Application security is one of the most exciting cybersecurity sub-fields and keeps evolving year after year. It is a massive field covering everything from Web Application Firewalls (WAF) to source code reviews, code pipelines, static and dynamic testing, and on and on.
One of the critical ways application design has evolved these past couple of years has been the introduction of microservices and containers. If you are unaware, microservices are a software design principle in which an application is broken down into loosely coupled, independent services. This enables large complex applications to be broken down into small manageable services that can be changed or stopped without impacting the application. Another significant change was the introduction of containers that allowed modern applications to be smoothly moved between environments along with their dependencies. Everything you need to run the application, i.e., code, runtime, libraries, dependencies, etc., is present within the container.
Modern applications today can be built on hundreds of microservices running on hundreds of containers which can become a nightmare to manage in a fast-moving cloud environment.
This is where Kubernetes comes in
If you are looking for a solution that allows you to deploy microservices/containers securely and at scale, then Kubernetes is the first thing that comes into everyone’s mind.
But what is it?
Kubernetes is an open-source platform that automates the management and orchestration of containers. Modern applications need to scale up and down and be updated and monitored seamlessly; this is where Kubernetes shows its value.
It was developed by google, which made it available for general use. While it is not the only solution that can manage contains, it is undoubtedly the most popular with millions of loyal adopters across the globe.
As more and more companies shift towards the cloud and a microservices-based architecture. The importance of Kubernetes will only grow over time.
However, with widespread adoption comes an increased attack surface which is where cybersecurity comes in
Why is securing Kubernetes so important
The security of Kubernetes is a crucial matter, given the importance of the application it protects. A compromise of Kubernetes is a compromise of the entire underlying application and its data/infrastructure. Kubernetes clusters often present a distributed and spread-out attack surface, making them easier to secure if a proper strategy is implemented.
At a high level, Kubernetes consists of a control plane and the nodes or computing machines. These nodes run pods that consist of containers. The control plane can be considered the central and most important part of the Kubernetes deployment and maintains the state or configuration of the Kubernetes deployment.
From a security perspective, Kubernetes presents a unique challenge due to its disconnected architecture and the way its environment dynamically changes. For example, containers are routinely created and destroyed, and pods are transient. With an ever-fluctuating climate, it can become a big challenge to secure.
Kubernetes can be compromised in many ways, a few of which are listed below:
Attackers can compromise the containers and break out to compromise the host system.
Attackers are smart enough not to attack secured cloud infrastructures directly but can poison the well by corrupting container images and using this untrusted code to introduce security issues.
Attackers can effectively exhaust the resources in the Kubernetes cluster, making it unable to service new requests in a Denial of Service (DOS) attack.
Insecure configurations can allow attackers to gain access to the Control Plan, which effectively gives them access to the entire cluster ( similar to gaining access to the Hypervisor in a virtualized environment )
Insecure network controls, such as a lack of encryption, can allow attackers to sniff sensitive configuration data as it travels.
Attackers can gain access to the credentials stored in Kubernetes volumes
As you can see .. with all the benefits of Kubernetes comes many security problems as well.
The way forward
Securing Kubernetes is not a one-time thing, nor can it be done disorganizedly. Cybersecurity professionals should model their Kubernetes clusters to understand the data flow and trust boundaries so that controls can be appropriately structured.
We are going to discuss this in detail in the next part of this series, but at a minimum, cybersecurity professionals should ensure these best practices are being followed:
Containers should be built from a secure source and patched regularly.
Security checks should be built into the code pipeline, and if any container image contains a security flaw, then the pipeline should stop until it is fixed.
Permissions granted to Kubernetes components should be regularly reviewed. Needless to say that no process should be running as root!
Kubernetes security is a journey, not a destination, and in the next part of this series, we will deep dive into HOW to secure a Kubernetes deployment.