The National Security Agency (NSA from the National Security Agency) and the Cybersecurity and Infrastructure Security Agency (CISA) today released a Cyber Security Technical Report. It is called "Kubernetes Hardening Guidance”(Download the PDF).
The publication describes in detail the threats to Kubernetes environments and provides configuration instructions to minimize the risk.
Kubernetes is an open source system that automates deployment, scaling and management applications running in containers. Kubernetes clusters are often hosted in a cloud environment and provide additional flexibility compared to traditional software platforms.
Kubernetes are typically targeted for three reasons: to steal data, steal computing power, or use them in denial of service attacks. Data theft is traditionally the primary motivation of attackers. However, maliciousι users they may attempt to use Kubernetes to leverage a network's underlying infrastructure for computing power to mine cryptocurrencies.
Η report describes in detail how you can secure Kubernetes systems. Key actions include scanning containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with minimal privileges, and using network separation, firewalls, strong authentication, and logging.
To ensure application security, system administrators should follow the instructions in the Technical Report and update their systems to minimize the risk. The NSA and CISA also recommend periodic revisions of Kubernetes settings and vulnerability scans to ensure that security fixes are applied.
The NSA and CISA guidelines focus on security challenges and recommend that system administrators "harden" their environments wherever possible. The NSA has released this guide to support it Ministryof Defense, the Industrial Defense Base and the National Security Systems.
Of course, to "fix" her profile a bit, since everyone from Snowden onwards knows what work she does as a service.
