The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published a comprehensive technical report to help administrators harden their Kubernetes instances.
The report comes in the backdrop of an increase in the number of attacks that exploit the complexities in securing Kubernetes deployments. NSA argues that Kubernetes is commonly targeted either for data theft, computational power theft, or denial of service.
“This guidance describes the security challenges associated with setting up and securing a Kubernetes cluster. It includes hardening strategies to avoid common misconfigurations and guide system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations,” reads the document summarizing its intentions.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Over fifty pages long, the report analyzes the container build workflows orchestrated by Kubernetes, and discusses the security policies that admins should implement to ward off any attackers.
Batten down the hatches
The NSA argues that the three common sources of compromise in Kubernetes are supply chain risks, malicious threat actors, and insider threats.
Irrespective of the attack vector though, the NSA suggests various mechanisms to set up and secure a Kubernetes cluster.
In a snap, they suggest scanning the containers and pods for vulnerabilities or misconfigurations, while recommending administrators run containers and pods with the least possible privileges.
Additionally, the document also suggests implementing strict network policies to separate resources in order to prevent the lateral movement of threat actors in the event a cluster is compromised.
NSA cites data theft as the primary motivation of compromising Kubernetes clusters, although it acknowledges that threat actors might also seek to harness its underlying computational power for malicious purposes such as cryptomining.