Director of Research, Lacework Labs
Last month we had the pleasure of speaking about securing Kubernetes at ACoD 2019. This month I had the opportunity to speak on the same topic at the Denver Information Systems Security Association (ISSA) chapter meetings.
Denver ISSA is a not-for-profit organization with a mission of “Developing and Connecting Denver’s Cybersecurity Leaders.” They hold chapter meetings once a month in Boulder, Downtown Denver, and the Tech Center. The topics of each meeting vary across the spectrum of information security, across industries, and across both technical and non-technical security topics.
On February 12th and 13th I gave an overview of Kubernetes to the group. For the uninitiated, I started off with an overview of The Illustrated Children’s Guide to Kubernetes. This is always a quick and fun way to learn about container orchestration when starting from the beginning. Next, we discussed risks and threats to Kubernetes. I like to break this into two major components:
- Risks and threats associated with major Kubernetes components exposed to the internet (or accessible in some fashion to those who shouldn’t have access).
- Risks and threats associated with container/pod compromise.
Kubernetes security is a complex subject however, I feel breaking it up into these categories helps people digest the major points well and with the right level of context. Lastly, I talked about 10 essentials for securing Kubernetes. These essentials aren’t all part of Kubernetes per se; some involve pre-deployment recommendations and some involve runtime monitoring recommendations. It was great connecting with local security practitioners and hearing how people are running container orchestration systems.
Next up is a session I’ll be hosting as part of BSidesSF at RSAC. On March 4th I’ll be presenting, “All Your Containers are Belong to Us”. In this talk, I will discuss recent research findings on major Kubernetes control-plane components exposed to the internet. Specifically, I will be giving demos on discovering Kubernetes Dashboards, API servers, and etcd clusters. On March 7th, Dan Hubbard will be at RSA Conference moderating the panel “Investigative Journalist Speak Out.” If you are in the area come stop by! To learn more about Lacework, come find us at both #4603.