How to Scale End-to-End Observability in AWS Environments

NSA, CISA Releases Kubernetes Hardening Guidance

The Technical guidance outline is the result of a collaborative measure of both government agencies to drastically mitigate risks and threat action

Aug. 12, 2021, 8:58 a.m.

TL;DR

The National Security Agency (NSA), together with the Certified Information Systems Auditor (CISA), on August 3, 2021, published a technical report centred on Kubernetes. The report provides critical education on Kubernetes threats and configuration countermeasures.

Kubernetes is a big money department for threat actors and threat theaters, be it private or government

Key Facts

1
There are three basic occasions that place Kubernetes in the threat radar.
2
Mitigation of misconfigurations, a valuable topic, was detailed in the report.
3
The report also makes emphasis on public supply chain risks.

Details

Kubernetes, according to Kubernetes.io, is a portable, extensible, automated, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.

Docker took the cloud world by storm in 2013, since then, it's been containers first. Developers embraced containers to create and deploy applications. In the following year, Google picked up the pace and delivered K8s on the same foundation that Docker placed. Containerized applications have been making headlines.

The Big guns in information technology, though having self-engineered Kubernetes counterparts, have embraced Kubernetes. Their flagship offerings were built on K8s, OpenShift representing IBM's Red Hat, Tanzu and Canonical representing VMware, Digital Ocean, etc.

Due to its wide ecosystem and high adoption numbers amongst its counterparts, it would come as quite a surprise if there wasn't heightened threat activity around it. However, no surprises here, there's an outlandish level of cyber threat. Hackers are always looking to exploit misconfigurations, defaulting control planes, etc delivering all forms of cyberattacks using Kubernetes clusters. It could be ransomware now, and crypto jacking a second later. Kubernetes is a big money department for threat actors and threat theaters, be it private or government. Data theft, denial of service, and computational power theft are the three common reasons why Kubernetes is targeted. Data theft leads the charge in detrimentality, computational power theft weighs quite less, it could be utilizing Kubernetes for purposes like crypto mining.

The contents of Kubernetes Hardening Guidance are adequately suggested by the title. It provides comprehensive guidelines to harden Kubernetes systems, leveraging information harnessed from past events to provide solutions to high penetration index. Standard cyber hygiene, such as deploying patches, updates, and upgrades to minimize risk, is also important. Vulnerability scans are also recommended to ensure that fixes have been deployed. The 52-page report covers Kubernetes clusters, the control plane, worker nodes (for running cluster-wide containerized programs), and pods (for containers hosted on these nodes). Scanning containers and Pods for vulnerabilities and misconfigurations, operating containers and Pods with the fewest rights feasible, and utilizing network separation, firewalls, strong authentication, and log audits are among the most important steps.

The security agencies also recommend the use of firewalls to control network connectivity and employ strong authentication and authorization to drastically reduce administrator access. They can also employ log auditing to allow managers to monitor activity and receive alerts for potentially malicious conduct, as well as evaluate Kubernetes settings and run vulnerability scans on a regular basis to ensure risks are addressed, and security fixes are issued.