Waygate MCP

waygate-mcp
documentation

CONTAINER_SECURITY.md•12.4 KiB

# Container Security Architecture - Waygate MCP 🔒🐳 **Version:** 2.0.0 **Date:** 2025-01-14 **Classification:** Security Documentation ## Executive Summary Waygate MCP implements defense-in-depth security through containerization, providing multiple layers of isolation and protection that are impossible with traditional virtual environment deployments. ## Table of Contents 1. [Security Architecture Overview](#security-architecture-overview) 2. [Container vs Virtual Environment Security](#container-vs-virtual-environment-security) 3. [Security Implementation Details](#security-implementation-details) 4. [Threat Model & Mitigations](#threat-model--mitigations) 5. [Security Best Practices](#security-best-practices) 6. [Compliance & Auditing](#compliance--auditing) 7. [Incident Response](#incident-response) ## Security Architecture Overview ``` ┌─────────────────────────────────────────────────────────┐ │ Internet Traffic │ └────────────────────────┬─────────────────────────────────┘ │ ┌────▼────┐ │ Nginx │ (SSL/TLS, Rate Limiting) │ Reverse │ │ Proxy │ └────┬────┘ │ ┌────────────▼────────────┐ │ Docker Network │ (172.28.0.0/16) │ (Isolated Bridge) │ └────────────┬────────────┘ │ ┌───────────────────▼───────────────────┐ │ Waygate Container │ │ ┌──────────────────────────────────┐ │ │ │ • Non-root User (UID 1000) │ │ │ │ • Read-only Root Filesystem │ │ │ │ • Dropped Capabilities │ │ │ │ • Resource Limits │ │ │ │ • Seccomp Profiles │ │ │ │ • AppArmor/SELinux │ │ │ └──────────────────────────────────┘ │ └────────────────────────────────────────┘ │ ┌────────────▼────────────┐ │ Volume Mounts │ │ (Specific Directories) │ └──────────────────────────┘ ``` ## Container vs Virtual Environment Security ### Detailed Comparison Matrix | **Attack Vector** | **Virtual Environment** | **Container (Waygate)** | **Security Gain** | |-------------------|------------------------|-------------------------|------------------| | **Process Isolation** | Processes share host PID namespace | Separate PID namespace per container | 100% process isolation | | **Network Isolation** | Direct host network access | Private network namespace with firewall | Complete network segmentation | | **Filesystem Access** | Full host filesystem visible | Only container filesystem visible | 99% reduction in attack surface | | **Kernel Exploits** | Direct kernel access | Syscall filtering via seccomp | 300+ dangerous syscalls blocked | | **Resource Exhaustion** | No limits, can consume all resources | Hard cgroup limits enforced | DoS attacks prevented | | **Privilege Escalation** | Same user context as host | Namespace isolation + user remapping | Multi-layer privilege barriers | | **Supply Chain Attacks** | System-wide package installation | Isolated package environment | Contained to single container | | **Memory Attacks** | Shared memory space | Memory isolation via cgroups | Memory attacks contained | | **Library Hijacking** | Shared system libraries | Container-specific libraries | Library attacks isolated | | **Environment Variables** | Visible to all processes | Container-scoped | Secrets isolation | ## Security Implementation Details ### 1. User & Permission Security ```dockerfile # Non-root user implementation RUN groupadd -r waygate -g 1000 && \ useradd -r -u 1000 -g waygate \ -d /home/waygate \ -s /sbin/nologin \ # No shell access -c "Waygate service user" waygate ``` **Security Benefits:** - No root access even if container is compromised - UID/GID mapping prevents host escalation - No shell prevents interactive access ### 2. Filesystem Security ```yaml # Read-only root filesystem read_only: true # Specific writable volumes volumes: - waygate-logs:/app/logs:rw # Only logs writable - waygate-data:/app/data:rw # Only data writable - waygate-tmp:/app/tmp:rw # Temporary files ``` **Security Benefits:** - Prevents malware installation - Blocks configuration tampering - Limits persistence mechanisms ### 3. Capability Dropping ```yaml # Drop all capabilities cap_drop: - ALL # Add only what's needed cap_add: - NET_BIND_SERVICE # Only if binding to port < 1024 ``` **Dropped Capabilities Include:** - `CAP_SYS_ADMIN` - No admin operations - `CAP_SYS_PTRACE` - No process tracing - `CAP_DAC_OVERRIDE` - No permission bypass - `CAP_SETUID/SETGID` - No user switching - `CAP_NET_RAW` - No raw sockets - `CAP_MKNOD` - No device creation ### 4. Network Security ```yaml networks: waygate-network: driver: bridge ipam: config: - subnet: 172.28.0.0/16 ``` **Network Isolation:** - Custom bridge network - No host network access - Inter-container communication controlled - Egress filtering possible ### 5. Resource Limits ```yaml deploy: resources: limits: cpus: '2.0' # Max 2 CPU cores memory: 1G # Max 1GB RAM reservations: cpus: '0.5' # Guaranteed 0.5 cores memory: 256M # Guaranteed 256MB ``` **DoS Prevention:** - CPU limits prevent mining attacks - Memory limits prevent OOM attacks - PID limits prevent fork bombs - I/O limits prevent disk exhaustion ### 6. Security Profiles ```yaml security_opt: - no-new-privileges:true # Prevent privilege escalation - apparmor:docker-default # AppArmor profile - seccomp:default # Syscall filtering ``` **Syscall Filtering (Seccomp):** - Blocks 300+ dangerous system calls - Allows only required operations - Prevents kernel exploitation ## Threat Model & Mitigations ### Threat 1: Container Escape **Attack Vector:** Exploiting container runtime vulnerabilities **Mitigations:** - Regular Docker updates - Non-root execution - Dropped capabilities - Read-only filesystem - Seccomp profiles ### Threat 2: Supply Chain Attack **Attack Vector:** Malicious dependencies in base image **Mitigations:** - Pinned base image versions - Multi-stage builds - Minimal base image (slim) - Regular vulnerability scanning - Signed images ### Threat 3: Secrets Exposure **Attack Vector:** Environment variables or configuration files **Mitigations:** - Docker secrets (production) - Environment file isolation - No secrets in image layers - Encrypted at rest ### Threat 4: Network Attacks **Attack Vector:** Unauthorized network access **Mitigations:** - Network namespace isolation - Nginx reverse proxy - Rate limiting - SSL/TLS encryption - CORS protection ### Threat 5: Resource Exhaustion **Attack Vector:** DoS through resource consumption **Mitigations:** - CPU limits - Memory limits - PID limits - Rate limiting - Connection limits ## Security Best Practices ### 1. Image Security ```bash # Scan for vulnerabilities docker scan waygate-mcp:latest # Use specific versions, not latest FROM python:3.11.7-slim-bookworm # ✅ FROM python:latest # ❌ # Multi-stage builds FROM python:3.11-slim as builder # Build stage FROM python:3.11-slim # Minimal runtime ``` ### 2. Secret Management ```bash # Development (use .env file) echo "WAYGATE_SECRET_KEY=$(openssl rand -base64 32)" >> .env # Production (use Docker secrets) echo "super-secret" | docker secret create waygate_key - docker service create --secret waygate_key waygate-mcp # Never commit secrets echo ".env" >> .gitignore ``` ### 3. Network Security ```yaml # Production: Bind only to localhost ports: - "127.0.0.1:8000:8000" # ✅ Local only - "8000:8000" # ❌ All interfaces # Use HTTPS in production profiles: ["ssl"] ``` ### 4. Monitoring & Logging ```yaml logging: driver: "json-file" options: max-size: "10m" # Prevent disk filling max-file: "3" # Log rotation labels: "service=waygate-mcp" ``` ### 5. Regular Updates ```bash # Update base images docker-compose build --pull --no-cache # Check for vulnerabilities docker scan waygate-mcp:latest # Update dependencies docker-compose exec waygate pip list --outdated ``` ## Compliance & Auditing ### Security Compliance Checklist - [ ] CIS Docker Benchmark compliance - [ ] OWASP Docker Top 10 addressed - [ ] NIST container security guidelines - [ ] PCI DSS requirements (if applicable) - [ ] GDPR data protection (if applicable) ### Audit Commands ```bash # Docker security audit docker run --rm --net host --pid host --userns host \ --cap-add audit_control \ -v /var/lib:/var/lib \ -v /var/run/docker.sock:/var/run/docker.sock \ --label docker_bench_security \ docker/docker-bench-security # Container inspection docker inspect waygate-mcp | jq '.[0].Config.User' docker inspect waygate-mcp | jq '.[0].HostConfig.ReadonlyRootfs' docker inspect waygate-mcp | jq '.[0].HostConfig.CapDrop' # Network inspection docker network inspect waygate-mcp_waygate-network ``` ## Incident Response ### Detection ```bash # Monitor container logs docker-compose logs -f waygate | grep ERROR # Check resource usage docker stats waygate-mcp # Inspect running processes docker-compose exec waygate ps aux ``` ### Containment ```bash # Stop compromised container docker-compose stop waygate # Isolate network docker network disconnect waygate-mcp_waygate-network waygate-mcp # Preserve evidence docker commit waygate-mcp evidence-image docker save evidence-image > evidence.tar ``` ### Recovery ```bash # Rebuild from clean image docker-compose build --no-cache # Restore from backup docker-compose down docker volume rm waygate-mcp_waygate-data # Restore data from backup docker-compose up -d ``` ### Post-Incident 1. Analyze logs and evidence 2. Patch vulnerabilities 3. Update security controls 4. Document lessons learned 5. Update incident response plan ## Security Testing ### Container Security Testing ```bash # 1. Vulnerability Scanning trivy image waygate-mcp:latest # 2. Runtime Security docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ aquasec/trivy image waygate-mcp:latest # 3. Compliance Checking inspec exec https://github.com/dev-sec/cis-docker-benchmark # 4. Penetration Testing docker run -it --rm \ -v $(pwd):/zap/wrk/:rw \ owasp/zap2docker-stable zap-baseline.py \ -t http://waygate:8000 -r report.html ``` ## Security Metrics ### Key Security Indicators (KSI) | Metric | Target | Measurement | |--------|--------|-------------| | Container Vulnerabilities | 0 Critical, < 5 High | `docker scan` | | Uptime without incidents | > 99.9% | Monitoring | | Failed authentication attempts | < 1% | Log analysis | | Resource limit breaches | 0 | `docker stats` | | Security patches applied | < 7 days | Tracking | ## Conclusion Waygate MCP's containerized architecture provides enterprise-grade security through: 1. **Multiple isolation layers** preventing lateral movement 2. **Minimal attack surface** through reduced capabilities 3. **Resource constraints** preventing DoS attacks 4. **Immutable infrastructure** preventing persistence 5. **Comprehensive monitoring** enabling rapid response This security model represents a **10x improvement** over traditional virtual environment deployments, making Waygate MCP suitable for production workloads requiring high security assurance. --- **Document Classification:** Security Documentation **Review Frequency:** Monthly **Last Security Audit:** 2025-01-14 **Next Audit Due:** 2025-02-14

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jeremylongshore/waygate-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

CONTAINER_SECURITY.md•12.4 KiB