NSA & CISA Publish Kubernetes Security GuidanceNSA & CISA Publish Kubernetes Security Guidance
Kubernetes is frequently targeted for data theft, computational power theft, or denial of service, the agencies say in a joint advisory.
August 4, 2021
The National Security Agency (NSA) and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) this week published a report detailing the threats to Kubernetes environments, along with configuration guidance to help organizations minimize their risk.
Kubernetes, an open source system that automates the deployment and management of applications run in containers, is often targeted for three reasons, officials state in an advisory. These include data theft, computational power theft, or denial of service. While data theft has historically been the primary motivation, attackers may try to use Kubernetes as a means of accessing computational power for things like cryptocurrency mining.
The agencies' full report discusses the security challenges related to setting up and securing a Kubernetes cluster, as well as hardening strategies that organizations can use to avoid misconfigurations. Officials note three common sources of compromise in Kubernetes: supply chain risks, malicious attackers, and insider threats.
Their report advises organizations to scan containers and pods for vulnerabilities or misconfigurations, run containers and pods with the least amount of privileges possible, use network separation to control the amount of damage an intrusion can cause, and use strong authentication and authorization to limit user and admin access, and limit the attack surface.
"To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk," officials say. "NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied."
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
How to Deploy Zero Trust for Remote Workforce Security
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment