The National Security Agency (NSA) and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) this week published a report detailing the threats to Kubernetes environments, along with configuration guidance to help organizations minimize their risk.
Kubernetes, an open source system that automates the deployment and management of applications run in containers, is often targeted for three reasons, officials state in an advisory. These include data theft, computational power theft, or denial of service. While data theft has historically been the primary motivation, attackers may try to use Kubernetes as a means of accessing computational power for things like cryptocurrency mining.
The agencies' full report discusses the security challenges related to setting up and securing a Kubernetes cluster, as well as hardening strategies that organizations can use to avoid misconfigurations. Officials note three common sources of compromise in Kubernetes: supply chain risks, malicious attackers, and insider threats.
Their report advises organizations to scan containers and pods for vulnerabilities or misconfigurations, run containers and pods with the least amount of privileges possible, use network separation to control the amount of damage an intrusion can cause, and use strong authentication and authorization to limit user and admin access, and limit the attack surface.
"To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk," officials say. "NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied."