads. Additionally, Enhanced Container Isolation (ECI) restricts the impact of containers with malicious payloads by running them without root privileges inside a Linux user namespace.
  • Lateral movement: Air-gapped containers lets you configure network access restrictions for containers, thereby preventing malicious containers from performing lateral movement within the organization's network.
  • Insider threats: Settings Management configures and locks various Docker Desktop settings so you can enforce company policies and prevent developers from introducing insecure configurations, intentionally or unintentionally.

{{< grid >}}