Cloud servers from $4/mo - Grab the Deal! Let’s start ->
English
Community
Sign In
Sign In

IPS/IDS. Systems for Detecting and Preventing Cyber Attacks

IPS/IDS. Systems for Detecting and Preventing Cyber Attacks
Hostman Team
Technical writer
Infrastructure
25.03.2022
9 min read
Share

The sphere of informational security, the branch of industry that is targeted to secure our digital data (also called infosec), is always developing new products and trying to create new mechanisms to protect users from hackers and cyber criminals of any sort. Traditional tools like firewalls and anti-malware software no longer work as effectively as expected even when it comes to protecting a small company that doesn't have a lot of data because hackers are becoming ever more inventive at getting around them.

In this article we will discuss IPS/IDS solutions, the only way to protect modern network infrastructure. Hostman uses this mechanism to protect its users from all types of cyber attack.

What is wrong with business network security?

Corp-networks are usually designed to have special endpoints that connect several different networks. These networks can be private or public. The main job of developers and administrators is to make these networks as secure as possible without sacrificing their accessibility to regular users (out of corp-network). Nowadays, cyber attacks can be so complex that even the most powerful security systems have a hard time protecting networks from unauthorized access. And they become even harder to detect if hackers get through traditional infosec-solutions like firewalls and antiviruses. Malware can send the server data that seems "normal" for anti-malware software (because it is professionally disguised). That's why modern companies like to implement IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) to protect themselves.

What are IDS and IPS?

IPS/IDS is a combination of software and hardware tools that prevent cybercriminals from accessing the secured network. These systems can automatically detect intrusions, block them and notify administrators of attempts to get unauthorized access to the server. In terms of technological implementation IDS and IPS are not dissimilar but they solve different problems so you need to be able to distinguish them. IDS stands for Intrusion Detection System and IPS stands for Intrusion Prevention System. The first one detects attacks and unexpected traffic and the second one prevents them.

How are IPS/IDS different from firewalls?

Less experienced administrators might not understand why they have to use IDS or IPS when we all have firewalls that actually do the same thing when filtering user traffic. But this is a delusion.

The main function of a firewall is to control access on the network level. Firewall uses certain procedures to pinpoint which computers can communicate with other devices connected to the same network. It can admit traffic that is described as safe in the list of rules (those are prerequisites made by admins or devs). And can restrict all other connections that don’t match the list of rules. IPS/IDS work in a different way. They block the potential threat and admit anything else that does not look suspicious.

There are both conceptual and technical distinctions between both systems. Firewalls are great at protecting the server from threats of OSI-level 2, 4 but almost useless at higher levels because of the lack of necessary software utilities. This is the main reason why firewalls are only usually used to control session parameters like connection status, port numbers, and IP addresses. IDS and IPS can be useful at higher levels because they can analyze not only headers of request but also the main content. Moreover, they can decompress the data passed to the server to inspect it in a more scrupulous way so there's less chance of a virus getting into the secured system.

Intrusion Detection System (IDS)

IDS is not a wholly new way to protect servers. Tools of this kind were invented about 30 years ago and were used in an operating system called SINEX (UNIX-type OS for hardware made by Siemens) to prevent users of terminals from accessing resources of mainframes.

Functions of IDS

So we know what IDS is but what can it do? IDS is a system of detecting cyber attacks. It continuously scans traffic, registers any suspicious requests, and notifies administrators of potential threats. An IDS usually monitors traffic and logs. The system searches for any sign of malware and reports it as soon as possible, sending messages to the console, email address, or via SMS.

IDS can register different types of attacks (DDoS, Bot C&C, P2P, SQL injections, IMAP, POP3, VoIP, etc), detect attempts to change user privileges, get unauthorized access to secured data or open some ports. It can also detect different types of malware (including trojans).

You should remember that IDS is not a tool that controls the network itself. It only helps to find threats and is better described as a utility that shows infosec-specialists how secure the network is at any given moment and what you can do about it. If you've ever used tools like Wireshark you’ll understand how IDS works. The difference is the context (Wireshark inspects a different kind of connection).

Classification of IDS

There are different detection systems: hardware and software, open-sourced, and proprietary. We will look closer at two types of classifications that should be considered when choosing a security system.

The first one is a classification by the type of analyzed traffic. They can be:

  • Based on using protocols PIDS
  • Based on protocols APIDS

One of them monitors communication protocols. The other analyzes a specific list of protocols that includes PHPIDS, GreenSQL-FW, and Mod_Security.

The second one is a classification by the position of IDS in a network infrastructure. They can be:

  • Host-based (HIDS)
  • Network-based (NIDS)

HIDS monitors a single host while NIDS monitors the whole network segment it is installed on. Network IDS is more versatile because they use a deep package inspection system that helps in analyzing all the traffic passed to the server. But this kind of IDS is more of a power hog than other types so you should be prepared to sacrifice some hardware resources to use it.

There are different types of IDS. For example, VMIDS imply using virtual machines so administrators and developers don't have to install the whole software stack on a separate device.

How does IDS detect intrusions?

Usually methods of detecting intrusions are divided into two groups:

  • Detecting abuse (signature IDS)
  • Detecting anomalies

Detecting abuses

Some IDS detect abusive traffic by analyzing traffic and logs. Simply put, this method uses descriptions of attacks that already exist. The security system processes the traffic and tries to find abusive patterns that may signal an attempt to attack the server. Most IDS use this method and is a huge advantage to it. It actually tells the administrator why IDS reacted to some of the requests to the server. It is possible to manually check signatures and find out why IDS decided that a given chunk of traffic seemed to be dangerous. The only caveat is the database of signatures that quickly becomes outdated. The administrator has to update it as often as possible.

Detecting anomalies

This method works in reverse. We know what normal behavior of applications is and what harmless traffic looks like. The security system uses this data to detect any unexpected requests or actions. This kind of IDS was invented 30 years ago. Nowadays, engineers use machine learning technologies to make IDS more reliable and proactive.

There is one big disadvantage of such IDS. They must be refined by working with traffic which is considered normal. It takes time and obliges administrators to use it on some networks and nodes ineffectively. If something goes wrong and IDS reacts to it, administrators will get insufficient data to act (and the complexity of analyzing the logs will grow exponentially with the number of indicators used to distinguish "normal" traffic).

Anyway, there are problems that anomaly-searching IDS can solve better than any other security system. For example, there are no rivals to this type of IDS in detecting and preventing DDoS attacks.

Intrusion Prevention System (IPS)

When IDS can only notify you about some threats, IPS can take action. Using IDS administrators have to reconfigure the firewall manually so attackers can't get access to secured data. It takes time and usually the server has to react to any threat in real-time so there are no consequences. That's why we need IPS. They do the job and can block suspicious connections if necessary.

Different types of IPS and their capabilities

Actually, IPS and IDS can be the same device which is differently set up depending on the issues that administrators and developers want to solve. IPS itself can be described as a hybrid of IDS and firewall because the same technologies underlie both security systems.

Regarding classifications, they are mostly the same because professionals divide IPS into two main categories: HIPS (Hosting-based) and NIDS (Network-based). NIPS prevents any cyberattacks by embedding itself in one part of the network channel and filtering all the traffic passing through. In most cases, such types of IPS have some kind of remote interface that accepts data and an intrinsic interface that passes legitimate traffic on.

On top of that, some specialists divide IPS into:

  • those which monitor traffic and compare it to any signatures that are already known to be dangerous;
  • and those which try to find suspicious traffic based on protocol-analyzing systems.

The second one makes it possible to protect the network from unknown classes of attacks.

IPS may react to attacks in different ways. The most common form of protection is the reconfiguration of communicational hardware (which makes it impossible to use it in a harmful way). Also such methods as blocking off some users or hosts, disconnecting users or applications via TCP RST or firewall might be used.

Conclusion

In the final part of this article, we will pinpoint specific tasks that can be performed using IPS or IDS and outline the main requirements that administrators and developers have to consider when choosing security systems for their projects.

Security systems have two main functions. First, they develop a database of threats that can be used as evidence when infosec-specialists start to investigate any incident connected to data breach or cyber attack (as an example, when a cyber criminal uses company resources for a period of time). Secondly they monitor any potentially dangerous activity in the analyzed network. Consequently, there are two requirements:

  • completeness of the database that consists of existing exploits and vulnerabilities (signatures which are used to detect any cyberattacks);
  • and reliability of the whole system, so it won't turn off and stop gathering useful information.

A system that is used to prevent hackers from accessing secured data tries to normalize traffic via blocking attacks and minimize damage caused by cyber criminals. The requirements for IPS are a bit different. Firstly, such a system has to be as reliable as possible. There should be no reason for it to stop working and failing to secure the server. Malfunction of the IPS can lead the whole infrastructure to shut down active connections. Secondly, such a system has to have a minimal amount of fake detections.

If you want to implement a modern and multifunctional security system for your server you should consider setting up a device called UTM. It is a piece of hardware that includes all the protection components of IDS and IPS. It works as a firewall, proxy-server, anti-spam, content filter, and anti-malware software.

Infrastructure
25.03.2022
9 min read
Share

Similar

Infrastructure

Virtualization vs Containerization: What They Are and When to Use Each

This article explores two popular technologies for abstracting physical hardware: virtualization and containerization. We will provide a general overview of each and also discuss the differences between virtualization and containerization. What Is Virtualization The core component of this technology is the virtual machine (VM). A VM is an isolated software environment that emulates the hardware of a specific platform. In other words, a VM is an abstraction that allows a single physical server to be transformed into multiple virtual ones. Creating a VM makes sense when you need to manage all operating system kernel settings. This avoids kernel conflicts with hardware, supports more features than a specific OS build might provide, and allows you to optimize and install systems with a modified kernel. What Is Containerization Containers work differently: to install and run a container platform, a pre-installed operating system kernel is required (this can also be on a virtual OS). The OS allocates system resources for the containers that provide a fully configured environment for deploying applications. Like virtual machines, containers can be easily moved between servers and provide a certain level of isolation. However, to deploy them successfully, it’s sufficient for the base kernel (e.g., Linux, Windows, or macOS) to match — the specific OS version doesn’t matter. Thus, containers serve as a bridge between the system kernel layer and the application layer. What Is the Difference Between Containerization and Virtualization Some, especially IT beginners, often frame it as "virtualization vs containerization." But these technologies shouldn't be pitted against each other — they actually complement one another. Let’s examine how they differ and where they overlap by looking at how both technologies perform specific functions. Isolation and Security Virtualization makes it possible to fully isolate a VM from the rest of the server, including other VMs. Therefore, VMs are useful when you need to separate your applications from others located on the same servers or within the same cluster. VMs also increase the level of network security. Containerization provides a certain level of isolation, too, but containers are not as robust when it comes to boundary security compared to VMs. However, solutions exist that allow individual containers to be isolated within VMs — one such solution is Hyper-V. Working with the Operating System A VM is essentially a full-fledged OS with its own kernel, which is convenient but imposes high demands on hardware resources (RAM, storage, CPU). Containerization uses only a small fraction of system resources, especially with adapted containers. When forming images in a hypervisor, the minimal necessary software environment is created to ensure the container runs on an OS with a particular kernel. Thus, containerization is much more resource-efficient. OS Updates With virtualization, you have to download and install OS updates on each VM. To install a new OS version, you need to update the VM — in some cases, even create a new one. This consumes a significant amount of time, especially when many virtual machines are deployed. With containers, the situation is similar. First, you modify a file (called a Dockerfile) that contains information about the image. You change the lines that specify the OS version. Then the image is rebuilt and pushed to a registry. But that’s not all: the image must then be redeployed. To do this, you use orchestrators — platforms for managing and scaling containers. Orchestration tools (the most well-known are Kubernetes and Docker Swarm) allow automation of these procedures, but developers must install and learn them first. Deployment Mechanisms To deploy a single VM, Windows (or Linux) tools will suffice, as will the previously mentioned Hyper-V. But if you have two or more VMs, it’s more convenient to use solutions like PowerShell. Single containers are deployed from images via a hypervisor (such as Docker), but for mass deployment, orchestration platforms are essential. So in terms of deployment mechanisms, virtualization and containerization are similar: different tools are used depending on how many entities are being deployed. Data Storage Features With virtualization, VHDs are used when organizing local storage for a single VM. If there are multiple VMs or servers, the SMB protocol is used for shared file access. Hypervisors for containers have their own storage tools. For example, Docker has a local Registry repository that lets you create private storage and track image versions. There is also the public Docker Hub repository, which is used for integration with GitHub. Orchestration platforms offer similar tools: for instance, Kubernetes can set up file storage using Azure’s infrastructure. Load Balancing To balance the load between VMs, they are moved between servers or even clusters, selecting the one with the best fault tolerance. Containers are balanced differently. They can’t be moved per se, but orchestrators provide automatic starting or stopping of individual containers or whole groups. This enables flexible load distribution between cluster nodes. Fault Tolerance Faults are also handled in similar ways. If an individual VM fails, it’s not difficult to transfer that VM to another server and restart the OS there. If there’s an issue with the server hosting the containerization platform, containers can be quickly recreated on another server using the orchestrator. Pros and Cons of Virtualization Advantages: Reliable isolation. Logical VM isolation means failures in one VM don’t affect the others on the same server. VMs also offer a good level of network security: if one VM is compromised, its isolation prevents infection of others. Resource optimization. Several VMs can be deployed on one server, saving on purchasing additional hardware. This also facilitates the creation of clusters in data centers. Flexibility and load balancing. VMs are easily transferred, making it simpler to boost cluster performance and maintain systems. VMs can also be copied and restored from backups. Furthermore, different VMs can run different OSs, and the kernel can be any type — Linux, Windows, or macOS — all on the same server. Disadvantages: Resource consumption. VMs can be several gigabytes in size and consume significant CPU power. There are also limits on how many VMs can run on a single server. Sluggishness. Deployment time depends on how "heavy" the VM is. More importantly, VMs are not well-suited to scaling. Using VMs for short-term computing tasks is usually not worthwhile. Licensing issues. Although licensing is less relevant for Russian developers, you still need to consider OS and software licensing costs when deploying VMs — and these can add up significantly in a large infrastructure. Pros and Cons of Containerization Advantages: Minimal resource use. Since all containers share the same OS kernel, much less hardware is needed than with virtual machines. This means you can create far more containers on the same system. Performance. Small image sizes mean containers are deployed and destroyed much faster than virtual machines. This makes containers ideal for developers handling short-term tasks and dynamic scaling. Immutable images. Unlike virtual machines, container images are immutable. This allows the launch of any number of identical containers, simplifying testing. Updating containers is also easy — a new image with updated contents is created on the container platform. Disadvantages: Compatibility issues. Containers created in one hypervisor (like Docker) may not work elsewhere. Problems also arise with orchestrators: for example, Docker Swarm may not work properly with OpenShift, unlike Kubernetes. Developers need to carefully choose their tools. Limited lifecycle. While persistent container storage is possible, special tools (like Docker Data Volumes) are required. Otherwise, once a container is deleted, all its data disappears. You must plan ahead for data backup. Application size. Containers are designed for microservices and app components. Heavy containers, such as full-featured enterprise software, can cause deployment and performance issues. Conclusion Having explored the features of virtualization and containerization, we can draw a logical conclusion: each technology is suited to different tasks. Containers are fast and efficient, use minimal hardware resources, and are ideal for developers working with microservices architecture and application components. Virtual machines are full-fledged OS environments, suitable for secure corporate software deployment. Therefore, these technologies do not compete — they complement each other.
10 June 2025 · 7 min to read
Infrastructure

Top RDP Clients for Linux in 2025: Remote Access Tools for Every Use Case

RDP (Remote Desktop Protocol) is a proprietary protocol for accessing a remote desktop. All modern Windows operating systems have it by default. However, a Linux system with a graphical interface and the xrdp package installed can also act as a server. This article focuses on Linux RDP clients and the basic principles of how the protocol works. Remote Desktop Protocol RDP operates at the application layer of the OSI model and is based on the Transport Layer Protocol (TCP). Its operation follows this process: A connection is established using TCP at the transport layer. An RDP session is initialized. The RDP client authenticates, and data transmission parameters are negotiated. A remote session is launched: the RDP client takes control of the server. The server is the computer being remotely accessed. The RDP client is the application on the computer used to initiate the connection. During the session, all computational tasks are handled by the server. The RDP client receives the graphical interface of the server's OS, which is controlled using input devices. The graphical interface may be transmitted as a full graphical copy or as graphical primitives (rectangles, circles, text, etc.) to save bandwidth. By default, RDP uses port 3389, but this can be changed if necessary. A typical use case is managing a Windows remote desktop from a Linux system. From anywhere in the world, you can connect to it via the internet and work without worrying about the performance of the RDP client. Originally, RDP was introduced in Windows NT 4.0. It comes preinstalled in all modern versions of Windows. However, implementing a Linux remote desktop solution requires special software. RDP Security Two methods are used to ensure the security of an RDP session: internal and external. Standard RDP Security: This is an internal security subsystem. The server generates RSA keys and a public key certificate. When connecting, the RDP client receives these. If confirmed, authentication takes place. Enhanced RDP Security: This uses external tools to secure the session, such as TLS encryption. Advantages of RDP RDP is network-friendly: it can work over NAT, TCP, or UDP, supports port forwarding, and is resilient to connection drops. Requires only 300–500 Kbps bandwidth. A powerful server can run demanding apps even on weak RDP clients. Supports Linux RDP connections to Windows. Disadvantages of RDP Applications sensitive to latency, like games or video streaming, may not perform well. Requires a stable server. File and document transfer between the client and server may be complicated due to internet speed limitations. Configuring an RDP Server on Windows The most common RDP use case is connecting to a Windows server from another system, such as a Linux client. To enable remote access, the target system must be configured correctly. The setup is fairly simple and works "out of the box" on most modern Windows editions.  Enable remote desktop access via the Remote Access tab in System Properties. Select the users who can connect (by default, only administrators). Check firewall settings. Some profiles like “Public” or “Private” may block RDP by default. If the server is not in a domain, RDP might not work until you allow it manually via Windows Firewall → Allowed Apps. If behind a router, you might need to configure port forwarding via the router’s web interface (typically under Port Forwarding). Recall that RDP uses TCP port 3389 by default. Best RDP Clients for Linux Remmina Website: remmina.org Remmina is a remote desktop client with a graphical interface, written in GTK+ and licensed under GPL. In addition to RDP, it supports VNC, NX, XDMCP, SPICE, X2Go, and SSH. One of its key features is extensibility via plugins. By default, RDP is not available until you install the freerdp plugin. After installing the plugin, restart Remmina, and RDP will appear in the menu. To connect: Add a new connection. Fill in connection settings (you only need the remote machine's username and IP). Customize further if needed (bandwidth, background, hotkeys, themes, etc.). Save the connection — now you can connect with two clicks from the main menu. If you need to run Remmina on Windows, a guide is available on the official website. FreeRDP Website: freerdp.com FreeRDP is a fork of the now-unsupported rdesktop project and is actively maintained under the Apache license. FreeRDP is a terminal-based client. It is configured and launched entirely via the command line. Its command structure is similar to rdesktop, for example: xfreerdp -u USERNAME -p PASSWORD -g WIDTHxHEIGHT IP This command connects to the server at the given IP using the specified credentials and screen resolution. KRDC Website: krdc KRDC (KDE Remote Desktop Client) is the official remote desktop client for KDE that supports RDP and VNC protocols. It offers a clean and straightforward interface consistent with KDE's Plasma desktop environment. KRDC is ideal for users of KDE-based distributions like Kubuntu, openSUSE KDE, and Fedora KDE Spin. It integrates well with KDE's network tools and provides essential features such as full-screen mode, session bookmarking, and network browsing via Zeroconf/Bonjour. KRDC is actively maintained by the KDE community and is available through most Linux package managers. GNOME Connections Website: gnome-connections Vinagre was the former GNOME desktop's default remote desktop client. GNOME Connections, a modernized remote desktop tool for GNOME environments, has since replaced it. GNOME Connections supports RDP and VNC, providing a simple and user-friendly interface that matches the GNOME design language. It focuses on ease of use rather than configurability, making it ideal for non-technical users or quick access needs. Features: Bookmarking for quick reconnections Simple RDP session management Seamless integration into GNOME Shell Connections is maintained as part of the official GNOME project and is available in most distribution repositories. Apache Guacamole Website: guacamole.apache.org This is the simplest yet most complex remote desktop software for Linux. Simple because it works directly in a browser — no additional programs or services are needed. Complex because it requires one-time server installation and configuration. Apache Guacamole is a client gateway for remote connections that works over HTML5. It supports Telnet, SSH, VNC, and RDP — all accessible via a web interface. Although the documentation is extensive, many ready-made scripts exist online to simplify basic setup. To install: wget https://git.io/fxZq5 -O guac-install.sh chmod +x guac-install.sh ./guac-install.sh After installation, the script will provide a connection address and password. To connect to a Windows server via RDP: Open the Admin Panel, go to Settings → Connections, and create a new connection. Enter the username and IP address of the target machine — that's all you need. The connection will now appear on the main page, ready for use. Conclusion RDP is a convenient tool for connecting to a remote machine running Windows or a Linux system with a GUI. The server requires minimal setup — just a few settings and firewall adjustments — and the variety of client programs offers something for everyone.
09 June 2025 · 6 min to read
Infrastructure

Docker Container Storage and Registries: How to Store, Manage, and Secure Your Images

Docker containerization offers many benefits, one of which is image layering, enabling fast container generation. However, containers have limitations — for instance, persistent data needs careful planning, as all data within a container is lost when it's destroyed. In this article, we’ll look at how to solve this issue using Docker’s native solution called Docker Volumes, which allows the creation of persistent Docker container storage. What Happens to Data Written Inside a Container To begin, let’s open a shell inside a container using the following command: docker run -it --rm busybox Now let’s try writing some data to the container: echo "Hostman" > /tmp/data cat /tmp/data Hostman We can see that the data is written, but where exactly? If you're familiar with Docker, you might know that images are structured like onions — layers stacked on top of each other, with the final layer finalizing the image. Each layer can only be written once and becomes read-only afterward. When a container is created, Docker adds another layer for handling write operations. Since container lifespans are limited, all data disappears once the container is gone. This can be a serious problem if the container holds valuable information. To solve this, Docker provides a solution called Docker Volumes. Let’s look at what it is and how it works. Docker Volumes Docker Volumes provide developers with persistent storage for containers. This tool decouples data from the container’s lifecycle, allowing access to container data at any time. As a result, data written inside containers remains available even after the container is destroyed, and it can be reused by other containers. This is a useful solution for sharing data between Docker containers and also enables new containers to connect to the existing storage. How Docker Volumes Work A directory is created on the server and then mounted into one or more containers. This directory is independent because it is not included in the Docker image layer structure, which allows it to bypass the read-only restriction of the image layers for containers that include such a directory. To create a volume, use the following command: docker volume create Now, let’s check its location using: docker volume inspect volume_name The volume name usually consists of a long alphanumeric string. In response, Docker will display information such as the time the volume was created and other metadata, including the Mountpoint. This line shows the path to the volume. To view the data stored in the volume, simply open the specified directory. There are also other ways to create a Docker Volume. For example, the -v option can be added directly during container startup, allowing you to create a volume on the fly: docker run -it --rm -v newdata:/data busybox Let’s break down what’s happening here: The -v argument follows a specific syntax, indicated by the colon right after the volume name (in this case, we chose a very creative name, newdata). After the colon, the mount path inside the container is specified. Now, you can write data to this path, for example: echo "Cloud" > /data/cloud Data written this way can easily be found at the mount path. As seen in the example above, the volume name is not arbitrary — it matches the name we provided using -v. However, Docker Volumes also allow for randomly generated names, which are always unique to each host. If you’re assigning names manually, make sure they are also unique. Now, run the command: docker volume ls If the volume appears in the list, it means any number of other containers can use it. To test this, you can run: docker run -it --rm -v newdata:/data busybox Then write something to the volume. Next, start another container using the exact same command and you’ll see that the data is still there and accessible — meaning it can be reused. Docker Volumes in Practice Now let’s take a look at how Docker Volumes can be used in practice. Suppose we're developing an application to collect specific types of data — let’s say football statistics. We gather this data and plan to use it later for analysis — for example, to assess players’ transfer market values or for betting predictions. Let’s call our application FootballStats. Preserving Data After Container Removal Obviously, if we don’t use Docker Volumes, all the collected statistics will simply be lost as soon as the container that stored them is destroyed. Therefore, we need to store the data in volumes so it can be reused later. To do this, we use the familiar -v option:  -v footballstats:/dir/footballstats This will allow us to store match statistics in the /dir/footballstats directory, on top of all container layers. Sharing Data Suppose the FootballStats container has already gathered a certain amount of data, and now it's time to analyze it. For instance, we might want to find out how a particular team performed in the latest national championship or how a specific player did — goals, assists, cards, etc. To do this, we can mount our volume into a new container, which we’ll call FootballStats-Analytics. The key advantage of this setup is that the new container can read the data without interfering with the original FootballStats container’s ongoing data collection. At the same time, analysis of the incoming data can be performed using defined parameters and algorithms. This information can be stored anywhere, either in the existing volume or a new one, if needed. Other Types of Mounts In addition to standard volumes, Docker Volumes also supports other types of mounts designed to solve specialized tasks: Bind Mount Bind mounts are used to attach an existing path on the host to a container. This is useful for including configuration files, datasets, or static assets from websites. To specify directories for mounting into the container, use the --mount option with the syntax <host path>:<container path>. Tmpfs Mount Tmpfs mounts serve the opposite purpose of regular Docker Volumes — they do not persist data after the container is destroyed. This can be useful for developers who perform extensive logging. In such cases, continuously writing temporary data to disk can significantly degrade system performance. The --tmpfs option creates temporary in-memory directories, avoiding constant access to the file system. Drivers Docker Volume Drivers are a powerful tool that enable flexible volume management. They allow you to specify various storage options, the most important being the storage location — which can be local or remote, even outside the physical or virtual infrastructure of the provider. This ensures that data can survive not only the destruction of the container but even the shutdown of the host itself. Conclusion So, we’ve learned how to create and manage storage using Docker Volumes. For more information on how to modify container storage in Docker, refer to the platform’s official documentation. 
09 June 2025 · 6 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support