Hi All,
The NSA and CISA just released
CTR_Kubernetes_Hardening_Guidance_1.1
This guide describes the security challenges associated with setting up and securing a
Kubernetes cluster. It includes strategies for system administrators and developers of
National Security Systems, helping them avoid common misconfigurations and
implement recommended hardening measures and mitigations when deploying
Kubernetes. This guide details the following mitigations:
Scan containers and Pods for vulnerabilities or misconfigurations.
Run containers and Pods with the least privileges possible.
Use network separation to control the amount of damage a compromise can
cause.
Use firewalls to limit unneeded network connectivity and use encryption to
protect confidentiality.
Use strong authentication and authorization to limit user and administrator
access as well as to limit the attack surface.
Capture and monitor audit logs so that administrators can be alerted to potential
malicious activity.
Periodically review all Kubernetes settings and use vulnerability scans to ensure
risks are appropriately accounted for and security patches are applied.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------