Photo by Joseph Barrientos on Unsplash
Kubernetes has been widely adopted due to its flexibility and lack of fragmentation. The fact that Kubernetes orchestrates more than three-quarters of containerized applications proves that people indeed love Kubernetes. As a result, Kubernetes is becoming one of the most crucial parts of the ecosystem of most IT organizations.
While Kubernetes is widely applicable, it also introduces new attack surfaces as it is often misconfigured. According to a research report by Trend Micro, TeamTNT conducted a targeted attack on Kubernetes and managed to compromise nearly 50,000 IP addresses. In this paper, we will go through several steps and methods to conduct a Kubernetes security assessment.
1. Securing Kubernetes Hosts
Kubernetes provides various options for deploying Kubernetes on your infrastructure: on-premise, on bare metal, on the public cloud. Kubernetes was designed to be highly portable and to facilitate multiple configurations and changes. While this flexibility is helpful in certain scenarios, it also introduces various possible attack vectors. To make sure that all the hosts you run on Kubernetes are secure, ensure the operating systems (OS) are secured by installing their latest versions, implementing OS hardening, and implementing patch management and essential firewall rules.
2. Kubernetes Version Control
The open source community is constantly coming up with new features and bug fixes for Kubernetes in newer versions. So, it becomes arduous to keep track of all versions and potential attack vectors. The best way to prevent most attacks is to always keep the Kubernetes version updated to the latest version available.
3. Kubernetes Components
As Kubernetes is a labyrinth of various features and numerous configurations, it is critical to make sure all components of Kubernetes are secure.
4. Sensitive Ports
Kubernetes typically listens on a variety of ports. If you leave Kubernetes with its default configurations, it is easy for attackers to identify which port is running what service and attack them. Thus, it is critical to configure authentication and authorization on the main cluster and the cluster nodes.
To ensure that ports on your nodes are configured correctly, it is critical to follow K8s best practices. Ideally, in Kubernetes security assessment, the auditor should test if sensitive ports are left with their default configurations and if authentication and authorization on the main cluster is well configured or not.
5. Direct Access to Kubernetes API
Kubernetes API is one of the most critical components of any Kubernetes infrastructure. The whole Kubernetes platform can be controlled using various API requests, so if the API is compromised, it could compromise the entire platform. Therefore, it is important to control access to the Kubernetes API. More instructions on controlling access can be found in the documentation.
6. Test Direct SSH Access to Kubernetes Nodes
If enabled, SSH (secure shell) introduces additional attack surfaces for attackers to exploit. Therefore, in security assessment, it should be tested whether direct SSH access to Kubernetes nodes is possible or not.
To reduce the risk of attackers performing brute force attacks or SSH exploits, SSH should be disabled, and users should use "kubectl exec" instead to get direct access to the Kubernetes container.
7. Test if TLS (Transport Layer Security) Is Implemented
In most cases, system administrators do not implement TLS even though communications in the cluster between services should be handled using TLS while encrypting all traffic by default. If TLS is not configured, attackers in the network can sniff for packets and capture sensitive communications between services. So, Kubernetes expects every API call and communication in the cluster to be encrypted with TLS.
By default, most Kubernetes installation methods provide users with the option to install and create necessary certificates and distribute them to the cluster components to implement TLS. More details about how TLS can be used in a Kubernetes cluster can be found in the documentation.
8. Kubernetes Dashboard
In addition to the command line and API, Kubernetes allows users to manage clusters with a Kubernetes web app called Kubernetes Dashboard. While it is not installed by default, it can be installed by system administrators of the cluster.
Generally, most installations consist of creating a service account with high privileges. Unfortunately, this can result in a poorly configured Kubernetes Dashboard with the possibility of getting hacked. Even big companies like Tesla are not exempt from making this mistake. In 2018, Tesla's Kubernetes resources got hacked to run crypto-mining malware.
To configure Kubernetes Dashboard properly, make sure that dashboards are not exposed to the public without proper authentication. It should not be possible to access the dashboard from outside the LAN. You can also limit the number of service accounts with RBAC. Additionally, make sure the service account of the dashboard is not given high privileges. Finally, deploy authenticating reverse proxy on the dashboard and enable multi-factor authentication.
Conclusion
As your Kubernetes infrastructure deals with vast amounts of computing resources, it is critical to protect those resources from attackers. The best way to prevent attackers from gaining unauthorized access to your Kubernetes infrastructure is to conduct regular manual security pentests and automated assessments with tools such as kubescape.
Top comments (0)