Security threats with Kubernetes - Igor Khoroshchenko
0 likes379 views
The document discusses various security threats associated with Kubernetes, emphasizing the shared responsibility in securing cloud environments and the need for automation in threat detection. It covers actionable recommendations for improving Kubernetes security, such as restricting access and implementing monitoring tools. Additionally, it highlights the importance of community contributions and resources available for enhancing container security.
Security threats with Kubernetes - Igor Khoroshchenko
- 1. Knock knock: Security threats with Kubernetes
- 2. Click to edit text Whoami Igor Khoroshchenko Security Researcher/SecOps @UnderDefense Active contributor in OWASP Ukraine, OWASP Lviv, DC38032, CSA Ukraine Find and talk with me about: Cloud Security Threat Intelligence Future threats Security automation What You Think You Look Like What You Actually Look Like
- 5. Spoilers: good vs. evil balance False negatives False positives Source Confidence Constantly changing world Human errors Automation
- 6. Exposed environments: out of the box Kubernetes
- 7. Exposed environments 95% AWS hosted
- 8. Threat hunting: Kubernetes scans - THE “GOOD” IP: 198.x.0.x.130 Domain name: censys*.shodan.io More than 10 companies
- 9. Threat hunting: Kubernetes scans - THE “WDF” IP: 54.x.6.x.2 Domain name: ec2-x-x-x-2.us-west-2. compute.amazonaws.com More than 30 actors
- 10. Better way to monitor activities: Honeypots 30 70 Up to 80 connections per day
- 11. Cloud compromised services 13 - BruCON 0x0A - All Your Cloud Are Belong To Us – Hunting Compromise in Azure - Nate Warfield Azure insides ● 46% of images on Azure expose ports by default ● 2.1 million exposed ports on Azure
- 12. MongoDB Ransomware case 5 days to appear at Shodan and other public search engines 17 seconds to wipe and write a message with BTC wallet
- 14. How to handle: Automation is a requirement when you promise proactive security
- 15. Latest threat bulletins: Kubernetes Fixed in Docker - 18.09.2 It took 4 days to fix it in AWS
- 16. Compute abuse/Nefarious use: Cryptojacking 011 “Sponsored” by: WAVE1 WAVE3 WAVE2 Half-year
- 17. Tripwire State of Container Security Report 2019
- 18. Kubernetes security 1. Restrict access to kubectl 2. Use RBAC 3. Use a network policy 4. Protect dashboard 5. Disable account token 6. Use pod security policy 7. Restrict access to Cloud Metadata 8. Services mesh - Istio 9. Security audit/monitoring - K8Guard, KubeATF, KubeAudit 10. Commercial Security solutions - NeuVector/TwistLock
- 19. Kubernetes security hardening roadmap
- 21. Mitigate the lack of experience with money =)community And tools in da hause
- 22. Enterprise Kubernetes security AquaSecurity
- 24. Complexity of being secure with container environments
- 26. DevOps aligned with Security
- 29. Operational fails: where is the balance between Security and common sense Upgrading etcd
- 30. Thanks/References Brad Geesaman, Symantec Hacking and hardening Kubernetes V2 Gunjan Patel of Palo Alto Networks - Container Security Best Practices Aquasecurity and Michael Cherny, Hashicorp and Cloud Native Complete Guide to Container Security Secure by Defaults Google Cloud Next 18’ - Kubernetes for Enterprise Security Requirements Stanislav Kolenkin - Kubernetes Security Vadym Opryshko - Security assessment 101
- 31. Bug Bounties as additional maturity step
- 32. Do the numbers look real now?
- 33. Q&A and contacts t.me/ELV8E [email protected] Slides: https://bit.ly/2UfREW3 t.me/DC38032 t.me/owaspua Kyiv based: t.me/DC8044