[TheRecord] NSA, CISA publish Kubernetes hardening guide

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published today a 59-page technical report containing guidance for hardening Kubernetes clusters.

Initially developed by Google engineers and later open-sourced under the Cloud Native Computing Foundation, Kubernetes is one of today’s most popular container orchestration software.

Used primarily inside cloud-based infrastructure, Kubernetes allows system administrators to easily deploy new IT resources using software containers.

However, because the Kubernetes and Docker model is so different compared to traditional, monolithic software platforms, many system administrators have problems configuring Kubernetes to work in a secure way.

Over the past few years, several crypto-mining botnets have targeted these misconfigurations. Threat actors scanned the internet for Kubernetes management features left exposed online without authentication or for applications running on large Kubernetes clusters (such as Argo Workflow or Kubeflow), gained access to a Kubernetes backend, and then used this access to deploy crypto-mining apps inside a victim’s cloud infrastructure.

These attacks started taking place at a timid pace in early 2017 but have now reached a state where multiple gangs are fighting each other on the same misconfigured cluster.

Through the guidance published today, CISA and NSA officials hope to provide system administrators with a secure baseline for future Kubernetes configurations that will avoid these types of intrusions.

Furthermore, besides a basic configuration guideline, the joint CISA & NSA report also details basic mitigations that companies and government agencies can implement to prevent or limit the severity of a Kubernetes breach. These include:

Scan containers and Pods for vulnerabilities or misconfigurations. Run containers and Pods with the least privileges possible.  Use network separation to control the amount of damage a compromise can cause.  Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality.  Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.

The full joint CISA & NSA advisory is available as a PDF download here.

The post NSA, CISA publish Kubernetes hardening guide appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] NSA watchdog opens investigation into Carlson spying claims

The NSA’s inspector general announced on Tuesday that it has opened an investigation into Tucker Carlson’s allegations that the spy agency targeted his communications. The watchdog office is “examining NSA’s compliance with applicable legal authorities and Agency policies and procedures regarding collection, analysis, reporting, and dissemination activities, including unmasking procedures, and whether any such actions […]

Read More

[SecurityWeek] Window of Exposure is Expanding and Hackers Know Exactly Where to Strike

All posts, Security Week

For the last 15 years, researchers have produced an annual State of Application Security report. But in the last 18 pandemic driven months, they told SecurityWeek, “the world has turned on its head.” Both application development and use, and subsequent software compromises have grown dramatically. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SANS ISC] Who is Probing the Internet for Research Purposes?, (Sat, May 8th)

All posts

Shodan[1] is one of the most familiar site for research on what is on the internet. In Oct 2020 I did a diary on Censys [2][3], another site collecting similar information like Shodan. The next two sites are regularly scanning the internet for data which isn’t shared with the security community at large. Net Systems […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.