Application Containers & Microservices

Hi All,

NSA and CISA just published The Cybersecurity Technical Report - Kubernetes Hardening Guide 

This guide describes the security challenges of setting up and securing a Kubernetes cluster. It includes strategies for system administrators and developers of National Security Systems, helping them avoid common misconfigurations and implementing recommended hardening measures and mitigations when deploying Kubernetes.

This guide details the following mitigations:
 Scan containers and Pods for vulnerabilities or misconfigurations.
 Run containers and Pods with the least privileges possible.
 Use network separation to control the amount of damage a compromise can cause.
 Use firewalls to limit unneeded network connectivity and use encryption to protect confidentiality.
 Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
 Capture and monitor audit logs so that administrators can be alerted to potential malicious activity.
 Periodically review all Kubernetes settings and use vulnerability scans to ensure risks are appropriately accounted for, and security patches are applied.


------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

Original Message:
Sent: 8/29/2022 10:17:00 AM
From: Michael Roza
Subject: NSA CISA - Cybersecurity Technical Report - Kubernetes Hardening Guide

Hi All,

NSA and CISA just published The Cybersecurity Technical Report - Kubernetes Hardening Guide 

This guide describes the security challenges of setting up and securing a Kubernetes cluster. It includes strategies for system administrators and developers of National Security Systems, helping them avoid common misconfigurations and implementing recommended hardening measures and mitigations when deploying Kubernetes.

This guide details the following mitigations:
 Scan containers and Pods for vulnerabilities or misconfigurations.
 Run containers and Pods with the least privileges possible.
 Use network separation to control the amount of damage a compromise can cause.
 Use firewalls to limit unneeded network connectivity and use encryption to protect confidentiality.
 Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
 Capture and monitor audit logs so that administrators can be alerted to potential malicious activity.
 Periodically review all Kubernetes settings and use vulnerability scans to ensure risks are appropriately accounted for, and security patches are applied.


------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

Thanks for sharing. This is really helpful.

------------------------------
Shaheen Abdul Jabbar
Asst. Director
Santander US
------------------------------

Original Message:
Sent: Aug 29, 2022 07:17:12 AM
From: Michael Roza
Subject: NSA CISA - Cybersecurity Technical Report - Kubernetes Hardening Guide

Hi All,

NSA and CISA just published The Cybersecurity Technical Report - Kubernetes Hardening Guide 

This guide describes the security challenges of setting up and securing a Kubernetes cluster. It includes strategies for system administrators and developers of National Security Systems, helping them avoid common misconfigurations and implementing recommended hardening measures and mitigations when deploying Kubernetes.

This guide details the following mitigations:
 Scan containers and Pods for vulnerabilities or misconfigurations.
 Run containers and Pods with the least privileges possible.
 Use network separation to control the amount of damage a compromise can cause.
 Use firewalls to limit unneeded network connectivity and use encryption to protect confidentiality.
 Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
 Capture and monitor audit logs so that administrators can be alerted to potential malicious activity.
 Periodically review all Kubernetes settings and use vulnerability scans to ensure risks are appropriately accounted for, and security patches are applied.


------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

Original Message:
Sent: 8/31/2022 10:31:00 AM
From: Shaheen Abdul Jabbar
Subject: RE: NSA CISA - Cybersecurity Technical Report - Kubernetes Hardening Guide

Thanks for sharing. This is really helpful.

------------------------------
Shaheen Abdul Jabbar
Asst. Director
Santander US
------------------------------

Original Message:
Sent: Aug 29, 2022 07:17:12 AM
From: Michael Roza
Subject: NSA CISA - Cybersecurity Technical Report - Kubernetes Hardening Guide

Hi All,

NSA and CISA just published The Cybersecurity Technical Report - Kubernetes Hardening Guide 

This guide describes the security challenges of setting up and securing a Kubernetes cluster. It includes strategies for system administrators and developers of National Security Systems, helping them avoid common misconfigurations and implementing recommended hardening measures and mitigations when deploying Kubernetes.

This guide details the following mitigations:
 Scan containers and Pods for vulnerabilities or misconfigurations.
 Run containers and Pods with the least privileges possible.
 Use network separation to control the amount of damage a compromise can cause.
 Use firewalls to limit unneeded network connectivity and use encryption to protect confidentiality.
 Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
 Capture and monitor audit logs so that administrators can be alerted to potential malicious activity.
 Periodically review all Kubernetes settings and use vulnerability scans to ensure risks are appropriately accounted for, and security patches are applied.


------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------