NSA & CISA Releases Guidance on Hardening Security and Running Kubernetes Systems

Kubernetes is a well-known open-source cloud tool for deploying and running containerized applications. Lately, there were a number of security breaches that allowed hackers to get access to badly secured Kubernetes accounts to steal sensitive information, release cryptocurrency miners, and carry out denial-of-service attacks.

This August, security researchers found out cyber actors are targeting Kubernetes clusters while taking advantage of misconfigured permissions for the web-facing dashboard of Argo Workflows instances. The attacks harnessed the computing power of Kubernetes environments for mining cryptocurrencies. In a different attack, a Kubernetes API Server vulnerability was being taken advantage of to steal sensitive information.

In view of these attacks, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released a 52-page technical resource that includes comprehensive guidance on how to properly create and run Kubernetes environments to make it more difficult for hackers to compromise these environments.

The report consists of specifics of the most popular threats to Kubernetes systems, such as supply chain attacks, insider threats and malicious external cyber actors. Enhancing defenses against supply chain attacks is a big concern. These can happen in the infrastructure acquisition or container build cycle. Vulnerabilities and wrong configurations of the Kubernetes system for instance the worker nodes, control plane, and containerized apps are frequently taken advantage of, while insiders having high-level privileges could very easily abuse their privileges to perform an array of attacks.

There are various ways that hackers obtain access to Kubernetes systems, and though it isn’t possible to get rid of the risk completely, by creating Kubernetes appropriately, averting typical misconfigurations, and employing mitigations, security could be considerably fortified. Carrying out proper access controls and restricting privileges could significantly minimize the risk through insider threats.

The most typical way that hackers get access to Kubernetes is through taking advantage of vulnerabilities and wrong configurations. It is consequently critical for security teams to scan their Kubernetes containers and pods to find vulnerabilities and wrong configurations and make sure they are fixed, or mitigations are enforced. Routine reviews of Kubernetes settings and standard vulnerability scans ought to be done.

The NSA and CISA additionally advise operating pods and containers with the minimum privileges and utilizing network isolation, firewalls, solid authentication, and record auditing. It is furthermore essential to remain on top of updates, patching, and upgrades to make sure the Kubernetes system stays protected.

The guidance consists of specific instructions on Kubernetes pod security, authentication and authorization, network isolation and hardening, record auditing, and points out recommendations for application safety.

The Kubernetes Hardening Guidance is available for download here.