The NSA and CISA update their advice to help hardened Kubernetes clusters against attack.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published updated guidance about how to harden Kubernetes for managing container applications. Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers. The updated guidance refreshes the two agencies’ first Cybersecurity Technical Report regarding Kubernetes hardening guidance from August 2021. CISA says the update contains additional details and explanations based on feedback from industry, including more detailed info on logging and threat detection in addition to other clarifications. Some of the updates are subtle but important for those who protect Kubernetes clusters. NSA and CISA do not list what the changes are in the updated guidance, but the initial recommendations weren’t met with universal approval. For example NCC Group noted that advice about Kubernetes authentication was «largely incorrect when it states that Kubernetes does not provide an authentication method by default», whereas most customer implementations NCCGroup had reviewed «support both token and certification authentication, both of which are supported natively.» NCCGroup advised against both for production loads because Kubernetes does not support certificate revocation, which can be a problem if an attacker has gained access to a certificate issued to privileged accounts. The updated guidance now says that «several user authentication mechanisms are supported but not enabled by default.
