Keep Hackers Out of Your Cluster with These 5 Simp... Christophe Tafani-Dereeper & Frederic Baguelin
HTML-код
- Опубликовано: 20 мар 2024
- Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at kubecon.io
Keep Hackers Out of Your Cluster with These 5 Simple Tricks - Christophe Tafani-Dereeper & Frederic Baguelin, Datadog
Many options are available to increase the security posture of a Kubernetes cluster. But which ones to prioritize, and why? In this talk, we take a data-based and threat-informed approach to prioritizing security investments. We start by describing the attacks we've seen over the past year on a network of Docker and Kubernetes honeypots we've deployed publicly-facing on the internet, mimicking the Docker API, Kubernetes API server, and Kubelet API to catch what attackers are doing in the wild. Then, we review several high-profile container escape vulnerabilities and how they've been exploited in the wild. Based on this, we list the most common ways attackers attempt to deploy malicious workloads, backdoor a cluster, or escape containers-and what are the most effective and "bang for your buck" security mechanisms that you can implement in your own cluster. Наука
Great session!
02:23 Threat modeling (managed) Kubernetes clusters
23:02 Get the control plane basics right
24:32 Block the cloud metadata service from workloads
26:10 Understand cloud privileges of your workloads; 26:38 mkat
27:09 Be intentional about what can run in your cluster
28:30 Application security matters
29:18 Advanced techniques; 31:16 kubehound
Why this caution? Because threat intelligence may be incomplete?
7:35 Threat intelligence should (only) drive prioritization