How do you make sure that your Docker containers don't go rogue and start snooping around or contacting external servers that they shouldn't be talking to? Is there a network traffic monitoring program that I could use? Or a service that would notify me about vulnerabilities in containers that I have installed?

Some background:

Last year, I asked help setting up my new Synology NAS, and many of you wonderful people offered some really, really good advice. I have recently started to play around with Docker containers more, and I am a little uneasy about the idea that my NAS is home to my files, my own scripts, and Docker containers made by other people, and that it is always on and these containers have constant internet access. I don't have the time (or frankly the skills) to verify the contents of the containers beyond making sure that they come from reputable sources, but I would like to have a bit more peace of mind and make sure that things remain private and secure.

My setup at the moment is the following: I have a Synology DS923+ and I manage Docker containers with Synology's Container Manager, using docker compose files. I have so far put all containers into the same virtual network (perhaps something I need to think about), which is a separate IP range from my other devices, and has internet access through my DNS. I use Synology's DNS Server (for everything in my home network) and Reverse Proxy so that I can use local domain names and HTTPS. For HTTPS, I have made myself a certificate authority and created the necessary certificates and installed them on my devices. No ports are opened on the router and things like UPnP are turned off. I use Tailscale to access my home network when not at home. And while I have not yet done so, I have been considering setting up some firewall rules, for instance to restrict access to the DSM. I use 2FA for the NAS and its SSH is turned on only when I need to use it.

My new Synology DS923+ should be delivered next week, together with 3x6TB drives for a RAID5 setup, 32GB of RAM, 2x1TB NVMe drives and an APC UPS. It's almost certainly overkill as I'll be using the NAS mainly for automated backups (of computers, web servers and cloud services) and as general file storage, although I will also be looking into file syncing, running background scripts, using the NAS as a light development server, and maybe also for surveillance cameras.

Any tips for a beginner? I can find my way around most modern desktop and server systems but I have never set up or maintained a NAS. Are there uses for the system that no one talks about but which you have personally found incredibly useful?