New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments.
An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments. Improperly configured Kybernetes systems, however, may expose the applications to various types of attacks, including data theft, cryptomining, and denial-of-service (DoS) attacks.
Kubernetes systems are mainly compromised through the supply chain, by malicious threat actors, or insider threats, the new CISA and NSA advisory titled Kubernetes Hardening Guidance notes.
The advisory details the security challenges associated with deploying and securing Kubernetes clusters, while also sharing hardening strategies that administrators and developers can apply to avoid common misconfigurations and improve the security of their deployments.
Aimed at Department of Defense, Defense Industrial Base, and National Security Systems employees, the guidance is applicable in the private sector as well.
Recommended mitigations, the two agencies say, include scanning containers and Pods for vulnerabilities, running them with the least privileges possible, using network separation, deploying firewalls and encryption, employing strong authentication and authorization to limit the attack surface, auditing logs to identify suspicious activity, and periodically reviewing settings to identify risks.
CISA and NSA recommend that administrators follow the provided guidance and keep their systems updated at all times, to further minimize risks. Periodically performing settings and vulnerability scans should also help identify and mitigate risks.
Related: Threat Actors Target Kubernetes Clusters via Argo Workflows
Related: Kubeflow Deployments Targeted in New Crypto-mining Campaign