Kubernetes Enterprise Security

REVIEW

Participation of all stakeholders in advance of a well-planned layout, this is the first step in building a more secure container environment. Today, container is still the mainstream technology application deployment and migration. Industry expert Paul Rubens break it down into several parts understandable - trap, vessel management systems, security and so on.

Participation of all stakeholders in advance of a well-planned layout, this is the first step in building a more secure container environment.

Today, container is still the mainstream technology application deployment and migration. Industry expert Paul Rubens break it down into several parts understandable - trap, vessel management systems, security and so on. So now people have found a more reliable and efficient way to deploy and scale of cross-platform software, but it also provides a way to use these containers for malicious attackers.
In the past few years, although there has been some significant improvements in safety containers and scheduling systems (such as Kubernetes), but also found several major vulnerabilities.
Impressive is, Kubernetes other containers implementation and management tools enable companies to automate all aspects of application deployment, leading to amazing business benefits. On the other hand, with the IT team to deploy Kubernetes increasingly interested in, malicious attackers are increasingly concerned about the damage Kubernetes cluster.
With the growth of Kubernetes adoption and deployment of security risks will increase. It has been widely recognized security experts. The recent spate of attacks in cloud computing and mobile development space, including the interruption, encryption mining, extortion software to steal data of all content.
Of course, these types of deployment and traditional environments as vulnerable to external attackers and malicious insiders have. Therefore, it is important to ensure a large Kubernetes environment has the correct deployment architecture, deployment and use of all these security practices.
With Kubernetes been widely adopted, it became the main goal threat actors. Aqua Security chief technology officer Amir Jerbi said, "With the rapid adoption of Kubernetes rise, people may find that gap not previously noticed, on the other hand due to the higher profile and be more concerned about the network attacker. "
Since 2015, found some critical and significant vulnerabilities, making their security and developers must be careful planning and deployment architecture. Some of the more serious flaw allows any node in the cluster runs Kubernetes full administrator access, which would allow a hacker to inject malicious code, destroy the entire cluster environment or steal sensitive data.

Cluster security

In terms of security cluster, there are several points to consider. Dynamic combination of container brought security challenges in Kubernetes environment. Key issues when considering the safety of the cluster to be considered are:

• Due to the presence of various vulnerability each container, particularly when using the presentation of a container (e.g. Docker and Kubernetes), exploits the surface is utilized.

 

• Something needs to be monitored to increase traffic, especially in the host and cloud computing environments.

 

• Security team to ensure the safety of automation and the changing environment of the container to keep pace.

 

• Kubernetes Pod deployment process and visibility itself, including how they communicate cross.

 

• Something between the container for detecting malicious behavior to the communication means, including detecting exploits within a single container or container.

 

Use the best security practices to access, review / planning and record Kubernetes clusters to better understand internal threats.

Simplify the security process is also very important, so it will not slow down or impede the work of the application / development team. For the entire organization and deployment of a larger vessel, companies need to consider is to ensure the safety approval process to reduce the time. In addition, it is necessary to simplify the process of security alerts, and be able to easily identify the most important attacks. Finally, companies Kubernetes environment requires a network connection and a particular container properly deployed segments.

Enterprise adoption of security risks Kubernetes

As mentioned earlier, with the popularity of these tools, an attacker using these tools increase the risk. Risk tolerance because of certain loopholes the size, complexity and on the environment.
However, it should be noted that the main security risks include:

• Kubernetes environment attacks may be caused by internal or external personnel who initiated, whether intentional or not (usually phishing attacks).

 

• When application vulnerabilities ignored or incorrectly configured, the container may be compromised, allowing participants to enter a threat, and began to seek further access and greater disruption.

 

• Because damaged container and unauthorized access to other connection attempts Pod Pod or other on the same host. Network monitoring and filtering type layer 7 needs to detect and prevent attacks on the trusted IP address.

 

• Theft of data in an enterprise environment, also known as "leakage." This type of attack There are many ways to deploy and hide, and to hide from leaking through the tunnel network.

 

• Kubernetes use of the infrastructure itself, such as Kubelet and API server.

 

Business Process tool compromise allows an attacker to compromise applications, and access other resources required to run the environment.

Good practice security Kubernetes

As the saying goes, "do something, or do not do or try to do." It may not always be so obvious, but when you need to better overall security, enterprises need to deploy has Kubernetes correct concepts and architecture, which is especially important.
Since the function of this arrangement tool enhancements, Kubernetes functionality and deployment become more popular - from the larger integrated Kubernetes for small deployments simple Pod or cross-platform architecture. Of course, complexity and security risks of these deployments as well.
Here are some important tips for Kubernetes deployment best practices:

• You must enforce least privilege. With this type of model is widely used to prevent access, they can better control the attack when the attack occurred. Pod is best to use the built-in security policy to determine and limit the Pod features.

 

• Always deploy strong authentication best practices, and all Kubernetes modules must be authenticated.

 

• Cluster segmentation configuration and deployment manner similar to the previous run of least privilege. Separated from each other using the same infrastructure environments in a virtual cluster is the best practice.

 

• Use a firewall to help prevent the container itself across the network activity when using segmentation.

 

• Events may occur in environmental monitoring, despite the implementation of security best practices. There are specific third-party security tools can prevent the spread of attacks and identify policy violations in an enterprise environment.

 

Definition of operations, development, the roles between the security team. Separation of duties is a best practice, it should be based on clear roles and responsibilities documented.

Things to consider

Whether a company is how much of the project and the environment, whether it is for a particular platform migration Pod or a large single internal cloud deployment has multiple clusters, enterprise development teams and security teams work together is very important in the planning process. This includes determining the appropriate roles and responsibilities and regular communication between all teams. In short, all stakeholders are involved in comprehensive planning, which is the first step in building a more secure container environment.

 

This switched: https://www.linuxprobe.com/kubernetes-enterprise-safety.html