US CISA and NSA publish guidance to secure Kubernetes deployments

US CISA and NSA released new guidance that provides recommendations on how to harden Kubernetes deployments and minimize the risk of hack.

US CISA and NSA released new guidance that provides recommendations to harden Kubernetes deployments.

Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. In recent months the number of cyberattacks against misconfigured Kybernetes systems has surged, threat actors mainly used the to illegally mine cryptocurrencies.

The guidance details the security challenges associated with setting up and securing a Kubernetes cluster. The advisory also includes recommendations to harden the installs and to properly configure them.

It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations.

Below is the list of mitigations provided by the US agencies:

• Scan containers and Pods for vulnerabilities or misconfigurations.
• Run containers and Pods with the least privileges possible.
• Use network separation to control the amount of damage a compromise can cause.
• Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality.
• Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
• Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.
• Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.

The guidance states that the three common sources of compromise in Kubernetes are supply chain risks, malicious threat actors, and insider threats.

“Supply chain risks are often challenging to mitigate and can arise in the container build cycle or infrastructure acquisition. Malicious threat actors can exploit vulnerabilities and misconfigurations in components of the Kubernetes architecture, such as the control plane, worker nodes, or containerized applications. Insider threats can be administrators, users, or cloud service providers. Insiders with special access to an organization’s Kubernetes infrastructure may be able to abuse these privileges.” states the guidance.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, LockBit 2.0)

[adrotate banner=”5″]

[adrotate banner=”13″]