The National Security Agency (NSA from the National Security Agency) and the Cyber Security Agencybetter safetyand Infrastructure Security Agency (CISA from the Cybersecurity and Infrastructure Security Agency) today published a Cybersecurity Technical Report. It is called "Kubernetes Hardening Guidance”(Download the PDF).
The publication describes in detail the threats to Kubernetes environments and provides configuration instructions to minimize the risk.
Kubernetes is an open source system that automates the development, scaling, and management of applications running on containers. Kubernetes clusters are often hosted in a cloud environment and provide additional flexibility compared to traditional software platforms.
Τα Kubernetes γίνονται στόχος επιθέσεων συνήθως για τρεις λόγους: για την κλοπή δεδομένων, την κλοπή υπολογιστικής ισχύος ή την χρήση τουσε σε attacks denial of service. Data theft is traditionally the primary motivation of attackers. However, malicious users may attempt to use Kubernetes to leverage a network's underlying infrastructure for computing power to mine cryptocurrencies.
Η έκθεση περιγράφει λεπτομερώς πως μπορείτε να ασφαλίσετε συστήματα Kubernetes. Οι κύριες ενέργειες περιλαμβάνουν τη σάρωση containers και Pods για ευπάθειες ή εσφαλμένες ρυθμίσεις, implementation container και Pods με ελάχιστα προνόμια και χρήση διαχωρισμού δικτύου, τείχη προστασίας, ισχυρό έλεγχο identity and logging control.
To ensure application security, system administrators should follow the guidelines in the Technical Report and update their systems to minimize risk. NSA and CISA also recommend periodic Kubernetes configuration reviews and vulnerability scans to ensure patches are applied security.
The NSA and CISA guidelines focus on security challenges and advise system administrators to "harden" their environment where possible. The NSA has released this guide in support of the Department of Defense, the Industrial Defense Base, and the National Security Systems.
Of course, to "fix" her profile a bit, since everyone from Snowden onwards knows what work she does as a service.