Kubernetes helps the enterprises to automate their application deployment for the business benefits. Now-a-days Kubernetes security can be considered as a critical component for all deployments because the new deployments might be vulnerable to attacks and exploits from hackers or insiders. Different kind of attacks will be launched against new container based virtualized environments. (in both private and public clouds.)
Kubernetes is an open source tool that automates the deployment, and for the management of containerized applications. All major container management and cloud platforms such as Red Hat OpenShift, Docker EE, Rancher, IBM Cloud, AWS EKS, Azure, SUSE CaaS, and Google Cloud are supported by Kubernetes.
Here are some of the key things to know about Kubernetes:
How Kubernetes Works
The basic idea of Kubernetes networking is that every pod has its own routable IP address and its network plug-in takes care of routing all requests internally between hosts to its corresponding pod. External access to Kubernetes pods can be provided through a service, load balancer, or ingress controller, which Kubernetes routes to the appropriate pod.
Using network overlay and load balancing, Pods communicate with each other. DNAT takes place to get the connections to the appropriate pod. Packets may be encapsulated with appropriate headers to get them to the appropriate destination. it is very difficult to monitor network traffic with the overlay networking which being dynamically handled by Kubernetes.
The dynamic nature of containers creates some Kubernetes security challenges.They are:
Kubernetes Vulnerabilities and Attack Vectors
Attacks on Kubernetes containers running in pods can originate externally through the network or internally by insiders. Some examples are:
‘Kill Chain’ Attacks
To achieve the attacker’s goal, the attacker involve a series of malicious activities which results in most damaging attacks . These events can occur dramatically, within a span of seconds, or can be spread out over days, weeks or even months. Different resources needs to be used in multiple layers of security monitoring to Detect kill chain events. The most critical vectors to monitor includes:
Attacks on the Kubernetes Infrastructure Itself
Attackers can attempt to compromise Kubernetes resources like API Server or Kubelets to disable or disrupt applications or to gain access to the underlying resources used to run containers. There are some published privilege escalation mechanisms in Kubernetes, via the Kubelet, access to etcd or service tokens. This can enable an attacker to gain cluster admin privilege rights from a compromised container.
Pre-Deployment Kubernetes Security Steps
It is recommended to lock down the Kubernetes worker nodes, before deploying any application containers. Some effective steps to lock down the hosts are:
Real-Time & Run-Time Kubernetes Security
The three critical security vectors for protecting running containers in production are network filtering, container inspection, and host security.
Inspect and Secure the Network
Container Firewall feature provides a possibility to control the nodes availability both from inside and outside of the Platform. It analyzes various parameters like incoming request source, protocol, target node port and so on to flexibly manage access to the containers through necessary connection rules. Different approaches to secure a container network with a firewall are:
If the Kubernetes worker node on which containers run is compromised, it is difficult to predict the after effect, all kinds negative things can happen. These include:
The host system are needed to be monitored for these kind of suspicious activities.. Together, the combination of network inspection, container inspection, and host security offer the best way to detect a kill chain from several vectors.
Attacks utilize privilege escalations and malicious processes to carry out an attack or spread it. Exploits in the Linux kernel, packages, libraries or applications can result in suspicious activity within a container.
The critical element of container security is inspecting all the container processes and file system activity to detect the suspicious behavior. Suspicious processes such as port scanning and reverse shells, or privilege escalations should all be detected. There are combination of built-in detection as well as a baseline behavioral learning process which can identify unusual processes.
The applications with containers which are designed with microservices principles can detect the suspicious processes and file system activity more easier and will be more accurate.
Securing the Kubernetes System and Resources
If not protected, orchestration tools like Kubernetes and the management platforms can be vulnerable to attacks. These expose a new attack surface for container deployments and thus will be attempted to be exploited by hackers.
It is critical to properly setup the RBACs for system resources to protect Kubernetes and management platforms . The areas to configure properly to have the access controls are:
It is recommended to track access to infrastructure services to detect unauthorized connection attempts and potential attacks using the monitoring tools. Real-time, policy based monitoring of the containers, hosts, network and system resources would have detected suspicious processes as well as unauthorized external connections.
Auditing and Compliance for Kubernetes Environments
Kubernetes, enterprises are getting constantly updating, upgrading, and migrating the container environment. Running a set of security tests designed for Kubernetes environments will ensure that security does not regress with each change. As more enterprises migrate to containers, the changes in the infrastructure, tools, and topology may require re-certification for compliance standards like PCI.
Already we have a comprehensive set of Kubernetes security and Docker security health checks through the CIS Benchmarks for Kubernetes and the Docker Bench tests and confirms expected results are automated. These test focus on the below areas:
Vulnerability scanning of containers in production is a core component for preventing known exploits to achieve compliance. However, it is not enough to provide the multiple vectors of security needed to protect runtime container deployments.