Top Threats

NSA CISA CTR_Kubernetes_Hardening_Guidance_1.1

  • 1.  NSA CISA CTR_Kubernetes_Hardening_Guidance_1.1

    Posted Mar 15, 2022 09:23:00 AM
      |   view attached
    Hi All,

    The NSA and CISA just released CTR_Kubernetes_Hardening_Guidance_1.1

    This guide describes the security challenges associated with setting up and securing a
    Kubernetes cluster. It includes strategies for system administrators and developers of
    National Security Systems, helping them avoid common misconfigurations and
    implement recommended hardening measures and mitigations when deploying
    Kubernetes. This guide details the following mitigations:
     Scan containers and Pods for vulnerabilities or misconfigurations.
     Run containers and Pods with the least privileges possible.
     Use network separation to control the amount of damage a compromise can
     Use firewalls to limit unneeded network connectivity and use encryption to
    protect confidentiality.
     Use strong authentication and authorization to limit user and administrator
    access as well as to limit the attack surface.
     Capture and monitor audit logs so that administrators can be alerted to potential
    malicious activity.
     Periodically review all Kubernetes settings and use vulnerability scans to ensure
    risks are appropriately accounted for and security patches are applied.

    Michael Roza CPA, CISA, CIA, MBA, Exec MBA