Sign up to save your podcasts
Or
Share 2018-039-Ian Coldwater, kubernetes, container security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
2018-039-Ian Coldwater, kubernetes, container security
Ian Coldwater-
@IanColdwater https://www.redteamsecure.com/ *new gig*
So many different moving parts
Plugins
Code
Hardware
She's working on speaking schedule for 2019
How would I use these at home?
https://kubernetes.io/docs/setup/minikube/
Kubernetes - up and running
https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/1491935677
General wikipedia article (with architecture diagram): https://en.wikipedia.org/wiki/Kubernetes
https://twitter.com/alicegoldfuss - Alice Goldfuss
Derbycon Talk: http://www.irongeek.com/i.php?page=videos/derbycon8/track-3-10-perfect-storm-taking-the-helm-of-kubernetes-ian-coldwater
Tesla mis-configured Kubes env:
From the talk: https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/
Redlock report mentioned in Ars article: https://redlock.io/blog/cryptojacking-tesla
Setup your own K8s environment: https://kubernetes.io/docs/setup/pick-right-solution/#local-machine-solutions (many options to choose from)
Securing K8s implementations: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/
https://github.com/aquasecurity/kube-hunter -
Threat Model What R U protecting?
Who R U protecting from?
What R your Adversary's capabilities?
What R your capabilities?
Defenders think in Lists
Attackers think in Graphs
What are some of the visible ports used in K8S?
44134/tcp - Helmtiller, weave, calico
10250/tcp - kubelet (kublet exploit)
No authN, completely open
10255/tcp - kublet port (read-only)
4194/tcp - cAdvisor
2379/tcp - etcd
Etcd holds all the configs
Config storage
Engineering workflow:
Ephemeral -
CVE for K8S subpath - https://kubernetes.io/blog/2018/04/04/fixing-subpath-volume-vulnerability/
Final points:
Advice securing K8S is standard security advice
Use Defense in Depth, and least Privilege
Be aware of your attack surface
Keep your threat model in mind
David Cybuck (questions from Slack channel)
My questions are: 1. Talk telemetry? What is the best first step for having my containers or kubernetes report information? (my overlords want metrics dashboards which lead to useful metrics).
- How do you threat model your containers? Has she ever or how would she begin to run a table-top exercise, a cross between a threat model and a disaster recovery walk through, for the container infrastructure?
- Mitre Att&ck framework, there is a spin off for mobile. Do we need one for Kube, swarm, or DC/OS?
heck out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]
#Brakesec Store!:https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: [email protected]
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec
View all episodes
By Bryan Brake, Amanda Berlin, and Brian Boettcher
4.7
9898 ratings
Ian Coldwater-
@IanColdwater https://www.redteamsecure.com/ *new gig*
So many different moving parts
Plugins
Code
Hardware
She's working on speaking schedule for 2019
How would I use these at home?
https://kubernetes.io/docs/setup/minikube/
Kubernetes - up and running
https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/1491935677
General wikipedia article (with architecture diagram): https://en.wikipedia.org/wiki/Kubernetes
https://twitter.com/alicegoldfuss - Alice Goldfuss
Derbycon Talk: http://www.irongeek.com/i.php?page=videos/derbycon8/track-3-10-perfect-storm-taking-the-helm-of-kubernetes-ian-coldwater
Tesla mis-configured Kubes env:
From the talk: https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/
Redlock report mentioned in Ars article: https://redlock.io/blog/cryptojacking-tesla
Setup your own K8s environment: https://kubernetes.io/docs/setup/pick-right-solution/#local-machine-solutions (many options to choose from)
Securing K8s implementations: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/
https://github.com/aquasecurity/kube-hunter -
Threat Model What R U protecting?
Who R U protecting from?
What R your Adversary's capabilities?
What R your capabilities?
Defenders think in Lists
Attackers think in Graphs
What are some of the visible ports used in K8S?
44134/tcp - Helmtiller, weave, calico
10250/tcp - kubelet (kublet exploit)
No authN, completely open
10255/tcp - kublet port (read-only)
4194/tcp - cAdvisor
2379/tcp - etcd
Etcd holds all the configs
Config storage
Engineering workflow:
Ephemeral -
CVE for K8S subpath - https://kubernetes.io/blog/2018/04/04/fixing-subpath-volume-vulnerability/
Final points:
Advice securing K8S is standard security advice
Use Defense in Depth, and least Privilege
Be aware of your attack surface
Keep your threat model in mind
David Cybuck (questions from Slack channel)
My questions are: 1. Talk telemetry? What is the best first step for having my containers or kubernetes report information? (my overlords want metrics dashboards which lead to useful metrics).
- How do you threat model your containers? Has she ever or how would she begin to run a table-top exercise, a cross between a threat model and a disaster recovery walk through, for the container infrastructure?
- Mitre Att&ck framework, there is a spin off for mobile. Do we need one for Kube, swarm, or DC/OS?
heck out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]
#Brakesec Store!:https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: [email protected]
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec
More shows like BrakeSec Education Podcast
View all
Security Now (Audio)
2,011 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Strict Scrutiny
5,832 Listeners