alcide

Alcide Blog

Cloud-native Security Provider

Natan Yellin


Recent Posts

Insecure by Default - Kubernetes Networking

Sep 17, 2020 12:52:33 PM / by Natan Yellin posted in kubernetes, network security, Kubernetes security

0 Comments

Traditional network security includes protection against layer2 and layer3 spoofing attacks. Many security teams don’t realize it, but these threats are still relevant when running applications on a Kubernetes cluster in the cloud. You might be using a complex container network, but that doesn’t mean that simple spoofing attacks between pods aren’t possible. This matters because it dramatically increases the blast radius of compromised pods.

Read More

Whitelisting Processes on Kubernetes Pods Using AppArmor (Part 1)

Aug 12, 2020 7:01:37 AM / by Natan Yellin posted in devsecops, cloud security, network security, Kubernetes security

0 Comments

 

Read More

Three Ways to Simplify and Secure your Infrastructure using Kubernetes Namespaces

Jul 24, 2020 5:59:56 AM / by Natan Yellin posted in kubernetes, Micro segmentation, microservices, network security, Kubernetes security, namespaces

1 Comment

Kubernetes namespaces - they’re an essential feature for building modern cloud architectures. Namespaces let you split up a single cluster into multiple “virtual clusters”. Resources like pods, replicasets, and deployments all live in namespaces. You can think of a namespace as being a resource’s last name - it specifies which family the resource is part of - and normal resources can have one and only one namespace (There are exceptions like the Node resource which is cluster-wide and doesn’t belong to any namespace). If you don’t think you’re using namespaces on your cluster then you’re wrong. You’re actually just putting everything into the default namespace.

Read More

New Kubernetes Man-In-The-Middle (MiTM) Attack Leverages IPv6 Router Advertisements

Jun 3, 2020 10:30:43 AM / by Natan Yellin posted in vulnerability, ipv6

0 Comments

 

The recent MiTM attack disclosed was a very unusual one in the Container Security world. All at the same time, Kubernetes, Docker, and Calico announced security bulletins related to IPv6 Rogue Router Advertisements. There are several security bulletins here because this isn’t a single vulnerability in one product - rather, multiple independent CNIs are all vulnerable. IPv6 Router Advertisements are a fairly obscure topic, yet this vulnerability is definitely worth understanding.

Read More

Securing Kubernetes Clusters Using Process Whitelisting

Apr 22, 2020 3:02:42 AM / by Natan Yellin posted in Runtime, process whitelist

0 Comments

Process whitelisting is a simple concept. In the K8s context, the basic idea is to create a list for each pod of all the processes that the pod is expected to run. Every time a process runs in your cluster you check if it is in the list. If an attacker manages to gain access to your cluster and starts running a malicious process then you can identify it immediately because a new non-whitelisted process is running. It doesn’t matter whether that process is a known bitcoin miner, a custom RAT (Remote Access Tool), or even a legitimate process like ssh. If the new process isn’t in the whitelist and isn’t part of the pod’s regular behaviour then it should be flagged immediately. 

Read More

Subscribe to Email Updates