NSA and CISA: Here’s how to improve your Kubernetes cluster security – ZDNet
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published updated guidance about how to harden Kubernetes for managing container applications.
Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers.
The updated guidance refreshes the two agencies' first Cybersecurity Technical Report regarding Kubernetes hardening guidance from August 2021. CISA says the update contains additional details and explanations based on feedback from industry, including more detailed info on logging and threat detection in addition to other clarifications.
SEE: What is cloud computing? Everything you need to know about the cloud explained
Some of the updates are subtle but important for those who protect Kubernetes clusters. NSA and CISA do not list what the changes are in the updated guidance, but the initial recommendations weren't met with universal approval.
For example,NCC Group noted that advice about Kubernetes authentication was "largely incorrect when it states that Kubernetes does not provide an authentication method by default", whereas most customer implementations NCC Group had reviewed "support both token and certification authentication, both of which are supported natively." NCC Group advised against both for production loads because Kubernetes does not support certificate revocation, which can be a problem if an attacker has gained access to a certificate issued to privileged accounts. The updated guidance now says that "several user authentication mechanisms are supported but not enabled by default."
Otherwise, key points of the original document appear to be unchanged. It looks at hardening within the context of typical Kubernetes cluster designs that include the control plane, worker nodes (for running containerized apps for the cluster), and pods for containers that are hosted upon these nodes. These clusters are often hosted in the cloud and across multiple clouds in AWS, Azure, Google and elsewhere.
The agencies maintain that Kubernetes is commonly targeted for data theft, computational power theft, or denial of service. Historically, flaws in Kubernetes and various dependencies as well as misconfigurations have been used to deploy crypto miners on victim's infrastructure.
It also maintains that Kubernetes is exposed to significant supply chain risks because clusters often have software and hardware dependences built by third-party developers.
For example, security analysts last year warned of attacks against Kubernetes clusters via misconfigured Argo Workflows container workflow engines for K8s clusters.
Besides supply chain risks, other key actors in the agencies' threat model include malicious outsiders and insider threats. These help define its hardening recommendations.
For example, there is a common cloud case where workloads that aren't managed by a given Kubernetes cluster share the same physical network. In that instance, a workload may have access to the kubelet and to control-plane components, such as the API server. So, the agencies recommend network-level isolation.
The agencies provide advice on how to ensure strict workload isolation between pods running on the same node in a cluster, given that Kubernetes doesn't by default guarantee this separation.
Announcing the updated guidance, the NSA says: "Primary actions include the scanning of containers and pods for vulnerabilities or misconfigurations, running containers and pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing."
The agencies also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.
SEE: There's a critical shortage of women in cybersecurity, and we need to do something about it
But patching is not easy in the context of Kubernetes. CISA regularly publishes alerts about new Kubernetes-related vulnerabilities. In February, for example, it warned of a critical (severity score 8.8 out of 10) privilege escalation flaw,CVE-2022-23652, which affected the capsule-proxy reverse proxy for Capsule Operator.
But as NCC Group points out: "patching everything is hard", partly because of the pressure to avoid downtime, but also because vulnerabilities span Kubernetes,Containerd, runc, the Linux kernel, and more.
"This is something that Kubernetes can help with, as the whole concept of orchestration is intended to keep services running even as nodes go on and offline. Despite this, we still regularly see customers running nodes that haven't had patches applied in several months, or even years. (As a tip, server uptime isn't a badge of honour as much as it used to be; it's more likely indicative that you're running an outdated kernel)," NCC Group noted.
Read the original here:
NSA and CISA: Here's how to improve your Kubernetes cluster security - ZDNet
- NSA Ajit Doval speaks with Chinese FM Wang Yi amid rising India-Pak tension 'War not India's choice' - The Economic Times - May 11th, 2025 [May 11th, 2025]
- 'War was not India's choice and was not in the interests of any party': NSA Ajit Doval speaks to China's - Times of India - May 11th, 2025 [May 11th, 2025]
- NSA to cut up to 2,000 civilian roles - The Hill - May 10th, 2025 [May 10th, 2025]
- NSA Ajit Doval speaks with US Secretary of State 'shortly after' Indian strikes on Pak - Deccan Herald - May 10th, 2025 [May 10th, 2025]
- NSA to cut up to 2,000 civilian roles as part of intel community downsizing - The Record from Recorded Future News - May 10th, 2025 [May 10th, 2025]
- Operation Sindoor: NSA Doval engages with counterparts from US, UK, China, and Russia - Social News XYZ - May 10th, 2025 [May 10th, 2025]
- CIA, NSA to face major layoffs as Trump pushes intelligence reform - Times of India - May 5th, 2025 [May 5th, 2025]
- Dont see a major war with India, but have to be ready: Pakistan ex-NSA - Al Jazeera - May 5th, 2025 [May 5th, 2025]
- Donald Trump set to axe thousands of jobs at CIA, NSA and other agencies - Daily Mail - May 5th, 2025 [May 5th, 2025]
- 757Teamz softball Top 15: NSA moves up as Hickory perseveres to remain No. 1 - The Virginian-Pilot - May 5th, 2025 [May 5th, 2025]
- NSA head Mike Waltz and his deputy Alex Wong to exit Trump admin amid Signal chat fiasco - The Economic Times - May 5th, 2025 [May 5th, 2025]
- Trump speaks out on NSA shakeup, addresses third term talk - Fox News - May 5th, 2025 [May 5th, 2025]
- Mike Waltz, Alex Wong to resign: Here's who may replace NSA head and deputy - Hindustan Times - May 5th, 2025 [May 5th, 2025]
- A Lot of People Want the Job: Trump Says Hell Choose Waltzs NSA Replacement in Next 6 Months - The Daily Signal - May 5th, 2025 [May 5th, 2025]
- Will Steve Witkoff replace Mike Waltz as Donald Trump's new NSA? - Times of India - May 5th, 2025 [May 5th, 2025]
- Beavercreek native recognized for NSA Codebreaker achievement - Fairborn Daily Herald - May 5th, 2025 [May 5th, 2025]
- Marco Rubio to serve as acting NSA; Mike Waltz removed by President Trump - FOX 35 Orlando - May 5th, 2025 [May 5th, 2025]
- Trump says he will name new NSA within 6 months - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz out as NSA, Rubio to serve in the interim - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz Leaves White House for UN Witkoff Tipped as Trumps Next NSA - Hungarian Conservative - May 5th, 2025 [May 5th, 2025]
- McConnell calls out Trump for hiring amateur isolationists at Pentagon, firing NSA director - The Hill - April 8th, 2025 [April 8th, 2025]
- Trumps firing of NSA chief is rolling out the red carpet for cyber attacks - Politico - April 8th, 2025 [April 8th, 2025]
- A conspiracy theorist convinced Trump to fire the NSA director - Vox - April 8th, 2025 [April 8th, 2025]
- William Hartman Named Acting NSA Director Following Dismissal of Top Officials - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- NSA and partners Issue Guidance on Fast Flux as a National Security Threat - National Security Agency (NSA) (.gov) - April 8th, 2025 [April 8th, 2025]
- Security News This Week: NSA Chief Ousted Amid Trump Loyalty Firing Spree - WIRED - April 8th, 2025 [April 8th, 2025]
- Head of NSA and US Cyber Command reportedly fired - Cybersecurity Dive - April 8th, 2025 [April 8th, 2025]
- Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA - DefenseScoop - April 8th, 2025 [April 8th, 2025]
- Gen. Timothy Haugh, head of NSA and Cyber Command, is fired - CBS News - April 8th, 2025 [April 8th, 2025]
- Trump's mixed tariff messaging and NSA director and deputy fired: Morning Rundown - NBC News - April 8th, 2025 [April 8th, 2025]
- NSA Director and Deputy Reportedly Dismissed: What We Know - Newsweek - April 8th, 2025 [April 8th, 2025]
- Haugh fired from leadership of NSA, Cyber Command - The Record from Recorded Future News - April 8th, 2025 [April 8th, 2025]
- Trump administration fires head of NSA and U.S. Cyber Command, along with other top officials - CBS News - April 8th, 2025 [April 8th, 2025]
- US Cyber Command, NSA Chief Gen. Timothy Haugh ousted by Trump admin - Breaking Defense - April 8th, 2025 [April 8th, 2025]
- Face the Facts: Rep. Himes talks about firing of two top NSA officials - NBC Connecticut - April 8th, 2025 [April 8th, 2025]
- NSA Issues Advisory on Fast Flux Cyberthreat - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- Loomer, far-right activist, urged Trump to remove NSA director and others: Sources - ABC News - April 8th, 2025 [April 8th, 2025]
- The NSA Sounds Security Alarm For Billions Of iPhone And Android Phones - HotHardware - April 8th, 2025 [April 8th, 2025]
- NSA director fired after Trumps meeting with right-wing influencer Laura Loomer - The Verge - April 8th, 2025 [April 8th, 2025]
- Trump fires head of NSA and Cyber Command - Nextgov - April 8th, 2025 [April 8th, 2025]
- What are the national security concerns of Trump firing the NSA, Cyber Command head? - CBS News - April 8th, 2025 [April 8th, 2025]
- Who is Timothy Haugh? The NSA chief fired amid cyber security concerns - Times of India - April 8th, 2025 [April 8th, 2025]
- NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on Fast Flux, a National Security Threat - Hstoday - April 8th, 2025 [April 8th, 2025]
- Senator King Responds to Reported Firing of NSA Director General Timothy Haugh - WAGM - April 8th, 2025 [April 8th, 2025]
- NSA warned of vulnerabilities in Signal app a month before Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
- Trump said poised to fire NSA Mike Waltz for including journalist in top secret war chat - The Times of Israel - March 26th, 2025 [March 26th, 2025]
- Not the last Waltz: Trump defends NSA after security breach - The Times of India - March 26th, 2025 [March 26th, 2025]
- NSA warned about vulnerabilities in Signal prior to White House group chat fiasco - SiliconANGLE News - March 26th, 2025 [March 26th, 2025]
- NSA warned the Signal app was vulnerable last month - WTIC - March 26th, 2025 [March 26th, 2025]
- Codebreakers and Covert Agents: The Women Behind the NSA and CIA heads to Illinois State Museum - WAND - March 26th, 2025 [March 26th, 2025]
- NSA warned about using Signal a month before leak of Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
- 'Putin is giddy': NSA knew Signal was vulnerable to Russian hackers before security breach - AlterNet - March 26th, 2025 [March 26th, 2025]
- RAW: NSA MIKE WALTZ EXPECTED TO VISIT GREENLAND - Local 3 News - March 26th, 2025 [March 26th, 2025]
- US NSA likely to visit India in third week of April - Hindustan Times - March 26th, 2025 [March 26th, 2025]
- Statement from Secretary Rubio and NSA Waltz on Call with Zelenskyy - Department of State - March 22nd, 2025 [March 22nd, 2025]
- Europe must invest more in defence amid global shifts: Greeces NSA Ntokos - Firstpost - March 22nd, 2025 [March 22nd, 2025]
- NSA Bahrain, NAVCENT Hold First-of-its-Kind Exercise Vigilant Resolve - navy.mil - March 22nd, 2025 [March 22nd, 2025]
- Former NSA boss Osei Assibey Antwi picked up by NIB - GhanaWeb - March 22nd, 2025 [March 22nd, 2025]
- WHAT THE TECH? NSA recommending weekly smartphone restarts & how it improves performance - Local 3 News - March 9th, 2025 [March 9th, 2025]
- Ex-NSA cyber chief warns of devastating impact of potential DOGE-inspired firings - Breaking Defense - March 9th, 2025 [March 9th, 2025]
- Former top NSA cyber official: Probationary firings devastating to cyber, national security - CyberScoop - March 9th, 2025 [March 9th, 2025]
- Prime Targets Martha Plimpton On Her NSA Character & Why This Political Thriller Works: Never Trust People In Charge - Deadline - March 9th, 2025 [March 9th, 2025]
- Former NSA Dep. Director, Gifty Oware-Mensah will see NIB over 80k ghost names allegations - GhanaWeb - March 5th, 2025 [March 5th, 2025]
- Zelensky is not ready for peace talks, US NSA says - Mehr News Agency - English Version - March 3rd, 2025 [March 3rd, 2025]
- More Than 100 Intelligence Staffers Will Be Fired Over Sexually Explicit Texts In NSA Chatrooms, Gabbard Says - Forbes - March 1st, 2025 [March 1st, 2025]
- NSA says it is investigating potential misuse of chat platform - The Record from Recorded Future News - March 1st, 2025 [March 1st, 2025]
- 100-plus spies fired after NSA internal chat board used for kinky sex talk - The Register - March 1st, 2025 [March 1st, 2025]
- Tulsi Gabbard says more than 100 intelligence officers will be fired for sexually explicit NSA chat messages - CNN - March 1st, 2025 [March 1st, 2025]
- Elon Asked What Government Workers Did. The NSA Overshared - Schiff Sovereign - March 1st, 2025 [March 1st, 2025]
- Tulsi Gabbard Fires 100 Intelligence Officers for Sex Chats on NSA-Hosted Tool - The Daily Beast - March 1st, 2025 [March 1st, 2025]
- Elon Musk reacts to leaked chat alleging NSA, CIA officials discussed raising intersex babies as non-bina - The Times of India - March 1st, 2025 [March 1st, 2025]
- What NSA, DIA agents said about Libs of TikTok, Ben Shapiro in leaked messages - The Times of India - March 1st, 2025 [March 1st, 2025]
- NSA staff accused of lurid sex chats at work they were just discussing LGBTQ+ issues - PinkNews - March 1st, 2025 [March 1st, 2025]
- Sen. Tom Cotton reacts to lewd NSA chats: 'We don't want these people anywhere near classified information' - Fox News - March 1st, 2025 [March 1st, 2025]
- At least 100 NSA staffers to be fired for explicit chats during work hours - WDRB - March 1st, 2025 [March 1st, 2025]
- Gifty Oware-Mensah on the run as NIB investigates NSA scandal - GhanaWeb - February 25th, 2025 [February 25th, 2025]
- Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace - CyberScoop - February 25th, 2025 [February 25th, 2025]
- NSA emphasizes strong defensive posture as it responds to report it hacked China - Washington Times - February 25th, 2025 [February 25th, 2025]
- How the NSA Head of Accounts was undermined by his deputy for eight months after appointment - GhanaWeb - February 25th, 2025 [February 25th, 2025]
- What Is Proteus in Zero Day? How the NSA Weapon Changes Everything - Collider - February 25th, 2025 [February 25th, 2025]